SSH Login without password

SSH login without password2012-03-01 14:42 9844 People read comments (0) favorite reports SSH Server server script Shelllinux

One, one-way no password access

One-way no password access remote server operation is relatively simple, such as Server A requires no password to access server B (a–>b), then only need to generate a key pair in Server A, Upload the generated public key to the. SSH directory in the relevant user directory of Server B (not manually created, note that its directory permissions are 700), and change the public key file name to Authorized_keys (note that the permissions for this file should be 644), Please note that the permissions of the. SSH directory and the Authorized_keys file do not match, which invalidates the configuration. Here's how:

1. Generate a password pair on a machine that requires no password to log on to the remote server (this example is Server a):
During the build process there are several options for you to enter the save directory for the key pair and enter the private key, just enter the line.
[[email protected] ~]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase):
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
0e:4c:ec:e3:04:98:b0:71:00:91:75:57:ee:56:a1:82 [email protected]
Performing the previous step, the ~/.SSH directory will generate two files Id_rsa and id_rsa.pub, where Id_rsa is the private key, saved in the local, id_rsa.pub is the public key, is to be uploaded to the remote server.

2. Upload the public key to the remote server B that requires no password login and rename it to Authorized_keys:
If there is no. SSH directory on remote server B, create it manually:
[[email protected] ~]# mkdir. SSH
[Email protected] ~]# chmod 755. SSH

Then upload the public key file from server A to remote Server B:

[Email protected] ~]# SCP. ssh/id_rsa.pub[email protected]:/root/.ssh/authorized_keys
The authenticity of host ' 192.168.15.234 (192.168.15.234) ' can ' t be established.
RSA key fingerprint is c9:ef:0c:1b:ac:6c:ef:84:a4:a7:e5:d1:20:58:c8:73.
Is you sure want to continue connecting (yes/no)? Yes
Warning:permanently added ' 192.168.15.234′ (RSA) to the list of known hosts. This step adds remote server B to the known_hosts list of native (server a)
[email protected]′s Password:
Id_rsa.pub 100% 399 0.4kb/s 00:00

3. Testing

After uploading the public key file to remote, immediately from server a login to Server B, if you do not enter a password to login to Server B, indicating success, if you want to enter a password, Check whether the. SSH directory permission is 700 on remote Server B, whether the public key name on the remote server being uploaded is changed to Authorized_keys, and whether the permissions are 644

Second, more than one server with no password access to each other

Multiple servers with no password access, and two server one-way no password access principle is the same, but because there are multiple servers with no password access to each other, not as two servers without password login as directly uploaded, the steps are as follows:

1. Execute ssh-keygen-t RSA generated key pair on each server:
#ssh-keygen-t RSA

2. After generating the key pair on each server, copy the public key to the server that requires no password login:
For example, 192.168.15.240,192.168.15.241,192.168.15.242 these three servers need to do mutual password-free login, after each server generates a key pair, on each server to execute the ssh-copy-id command (specify and usage see the last appendix), copy the public key to its It is on two servers (this is 192.168.15.240 For example, the user is root, the other two steps are the same)
#ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]
#ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]
The above command, you can automatically add the public key to the file named Authorized_keys, after each server has completed the above steps, you can implement multiple servers with no password login
Attached Ssh-copy-id Introduction and usage:

The Linux system contains a tool named Ssh-copy-id, which is the default:

# type Ssh-copy-id
Ssh-copy-id Is/usr/bin/ssh-copy-id

You can see with the cat or more command that Ssh-copy-id itself is actually a shell script, and the usage is simple:

# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]

No need to remember how to spell authorized_keys This file name, is not very cool, but don't be happy too early, Ssh-copy-id has a very deadly problem, that is, the default it only supports SSH running on Port 22, but in fact, for security purposes, We tend to change the server's SSH port, for example, changed to 10022 Port, when you run Ssh-copy-id will be error, directly modify the Ssh-copy-id script can certainly fix this problem, but that seems too blunt, in fact there is a better way:

# VI ~/.ssh/config

Add Content:

Host Server
Hostname IP
Port 10022

You can also only add a port line configuration, that is, a global configuration, save and then run the Ssh-copy-id command will not be an error.

Add: After the user tip, if the port is not 22, do not modify the config file, as follows can also:

Ssh-copy-id-i ~/.ssh/id_rsa.pub "-P 10022 [email protected]

SSH Login without password