Configure two-way password-free authentication for SSH in Linux

Source: Internet
Author: User

Configure two-way password-free authentication for SSH in Linux
I. Implementation Principle

Use a public/private key authentication method for ssh login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh Login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on.

Ii. experiment environment

Node1: 192.168.5.10
Node2: 192.168.5.20

Iii. Linux/Unix dual-host build trust 3.1 generate certificates on node1

Run the ssh-keygen command under the root user of node1 and press enter to generate a certificate that establishes a security trust relationship.

[root@node1 ~]# ssh-keygen -t rsa


Note: When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory.

3.2 view the file for generating the key
[root@node1 ~]# ll  /root/.ssh/

3.3 node1 establishes a trust relationship with node2

Copy the Public Key Certificate id_rsa.pub to the. ssh subdirectory of the root home directory of node2, and change the file name to authorized_keys. Enter the root user password of node2 (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password.

[root@node1 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.20:/root/.ssh/authorized_keys

3.4 node2 establishes a trust relationship with node1

Perform the same operation on node2 to Establish a trust relationship between node2 and node1.

[root@node2 ~]# ssh-keygen -t rsa


View files

[root@node2 ~]# ll  /root/.ssh/

[root@node2 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.10:/root/.ssh/authorized_keys

Note: Remember to modify the authorized_keys permission.
[root@node1 ~]# chmod 600 /root/.ssh/authorized_keys
Iv. Test

On node1:

[root@node1 ~]# scp /opt/test.txt 192.168.5.20:/opt/


On node2:

[root@node2 ~]# scp /opt/test22.txt 192.168.5.10:/opt/

5. Remote Command Execution

Command Format: ssh remote username @ Remote Host IP address 'remote command or script'

[root@node2 ~]# ssh root@192.168.5.10 'hostname'

You may also like the following SSH-related articles. For details, refer:

Cluster Environment SSH password-free login settings

Basic Linux Tutorial: Configure SSH password-free Login

Remote SSH connection service and basic troubleshooting

Use the SSH public key to automatically log on to the Linux Server

Configure SSH password-free Login

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

SSH non-interactive password authorization Remote Script Execution

SSH key Login

Install and configure SSH in Ubuntu (ssh: connect to host localhost port 22: Connection refused)

CentOS SSH prompt: connect to host centos-py port 22: Connection refused

Implement SSH password-free login to a remote server on Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.