SSH dual-machine mutual trust and error resolution Daquan

in Linux system Management, it is the most common method to set up password-free login and make the machine batch management. For example, for dozens of or even hundreds of online machines, usually we will set up a "publishing machine" as a central control machine to the other online machine password-free login, and then the software, configuration file distribution, update, deployment. Of course, for the above problem, the solution is not optimal and unique, such as you can use expect analog automatic input to complete the automatic login verification process, or use some open source software now to automate the configuration and deployment tools, such as Puppet, but this is not in the scope of this article, What we are going to talk about today is the most primitive, most effective and direct way: password-free login.

I. Introduction to the Environment

Two machines

1, personal computer 192.168.1.2 host name Jacken

2, server 192.168.1.3 host name lamp

Second, the Operation procedure

1, personal computer create public key

[[email protected] ~]# ssh-keygen -t rsagenerating public/private rsa  Key pair. enter file in which to save the key  (/ROOT/.SSH/ID_RSA):  "Enter" enter passphrase  (empty for no passphrase):  enter same passphrase  again:  "Enter" Your identification has been saved in /root/.ssh/id_rsa. your public key has been saved in /root/.ssh/id_rsa.pub.the key  Fingerprint is:64:f3:67:a7:8e:11:d8:b1:fc:7d:34:f4:57:0d:e3:86 [email protected]the key ' s  RANDOMART IMAGE IS:+--[ RSA 2048]----+|               o  | |              o o.| |         + . e o.o| |        O * O&NBSP, ....  o| |         S * O&NBSP, .... +||            = + .o| |           . o . .| |            +   . | |           . .    |+---------------- -+[[email protected] ~]#

2. Copy the public key to the server and be trusted

[Email protected] ~]# Ssh-copy-id [email protected][email protected] ' s Password:now try logging into the machine, with " SSH ' [email protected] ' ", and check in:. Ssh/authorized_keysto make sure we haven ' t added extra keys this you weren ' t exp Ecting. [Email protected] ~]#

3. Testing

[[email protected] ~]# ssh 192.168.1.3 hostnamelamp[[email protected] ~]#  ping server01PING server01  (192.168.1.3)  56 ( bytes of data.64)  bytes from server01  (192.168.1.3):  icmp_seq=1 ttl=64 time=0.855 ms^ C--- server01 ping statistics ---1 packets transmitted, 1 received,  0% packet loss, time 509msrtt min/avg/max/mdev = 0.855/0.855/0.855/ 0.000 ms[[email protected] ~]# [[email protected] ~]# ssh server01   ' Ifconfig eth0 ' eth0      link encap:ethernet  hwaddr  00:0c:29:21:cb:7c            inet addr :192.168.1.3  bcast:192.168.1.255  mask:255.255.255.0           inet6 addr: fe80::20c:29ff:fe21:cb7c/64 scope:link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:2756 errors:0 dropped:0  overruns:0 frame:0          tx packets:2072  errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx  bytes:266491  (260.2 kib)   TX bytes:301395  (294.3 kib) [[email  protected] ~]#

Iii. Common Mistakes

1, in the use of Ssh-copy-id error prompt

Error message:

Ssh-copy-id:/usr/bin/ssh-copy-id:error:no identities found

Workaround:

Missing public key path, plus IP

Ssh-copy-id-i ~/.ssh/id_dsa.pub [Email protected]_ip

2, SSH IP can successfully login, ssh hostname but failed

Error message:

Ssh:connect to host localhost Port 22:connection refused

Workaround:

Look at the other side of the host name is not in the/etc/hosts file and IP mapping, not add can be.

3, SSH configuration directory permissions issues

Error message:

Log in when the password is still allowed to enter

Because SSH permissions are directly related to the security of the server, each SSH read configuration verifies the permissions of the relevant folders and files to prevent excessive access to external exposure.

Workaround:

Server-side. SSH Directory permissions If you have Authorized_keys permissions 600

4. SSH Localhost:publickey Authorization failed

Workaround:

#vim/etc/ssh/sshd_config

Turn on these 3 lines and restart the service

Rsaauthentication Yes

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

5. SSH localhost: password required

Workaround:

Cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

6, SELinux and iptables block

Workaround:

To turn off SELinux:

#sed-i '/selinux/s/enforcing/disabled/'/etc/selinux/config (restart in effect)

#setenforce 0 (Warning mode, equivalent to temporary shutdown)

Set Iptables:

#iptables-A input-p TCP--dport 22-j ACCEPT

#iptables-A input-p TCP--dport 1234-j ACCEPT

#/etc/rc.d/init.d/iptables Save

#/etc/rc.d/init.d/iptables restart

This article is from the "Welcome to Linux World" blog, so be sure to keep this source http://linuxnote.blog.51cto.com/9876511/1641930

SSH dual-machine mutual trust and error resolution Daquan