full description of SSH authentication:https://www.ibm.com/developerworks/cn/linux/security/openssh/part1/
Description: Point me to check
Today we only say to generate SSH key, so as to achieve the purpose of password-free landing.
Do not know what SSH is to look at the description. All right, no more nonsense.
System: CentOS 5.8
- Confirm User
Confirm that the current user is the user you need!
$ whoamifroad #froad用户, select users according to your own needs. I use Froad user demo here.
- Generate key
$ cd ~ #回到用户目录, don't go back also no relationship $ ssh-keygen #可以使用-t option to choose the encryption method, including RSA and DSA two keys # for example: $ssh-keygen-t DSA or ssh-keygen-t rsa# encryption in different ways , the name of the key is different, the other does not differ # If no key is specified, the default rsagenerating public/private RSA key pair. Enter file in which to save the key (/home/froad/.ssh/id_rsa): #私钥存放的位置, default will be stored in the user directory of the. SSH folder, directly enter passphrase (empty for No passphrase): #默认, enter same passphrase again: #默认, enter your identification has been saved In/home/froad/.ssh/id_rsa. #私 Key path your Public key has been saved in/home/froad/.ssh/id_rsa.pub. #公钥路径The Key fingerprint is:e8:b6:e6:xxxxxxxxxxxxxxxxx: Ec:b5:d8 [email protected]$ cat id_***.pub >> authorized_keys #*** for encryption means to copy the public key to the Authorized_keys file. If you have a lot of computers to configure, copy all the id_***.pub public keys to a Authorized_keys file
- Configuration
Copy the Authorized_keys file to a computer that needs to be managed. Note: Place the user directory in the. ssh folder. Linux users will limit your access rights
Verify
$ SSH [email protected] #root是用户名, can change according to your needs the authenticity of host ' 192.168.2.xxx (192.168.2.xxx) ' can ' t is established. RSA key fingerprint is ff:07:49:4d:xxxxxxxxxxe:2c:38.are do sure you want to continue connecting (yes/no)? Yes# agreed to add the fingerprint to the local warning:permanently added ' 192.168.2.xxx ' (RSA) to the list of known hosts. Last login:wed Oct 13:58:32 from 192.168.1.xxx
You can only access Authorized_keys's computer on the computer where you generated the key, and if you want to access both computers, password-free. Then you need to repeat the above steps (the machine is configured exactly the opposite).
- Other
If you add a fingerprint when the prompt to add the failure, because you have previously added the IP fingerprint.
Workaround: Remove the known_hosts file from the. SSH directory (⊙o⊙)! ), you can also open this file to delete the IP record (this is more fine O (∩_∩) o haha ~)
If the steps are correct, you will still be asked to enter the password. This is generally because of a permission issue. The command is as follows
chmod 644 ~/.ssh/authorized_keys
Jenkins Advanced series of--09 configuration Linux system ssh password-free login