Configure two-way password-free authentication for SSH in Linux

Configure two-way password-free authentication for SSH in Linux
I. Implementation Principle

Use a public/private key authentication method for ssh login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh Login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on.

Ii. experiment environment

Node1: 192.168.5.10
Node2: 192.168.5.20

Iii. Linux/Unix dual-host build trust 3.1 generate certificates on node1

Run the ssh-keygen command under the root user of node1 and press enter to generate a certificate that establishes a security trust relationship.

[root@node1 ~]# ssh-keygen -t rsa

Note: When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory.

3.2 view the file for generating the key

[root@node1 ~]# ll  /root/.ssh/

3.3 node1 establishes a trust relationship with node2

Copy the Public Key Certificate id_rsa.pub to the. ssh subdirectory of the root home directory of node2, and change the file name to authorized_keys. Enter the root user password of node2 (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password.

[root@node1 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.20:/root/.ssh/authorized_keys

3.4 node2 establishes a trust relationship with node1

Perform the same operation on node2 to Establish a trust relationship between node2 and node1.

[root@node2 ~]# ssh-keygen -t rsa

View files

[root@node2 ~]# ll  /root/.ssh/

[root@node2 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.10:/root/.ssh/authorized_keys

Note: Remember to modify the authorized_keys permission.

[root@node1 ~]# chmod 600 /root/.ssh/authorized_keys

Iv. Test

On node1:

[root@node1 ~]# scp /opt/test.txt 192.168.5.20:/opt/

On node2:

[root@node2 ~]# scp /opt/test22.txt 192.168.5.10:/opt/

5. Remote Command Execution

Command Format: ssh remote username @ Remote Host IP address 'remote command or script'

[root@node2 ~]# ssh root@192.168.5.10 'hostname'

You may also like the following SSH-related articles. For details, refer:

Cluster Environment SSH password-free login settings

Basic Linux Tutorial: Configure SSH password-free Login

Remote SSH connection service and basic troubleshooting

Use the SSH public key to automatically log on to the Linux Server

Configure SSH password-free Login

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

SSH non-interactive password authorization Remote Script Execution

SSH key Login

Install and configure SSH in Ubuntu (ssh: connect to host localhost port 22: Connection refused)

CentOS SSH prompt: connect to host centos-py port 22: Connection refused

Implement SSH password-free login to a remote server on Linux