Do not enter a password for SSH

Source: Internet
Author: User
Tags password protection ssh secure shell
Http://bbs.chinaunix.net/archiver/tid-343905-page-1.html
Sometimes we use SCP when copying/moving files to another machine, because it is safer. However, if

It is annoying to enter passwords, especially in scripts. However, SSH has another key pair for verification.

. The following describes how to generate a key pair for your reference.

Step 1: generate a key pair. I use the RSA key. Run the command "ssh-keygen-t rsa"

[Code]
[User1 @ RH user1] $ ssh-keygen-T RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/home/user1/. Ssh/id_rsa ):
Created directory '/home/user1/. Ssh '.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/user1/. Ssh/id_rsa.
Your public key has been saved in/home/user1/. Ssh/id_rsa.pub.
The key fingerprint is:
E0: F0: 3B: D3: 0a: 3D: da: 42: 01: 6a: 61: 2f: 6C: A0: C6: E7 user1@rh.test.com
[User1 @ RH user1] $
[/Code]
During the generation process, the system prompts you to enter the key pair storage location and press enter to accept the default value. Next, you will be prompted to enter 1.

Password different from your password. Press enter to leave it empty. You can also enter one. (I'm lazy.

You do not want to enter the password every time .) In this way, the key pair is generated.

The Public Key is stored in ~ /. Ssh/id_rsa.pub
Private keys are stored in ~ /. Ssh/id_rsa

Then change the. Ssh directory permission and run the command "chmod 755 ~ /. Ssh"
[Code]
[User1 @ RH user1] $ chmod 755 ~ /. SSH
[User1 @ RH user1] $
[/Code]

Copy the public key in this key pair to the machine you want to access and save it

~ /. Ssh/authorized_keys.

[Code]
[User1 @ RH user1] $ SCP ~ /. Ssh/id_rsa.pub Rh1:/home/user1/. Ssh/authorized_keys
User1 @ Rh1's password:
Id_rsa.pub 100% 228 3.2 MB/S
[User1 @ RH user1] $
[/Code]

In this way, we are done. Then, when you access the machine using ssh scp sftp or another type, you do not need to enter a password.

It is more convenient to use on scripts. PlatinumDo not enter a password for SSH

Haha, good and good! Encourage me!

Q1208cDo not enter a password for SSH

Thank you, moderator.

Wind521Do not enter a password for SSH

Good. Learn one trick.

MarlboroljDo not enter a password for SSH

It seems that I have seen it in Sun's cluster manual, but there was a problem during the test.
Password is not required on the Character interface.
But it does not seem to work in the graphic interface.
Can you try it on the Gui?

LnxDo not enter a password for SSH

8: Yes;
I now use securecrt + RSA + SSH2 (win is not allowed in my company). It is a bit like above you :)

Win_hateDo not enter a password for SSH

In this way, your private key is stored in plain text without password protection. In this way, you can only rely on the operating system to restrict access to files to protect the private key, which is not safe.

DOTNETDo not enter a password for SSH

It is very convenient to use.

Q1208cDo not enter a password for SSH

I tried it in GNOME and it was okay.

The upstairs brother makes sense, but do we just do this without entering the password. Especially in scripts, passwd is better than a plaintext password in scripts. After all, the private key is longer than the password.

Win_hateDo not enter a password for SSH

[Quote] [I] the original post is justified by the "q1208c"] UPSTAIRS brothers, but do we just do this without entering the password. [/Quote: [/I]

This can be done if you want to save the effort for password-breaking and the security is not critical.

[Quote] [I] the original post is composed of "q1208c"]. Especially in scripts, passwd is not required. It is better than writing a plaintext password in scripts. After all, the private key is longer than the password. [/Quote: [/I]

You write a password in the script. If other users can read the script, they will know your password. If this user wants to attack you, he needs to get your private key.

If you set the password to "null" in the first method, anyone can attack you as long as they get your private key.

Therefore, writing a password in a script is a little better than making the password empty. However, from the perspective of cryptography, they are equally insecure.

YjnetDo not enter a password for SSH

There is a way called proxy. The password can be stored in the memory. In this way, you only need to enter the password once. It is safe and convenient. The setting method is as follows:

SSH proxy
It stores the private key in the memory to provide authentication services without entering the password again. Until the user exits. ProxyProgramIs an SSH-agent. Manual running or editable ~ /. Login or ~ /. Xsession to run automatically.
$ Ssh-agent $ shell where shell is the environment variable for the user to log on to shell. After running this command, open another shell to access the proxy. Then run the ssh-add command to load the private key. In this way, you do not need to remind you to enter the password when using the SSH and SCP commands. The password is loaded into the memory. If you are running the X Window System and set the display environment variable, but the standard input is not a terminal, ssh-add uses a graphical X program ssh-askpass to read the password. To force ssh-add to use X to read the password, enter ssh-add </dev/null in the command line.
-L the parameter displays the keys in the memory.
-D parameter: deletes the key from the proxy $ ssh-add-D ~ /. Ssh/id_xxx.pub
-D: deletes all keys.
-T set the timeout time for the loaded key. The timeout proxy will automatically uninstall the key.
-L-u locks and unlocks the proxy, which is useful when you leave the computer and do not want to log out.

I have an article on my website titled "ssh authoritative guide. The above is a comprehensive introduction to ssh. URL:
Http://www.ringkee.com

Lltp2002Do not enter a password for SSH

: Em02: thanks to the boss for solving a problem. Please help me in the future! Hey.

Q1208cDo not enter a password for SSH

[Quote] [I] original post by "win_hate"] in this way, your private key is stored in plaintext without password protection. In this way, you can only rely on the operating system to restrict access to files to protect the private key, which is not safe. [/Quote: [/I]

No matter how you put it, can you see it without my password ??

Because other users cannot access my home. If he can come in, he will not see the password I wrote in the script. : Em03:

In fact, where is absolute security? But everyone should be careful. : Em03:

Zxp123Do not enter a password for SSH

There is a better way to achieve this:

Http://www-900.ibm.com/developerWorks/cn/linux/security/openssh/part1/index.shtml

Http://www-900.ibm.com/developerWorks/cn/linux/security/openssh/part2/index.shtml

The keychain is a good solution!

Q1208cDo not enter a password for SSH

I know this, so I said I'm just a little lazy.

GaojubaoDo not enter a password for SSH

How did you get the backup and recovery from IBM? I really didn't think of it. Haha

But you are also good. I tried to find the code with my heart. Then you will surely become a moderator in the future,

I did not lie to you,

LmhcnDo not enter a password for SSH

D_items_ch.pc

ForeverghostDo not enter a password for SSH

Another trick !!

Dell_3148228Do not enter a password for SSH

Pretty good. This post must be popular.

Beginner VBDo not enter a password for SSH

If the client is under Win and SSH Secure Shell 3.2.9 is used, what should I do if I access a Linux machine based on the principle of the landlord?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.