I. implementation principle using a "public/private key" authentication method for ssh login. A simple explanation of the "public/private key" authentication method is: First, create a pair of public/private keys on the client (public key File :~ /. Ssh/id_rsa.pub; private key File :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. When you log on via ssh, the ssh program will send the private key
I. implementation principle
Use a public/private key authentication method for ssh login. The following is a simple explanation of the "public/private key" authentication method:
First, create a pair of public and private keys on the client (public key File :~ /. Ssh/id_rsa.pub; private key File :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on.
II. Experiment environment
A machine: TS-DEV/10.0.0.163
Machine B: CS-DEV/10.0.0.188
III. build trust on Linux/Unix dual-host
3.1 generate A certificate on server
Run the ssh-keygen command under the root user of machine A and press enter to generate A certificate that establishes A security trust relationship.
# Ssh-keygen-t rsa
Note:When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the private key certificate id_rsa and public key certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory.
3.2 view ~ /. Ssh key generation file
# Cd ~ /. Ssh
# Ll
3.3 A establishes A trust relationship with B
Copy the public key certificate id_rsa.pub to the. ssh subdirectory of the root home directory of Machine B, and change the file name to authorized_keys. enter the root user password of Machine B (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password.
# Scp-r id_rsa.pub 10.0.0.188:/root/. ssh/authorized_keys
3.4 B establishes A trust relationship with
Perform the same operation on Machine B to establish B's trust in.
# Ssh-keygen-t rsa
# Cd ~ /. Ssh/
# Ll
# Scp-r id_rsa.pub 10.0.0.163:/root/. ssh/authorized_keys
IV. test
On host:
# Scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/
On Machine B:
Note:If you want both B and C to enable scp to transmit data in A without entering the password;
The public keys of B and C should be given to;
Operation Procedure: copy the data in id_rsa.pub of the two machines to the/root/. ssh/authorized_keys file of A, with one line representing one;
5. remote command execution
Command format:Ssh remote username @ remote host IP address 'remote command or script'
# Ssh root@10.0.0.188 'hostname'
After the preceding command is executed, the terminal outputs the host name of the peer host, instead of the host name of the currently logged on host. It indicates that the hostname command is actually run on the peer host.
The dual-host trust relationship has been established!