Establish SSH trust relationship between Linux machines __linux

establish SSH trust relationship between Linux machines

SSH trust relationship, refers to a server on a user trust the client of a user, allow this user not to enter a password login, another argument is called Public_key_auth. is actually the certificate trust.

Practical steps

Steps	Dsa	Rsa
1 on Machine A, Generates a hidden. SSH directory under the user's home directory. There are two files in the directory: Id_<x>sa, Id_<x>sa.pub	Ssh-keygen-d, then keep returning. Two files will be generated in the ~/.ssh directory, ID_DSA, id_dsa.pub, respectively, the private key and the public key. Note that the permissions for the ID_DSA file must be 600 or 644.	Ssh-keygen-t RSA, then always enter Two files will be generated in the ~/.ssh directory, Id_rsa and Id_rsa.pub, respectively, as private keys and public keys. Note that the permissions for the Id_rsa file must be 600 or 644.
2 on Machine B, the Authorized_keys file plus the contents of the Id_<x>sa.pub file on machine A.	To the server user's ~/.ssh directory, create a file Authorized_keys2 (if you already have it, edit it directly), add the contents of Id_dsa.pub (only one line) to the file to save.	To the server user's ~/.ssh directory, create a file Authorized_keys (if you already have it, edit it directly); Add the contents of the Id_rsa.pub in Machine a (only one line) to the Authorized_keys file in Machine B.
3 on machine B,/etc/hosts or/etc/hosts.allow plus the IP address of a.
4 then machine A can SSH access to machine B. SSH Username@remotehost	SSH username@b	SSH username@b
5. On machine A, the Authorized_keys file plus the contents of the Id_<x>sa.pub file on machine B.	To the server user's ~/.ssh directory, create a file Authorized_keys2 (if you already have it, edit it directly), add the contents of Id_dsa.pub (only one line) to the file to save.	To the server user's ~/.ssh directory, create a file Authorized_keys (if you already have it, edit it directly), add the contents of Id_rsa.pub (only one line) to the file to save.
6. On machine A,/etc/hosts or/etc/hosts.allow plus B's IP address.
7 establishing trust between two Linux, accessing each other without entering a password	SSH username@a SSH username@b	SSH username@a SSH username@b

Note: Authorized_keys can not automatically generate words, on their own manually copy a public secret key file form.

Precautions:

After the successful use of SSH or SCP commands do not have to enter the password "after the establishment of the first visit may be confirmed once", if unsuccessful may be the following reasons:

1. SSH directory and file permissions in the directory are incorrect

. SSH directory permissions are 700, file permissions in the directory is 644 (600 also can)

2, copy the public key file when the id_dsa.pub copied the extra characters, such as spaces or line, so I demonstrated the above example with a look more cumbersome but safe approach.

Reference documents:

Http://www.2cto.com/os/201211/165977.html

Http://www.cnblogs.com/xianfish/archive/2010/04/01/1702536.html