Home > Developer > Linux

Ssh password and passphrase

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Ssh password and passphrase 1. Use the default path ssh-keygen-t rsa and enter passphrase. 2. scp/root /. ssh/id_rsa.pub remote:/root /. for ssh/authorized_keys, enter the password of the root account on the remote machine 3, eval 'ssh-agent' 4, and passphrase entered before ssh-add. Note that step 1 and Step 2 are used to generate an rsa public/private key pair. The first step is to generate a key pair. The id_rsa file contains a private key and id_rsa.pub is the public key. You can also generate a dsa key pair. The second step is to attach the public key to the remote host/root /. ssh/authorized_keys file. Because the file is empty, scp is used directly. If it is not empty, scp is used to access the temporary file first, and then cat is used. Step 3 and Step 3 are used to prefabricate Passphrase. step 3: run the ssh-agent output (this is the eval inversion function). Two environment variables SSH_AUTH_SOCK and SSH_AGENT_PID are set, in this way, the program can access the ssh-agent program in the background and set passphrase in step 4. After completing these four steps, no passphrase is prompted for ssh or scp. If only step 1 and 2 are completed, a prompt is displayed, indicating passphrase. If none of them are used, the system prompts you to enter the account password on the remote machine. Passphrase is used to encrypt the private key of the key pair and does not spread over the network. Disadvantage: You must perform this operation on every Logon at 3, 4. Because 3 sets environment variables, different logins are different. But for shell, it can be executed in. bash_profile, or for cron scripts, it can be set and executed in the script; 4 is even more fatal because it is interactive and cannot be customized. Solution: Set passphrase to null, so that step 3 and 4 are saved. Appendix: The ssh-agent program is like a gatekeeper. It provides secure access to the security key as needed. After the ssh-agent is started, it runs in the background and can be used by ssh, scp, and other OpenSSH applications. This allows the ssh program to request a decrypted key, instead of asking you for a secure password for the private key every time you need it.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More