Configure two-way password-free authentication for SSH in Linux
I. Implementation Principle
Use a public/private key authentication method for ssh login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh Login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on.
Ii. experiment environment
Node1: 192.168.5.10
Node2: 192.168.5.20
Iii. Linux/Unix dual-host build trust 3.1 generate certificates on node1
Run the ssh-keygen command under the root user of node1 and press enter to generate a certificate that establishes a security trust relationship.
[root@node1 ~]# ssh-keygen -t rsa
Note: When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory.
3.2 view the file for generating the key
[root@node1 ~]# ll /root/.ssh/
3.3 node1 establishes a trust relationship with node2
Copy the Public Key Certificate id_rsa.pub to the. ssh subdirectory of the root home directory of node2, and change the file name to authorized_keys. Enter the root user password of node2 (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password.
[root@node1 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.20:/root/.ssh/authorized_keys
3.4 node2 establishes a trust relationship with node1
Perform the same operation on node2 to Establish a trust relationship between node2 and node1.
[root@node2 ~]# ssh-keygen -t rsa
View files
[root@node2 ~]# ll /root/.ssh/
[root@node2 ~]# scp -r /root/.ssh/id_rsa.pub 192.168.5.10:/root/.ssh/authorized_keys
Note: Remember to modify the authorized_keys permission.
[root@node1 ~]# chmod 600 /root/.ssh/authorized_keys
Iv. Test
On node1:
[root@node1 ~]# scp /opt/test.txt 192.168.5.20:/opt/
On node2:
[root@node2 ~]# scp /opt/test22.txt 192.168.5.10:/opt/
5. Remote Command Execution
Command Format: ssh remote username @ Remote Host IP address 'remote command or script'
[root@node2 ~]# ssh root@192.168.5.10 'hostname'
You may also like the following SSH-related articles. For details, refer:
Cluster Environment SSH password-free login settings
Basic Linux Tutorial: Configure SSH password-free Login
Remote SSH connection service and basic troubleshooting
Use the SSH public key to automatically log on to the Linux Server
Configure SSH password-free Login
Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04
SSH non-interactive password authorization Remote Script Execution
SSH key Login
Install and configure SSH in Ubuntu (ssh: connect to host localhost port 22: Connection refused)
CentOS SSH prompt: connect to host centos-py port 22: Connection refused
Implement SSH password-free login to a remote server on Linux