CentOS SSH login without password

Source: Internet
Author: User
Tags openssh server

In Linux systems, SSH is the default tool for remote logins because the tool's protocol uses the RSA/DSA encryption algorithm. This tool is very secure for remote management of Linux systems. Telnet, because of its insecurity, is shelved in the Linux system.

"Public Private Key" authentication method Simple Explanation: First create a pair of public private key (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa) on the client. Then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When using SSH login, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.

The Ubuntu and Cygwin configurations are smooth, and there are a number of issues with configuring the CentOS system. In this paper, CentOS (CENTOS5) as an example in detail how to configure the certificate authentication login, the following steps:

Verify that the system is already installed OpenSSH server and client confirm the native sshd configuration file (root)

$ vi/etc/ssh/sshd_config

Find the following and remove the comment "#"

Rsaauthentication Yes

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

If you modify the configuration file, you need to restart the sshd service (root)

$ vi/sbin/service sshd Restart

Execute test command after SSH login system

$ ssh localhost

Enter will prompt you for the password because we have not generated the certificate at this time.

2.7 Steps to generate a certificate public private key

$ ssh-keygen-t Dsa-p "-F ~/.SSH/ID_DSA

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

2.8 Test Login SSH localhost

$ ssh localhost

Under normal circumstances will be successful login, display some successful login information, if the failure please see the following " general debugging steps."

2.9 General Commissioning Steps

I failed in the configuration, follow the above steps are still prompted to enter a password. Then use SSH-V display detailed login information to find the reason:

$ ssh-v localhost

The Enter shows the detailed login information as follows:

。。。。。。 Omitted

Debug1:authentications that can Continue:publickey,gssapi-with-mic,password

Debug1:next Authentication Method:gssapi-with-mic

Debug1:unspecified GSS failure. Minor code may provide more information

Unknown Code KRB5 195

Debug1:unspecified GSS failure. Minor code may provide more information

Unknown Code KRB5 195

Debug1:unspecified GSS failure. Minor code may provide more information

Unknown Code KRB5 195

Debug1:next Authentication Method:publickey

Debug1:trying private key:/home/huaxia/.ssh/identity

Debug1:trying private key:/home/huaxia/.ssh/id_rsa

Debug1:offering Public Key:/HOME/HUAXIA/.SSH/ID_DSA

Debug1:authentications that can Continue:publickey,gssapi-with-mic,password

Debug1:next Authentication Method:password

[email protected] ' s password:

At the same time with the root user login to view the system log files:

$tail/var/log/secure-n 20

。。。。。。 Omitted

Jul 11:21:05 shnap sshd[3955]: Accepted password for huaxia from 192.168.8.253 Port 51837 ssh2

Jul 11:21:05 shnap sshd[3955]: Pam_unix (sshd:session): Session opened for user Huaxia by (uid=0)

Jul 11:21:47 shnap sshd[4024]: Connection closed by 127.0.0.1

Jul 11:25:28 shnap sshd[4150]: authentication Refused:bad ownership or modes for file/home/huaxia/.ssh/authorized _keys

Jul 11:25:28 shnap sshd[4150]: authentication Refused:bad ownership or modes for file/home/huaxia/.ssh/authorized _keys

Jul 11:26:30 shnap sshd[4151]: Connection closed by 127.0.0.1

。。。。。。 Omitted

There is a problem with the permissions of the file/home/huaxia/.ssh/authorized_keys from the log information above .

See the following files for more information on/home/huaxia/.ssh/:

$ LS-LH ~/.ssh/

Total 16K

-rw-rw-r--1 Huaxia huaxia 602 07-13 11:22 Authorized_keys

-RW-------1 Huaxia huaxia 672 07-13 11:22 ID_DSA

-rw-r--r--1 Huaxia huaxia 602 07-13 11:22 id_dsa.pub

-rw-r--r--1 Huaxia huaxia 391 07-13 11:21 known_hosts

Modify the permissions of the file Authorized_keys ( the settings for permissions are important, because unsafe setting of security settings will make it impossible for you to use the RSA feature):

$ chmod ~/.ssh/authorized_keys

Test again to log in as follows:

$ ssh localhost

Last login:wed Jul 14:04:06 from 192.168.8.253

See this message indicates that the machine has been successfully implemented without password login.

2.10 Authentication Login Remote Server

Note: The remote server OpenSSH service will certainly start.

Copy locally produced key to remote server side (two methods)

1) Method One:

$cat ~/.ssh/id_rsa.pub | SSH remote User name @ Remote server IP ' cat->> ~/.ssh/authorized_keys '

2) Method Two:

To perform on this machine:

$ SCP ~/.ssh/id_dsa.pub [email protected]:/home/michael/

Log on to the remote server [email protected] after the execution:

$ cat Id_dsa.pub >> ~/.ssh/authorized_keys

Test of the remote login 192.168.8.148 of the machine:

$ssh [email protected]

Linux michael-virtualbox 2.6.35-22-generic #33-ubuntu SMP Sun Sep 20:34:50 UTC all i686 gnu/linux

Ubuntu 10.10

Welcome to ubuntu!

* documentation:https://help.ubuntu.com/

216 packages can be updated.

Updates are security updates.

New release ' Natty ' available.

Run ' Do-release-upgrade ' to upgrade to it.

Last login:wed Jul 14:46:37 from Michael-virtualbox

[Email protected]:~$

Visible has been successfully landed.

If the login test is unsuccessful, you need to modify the permissions on the file Authorized_keys on the remote server 192.168.8.148 ( The settings for permissions are important because unsafe settings will make it impossible for you to use the RSA feature )

chmod ~/.ssh/authorized_keys

Focus, this configuration has many problems, first of all, Authorized_keys content errors, mainly or careless problems

Then there is the issue of permissions, which must be required as follows:

. SSH Parent Directory hadoop/permission if 700

DRWX------. Hadoop hadoop 4096 November 16:22 Hadoop

. SSH is also 700

DRWX------. 2 Hadoop hadoop 4096 November 16:19 SSH

Authorized_keys's permission needs to be 644.

-rw-r--r--. 1 Hadoop Hadoop 610 November 16:09 Authorized_keys

CentOS SSH login without password

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.