Password-free login under SSH configuration-linux

First of all, suppose we have two servers, the server name is master and slave1, we need to do is to log on server master above the servers slave1 do not need to enter a password to log on successfully, as shown in.

Let's start with our configuration steps below

1. Generate key on server master

It can be generated by using the Ssh-keygen command, and we can use the Man command or the help command to see what parameters are needed and what the specific information is.

Generate the key we need by executing the command ssh-keygen-t RSA.

When we execute the above command, we press the carriage return directly three times, then we generate a. SSH folder under the user's root directory, and we go to the folder below and see what we have.

We see four files, each of which explains what each file is for.

Authorized_keys: The public key that stores the remote password-free login, which records the public key of multiple machines mainly through this file.

ID_RSA: Generated private key file

Id_rsa.pub: Generated Public key file

Known_hosts: List of known host public keys

2. Remote Key Login

Here are the most commonly used three ways, one through the Ssh-copy-id command, the second is through the SCP command, three is manually copied.

Mode one, set by Ssh-copy-id command. The last parameter is the IP address of the server that we want to exempt from the key login.

Ssh-copy-id-i ~/.ssh/id_rsa.pub 192.168.1.100

Mode two, through the SCP command to directly copy the file in the past, use this way to note that if you have previously configured a key on another server, this is the use of this method will overwrite your original key, this is not recommended to use this way, If you are copying the file to a directory on the server first, then appending the key to Authorized_keys is also fully OK if you use append. If you have only two servers you can also copy directly to the file.

Scp-p ~/.ssh/id_rsa.pub [Email Protected]<ip>:/root/.ssh/authorized_keys

Way three, by hand copying. It is also perfectly possible to copy the contents of the local id_rsa.pub file to the remote server's ~/.ssh/authorized_keys file. First use the cat command to view the current public key, and then copy and paste it on the target server.

The above steps, we have completed the key-free login, the following we to verify.

Here, our SSH key login is done. The following to everyone talk about the principle of the key-free login, interested can see.

First look at the schematic

1. SSH client sends connection request to SSH server side

2, the SSH server sends a random message

3, the SSH client uses the local private key to encrypt the information sent by the server side.

4, the SSH client sends the encrypted information to the server side

5, the SSH server side uses the public key to decrypt this information

6, if the information after decryption matches the information sent previously, trust the client, otherwise do not trust.

PS: If you feel that the article is good, but also please praise to share under, is the biggest support for me.

Password-free login under SSH configuration-linux