CentOS SSH password-less logon Principle

CentOS SSH password-less logon Principle
Principles

For ease of understanding, it is assumed that the hadoop148 host can be connected to hadoop107 without a password.

Generate a key pair on hadoop148, including a public key and a private key, and copy the public key to hadoop107.

Then, when hadoop148 connects to the hadoop107 machine through SSH, The hadoop107 machine will generate a random number and encrypt the random number with the public key of hadoop148 and send it to hadoop148.

At last, hadoop148 decrypts the encrypted data with the private key and returns the decryption data to hadoop107. After confirming that the decryption data is correct, hadoop148 is allowed to connect without entering the password.

Configuration

Procedure

1. log on to hadoop148, run the command ssh-keygen-t rsa, and then return to the car all the way. Check the generated password-less key pair: cd. ssh and then execute ll

2. append id_rsa.pub to the authorization key. Run the command cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys

3. Modify permissions: Execute chmod 600 ~ /. Ssh/authorized_keys

FAQs Symptom:

The hadoop148 machine has produced the rsa key.

The public key has been added to the server B server/root/. ssh/authorized_keys

However, when using ssh root @ hadoop107, you still need to enter the password, that is, no password authentication fails,

Analysis and Processing:

Step 1: View Permissions

Use ssh-v debug for access. The log is as follows, but the cause of failure cannot be seen from the log. Only when publickey is used for authentication, no reply is provided to the peer;

View the/var/log/secure log

It is found that the HOME directory of all users should have 700 permissions. Otherwise, many problems may occur. This problem is also caused by this problem.

Finally, run chmod 700 root to solve the problem.

The permissions are summarized as follows:

1) the ssh directory permission must be 700

2) The permission for the user directory must be 700. For example, if I use the root user, the/root permission must be 700.
3). The ssh/authorized_keys File Permission must be 600

Step 2: view security context

If changing permissions does not solve the problem, try the following methods:

First, use ls-laZ to check the. ssh directory. If it is not ssh_home_t, use the restorecon command to restore the context of the. ssh directory. Command: restorecon-r-vv/root/. ssh

Step 3: Analyze/var/log/audit. log logs

Modify directory User Permissions

Chown-R root. root/root