Use SSH to log on without a password

Use SSH to log on without a password

SSH is a protocol designed for the security of remote logon sessions and other network services. By default, SSH connections require password authentication. You can add system authentication (Public Key-Private Key) modifications. After modification, inter-system switching can avoid password input and SSH authentication. The following describes the creation process.

1. Use SSH-keygen to create public/private key pairs

Ssh-keygen-tdsa-C jibo.tiger@gmail.com-f ~ /. Ssh/jibo.tiger@gmail.com

In the process, you may need to enter a password. In order to SSH access without a password, you can press enter directly.

2. view public/private key pairs

Ls ~ /. SSH

Jibo.tiger@gmail.com jibo.tiger@gmail.com.pub config

We can find two key files under the SSH directory.

Where jibo.tiger@gmail.com.pub is the public key, jibo.tiger@gmail.com is the private key

4. Copy the public key to the server host

SCP jibo.tiger@gmail.com.pub hostname @ I :~ /. Ssh/jibo.tiger@gmail.com.pub

5. Add the public key to the service host's trust

Cat jibo.tiger@gmail.com.pub> authorized_keys

Not: Step 4 and Step 5 can be completed by command ssh-copy-ID in one step

Ssh-copy-ID-I jibo.tiger@gmail.com.pub user @ IP

6. Set file and directory permissions:

Set authorized_keys Permissions
$ Chmod 600 authorized_keys
Set. Ssh Directory Permissions
$ Chmod 700-R. SSH

Summary

1. Do not set the file and directory permissions to chmod 777. This permission is too large, insecure, and not supported by digital signatures.

2. The generated RSA/DSA Signature public key is used by the other machine. The public key must be copied to authorized_keys.

3. Access between Linux instances through SSH hostname @ IP. If no hostname is specified, the local host name is used by default.

4. A machine generates its own RSA or DSA digital signature, sends the public key to the target machine, and then sets the relevant permissions (Public Key and authorized_keys permissions) after receiving the request ), the target machine can be accessed without a password by the machine that generates a digital signature.