Cloud computing 7 for cainiao: SSH password-less login for Ubuntu

Source: Internet
Author: User
Cloud computing 7 for cainiao: SSH password-less login for Ubuntu

2012-10-30 created

2012-11-1 last updated

When more than three machines are combined, the management will be in disorder. therefore, You need to log on to the certificate to manage the server cluster. the master node can be directly logged on to the data node through SSH. the control node can directly log on to the controlled node. to use the concept of C/S, the client needs to install OpenSSH-client, and the server needs to install OpenSSH-server. in fact, we will soon find out which services and customers are there. therefore, OpenSSH is installed on all machines. You can run the following command to check whether they are installed:

(Car @ :~ $ Indicates that the username is car, the machine name is A, and the current directory is/home/car)

Car @ :~ $ Apt-Cache Policy openssh-Client

Car @ :~ $ Apt-Cache Policy openssh-Server

You can also install them directly:

Car @ :~ $ Sudo apt-Get install OpenSSH-Client

Car @ :~ $ Sudo apt-Get install OpenSSH-Server

In addition, we need to install the SSH software sshpass without interactive password login, so that we can write the password to the command line, so that the script installation process without manual intervention is possible.

Car @ :~ $ Sudo apt-Get install sshpass

After the installation is complete, you can access any other B.

Car @ :~ $ Sshpass-P ABC123 SSH car @ B


The car is the user name of B. Here we assume that all user names of A and B are car.

ABC123 is the car password on B.

With this technology, you can easily log on to each machine without entering the password interactively. but this is definitely not safe. This is only the script in the installation phase. with the above preparations, we will start to use the SSH certificate logon method below:

SSH certificate logon Method

Suppose we want to access another B in a, so we need to generate a Public Key key pair (ssh-keygen) on ). copy the public key of A to B, and add the public key of a ( to the authorized_keys file in the main directory of a user (CAR) of B on B, then you can log on to B directly on a (log on to B as a car user ).

/Home/CAR/. Ssh/authorized_keys

1) generate a public key pair on

Car @ :~ $ Ssh-keygen-t rsa-p'-f ~ /. Ssh/id_rsa


Car @ :~ $ Ssh-keygen

The following two files are generated.

/Home/CAR/. Ssh/id_rsa

/Home/CAR/. Ssh/

2) copy the Public Key of a to machine B.

Car @ :~ $ SCP./. Ssh/ car @ B :~ /

B is the IP address or machine name, but you need to add one in/etc/hosts of A, such:

... B


3) log on from A to B

Car @ :~ $ Sshpass-P ABC123 SSH car @ B

4) add to B ~ /. Ssh/authorized_keys

Car @ B :~ $ Cat./ Ssh/authorized_keys

Car @ B :~ $ Exit

5) log on to B using a certificate again in A. You can see that the password is no longer needed.

Car @ :~ $ SSH car @ B

6) Suppose you still have c, d, e, f... you also need to log on to B on the machine, as long as you copy the id_rsa private key file generated on a to the corresponding machine.

For example, we also need to log on to B on C:

# Copy a's private key to C

Car @ :~ $ Sshpass-P ABC123 SCP./. Ssh/id_rsa car @ C :~ /Id_rsa.a

# Log on to C

Car @ :~ $ Sshpass-P abc1234 SSH car @ C

# Delete the C Certificate and recreate the certificate (delete the certificate on a machine at any time. SSH certificates are not terrible, but after the certificate system is completed, deleting the certificate on a machine will make the entire system unable to work normally. therefore, it is vital to maintain a set of strictly tested scripts to restore the entire cloud computing environment at any time)

Car @ C :~ $ Sudo Rm-R./. Ssh/

# Rebuilding the C Certificate

Car @ C :~ $ Ssh-keygen


# Place the private key of A in the. Ssh directory of C.

Car @ C :~ $ Sudo mV./id_rsa.a./. Ssh/

# Now you can remotely log on to B through SSH on C. Of course, you must specify the Certificate Name id_rsa.a.

Car @ C :~ $ Ssh-I./. Ssh/id_rsa.a car @ B

# At this time, an annoying prompt appears to confirm whether you have added the IP address of B. SSH/known_hosts. To remove this (yes/no) Prompt, you can change the configuration in/etc/ssh/ssh_config of C:


Stricthotkeychecking No


# You can also:

Car @ C :~ $ Ssh-O stricthotkeychecking = no-I./. Ssh/id_rsa.a car @ B

In this way, no prompt will be displayed (the-O stricthotkeychecking = no option plays a role ).

7) How to log on to B using SSH directly as the root user of B:

For example, on a, we want to log on to B as the root user.

# Switch to root @ B and set the password for root:

Car @ B :~ $ Sudo-S

Enter the same password twice

# Check what is in. Ssh under/root. If no, create an SSH-keygen file:

Root @ B :~ $ Ls/root/. SSH

# Copy the Public Key On A to B, log on to B, and add to/root/. Ssh/authorized_keys.

Car @ :~ $ Sshpass-P ABC123 SCP./. Ssh/ car @ B :~ /

Car @ :~ $ Sshpass-P ABC123 car @ B

Car @ B :~ $ Sudo cat./>/root/. Ssh/authorized_keys

# Return to A, and then you can remotely log on to B (as the root user)

Car @ :~ $ SSH root @ B

8) Note:

A. the private key file id_rsa.a cannot be released at will. You need to set a password. It is not covered in this article.

B. Although this document is case-insensitive, you should use only lowercase letters at any time.

C. In this article, whenever the machine name appears, it should be changed to the IP address of the machine in practice.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.