Linux (10) Configure SSH-free login implementation

Know that SSH friends should know what it is used to do, if you do not know what is SSH telnet, you can go to see my previous blog, about the network foundation of Linux knowledge.
Note:ssh is used to log in remotely. Execute the SSH command to open the terminal stage operation and log in to the remote host.

First, SSH remote login

Today we are going to tell you that when a client wants to telnet to the server, a password can be entered to successfully log in.

Process Flowchart:

　　　　

So we're wondering if we don't need to enter a password, just use the SSH username @ server IP to log in?

Second, ssh password-free login principle

　　

It may be a bit of a force to see this figure. Let me explain to you.

We use the ssh-lkeygen command in host A and Host B, respectively, to generate the public and private keys used for encryption. Then we put the public key of host a into the. ssh/authorized_keys file under Host B .

When we next use SSH username @ server IP Login, Host B is used: Host A's public key + Host B password sent to host A, and then host a with its own private key decryption, get Host B password,

This enables the SSH password-free login function.

third, SSH-related remote copy command SCP 　　 3.1. Command Description

Make a remote copy

　　 3.2. Command Syntax

SCP [ -1246BCPQRV] [-C cipher] [-f ssh_config] [-I identity_file] [-L-limit] [-O ssh_option] [-P port] [-S program] [[[Emai] L Protected]]host1:]file1 [...] [[Email Protected]]host2:]file2

Simplified notation: SCP [option (s)] source destination

　　 3.3. Parameter Description

-1: Enforce SCP command using protocol SSH1
-2: Enforce SCP command using protocol SSH2
-4: Force SCP command to use only IPV4 addressing
-6: Force SCP command to use only IPV6 addressing
-B: Use batch mode (transfer password or phrase is not asked during transfer)
-C: Allow compression. (Pass the-c flag to SSH to turn on the compression function)
-P: Preserves the original file's modification time, access time, and access rights.
-Q: The transfer progress bar is not displayed.
-R: Recursively replicate the entire directory.
-V: Displays the output in verbose mode. SCP and SSH (1) will display debugging information for the entire process. This information is used to debug connections, authentication, and configuration issues.
-C cipher: To encrypt the data transfer with cipher, this option will be passed directly to SSH.
-F Ssh_config: Specifies an alternative SSH configuration file that is passed directly to SSH.
-I identity_file: The key file that is used to read the transfer from the specified file, which is passed to SSH.
-L Limit: limits the bandwidth that the user can use, in kbit/s.
-O Ssh_option: If you are accustomed to using the parameter passing method in Ssh_config (5),
-P Port: note is uppercase P, port is the port number specified for data transfer
-S Program: Specifies the programs that are used to encrypt the transfer. This program must be able to understand the SSH options.

　　 3.4. Testing

Service side

　　

If the remote copy is a directory, add-R

Four, the implementation of the secret-free login 　 4.1. Environment

I am using the ubuntu17.04 version of the desktop version as the client, using Ubuntu Server Edition as Server side.

　　 4.2. Realization Process

Note: SSH-free login is the same as the user name of the two machines, for example, a, b two machines, both machines have a user name is ZYH user. Now the demand is on a machine through the secret (do not enter a password, that is, secret) to log on the B machine. We can directly use: SSH server-side IP login.
When the user name is not the same, it is necessary to use: SSH server side of the user name @ server-side IP to log on. Here I am the user name of the two machines is the same

Client: Server side:

The first step: Use the command "Ssh-keygen" to generate the public and private keys on A and B machines respectively.
After executing the command, the ". ssh/" Directory is generated under the Zyh user's home directory and the public key "Id_rsa.pub" file and the private key "Id_rsa" file are generated under the ". ssh/" directory.

Note: The public key is used for encryption, and the private key is used to decrypt it.

　Step Two: copy the id_rsa.pub from the . ssh/directory under the ZYH user home directory on the A machine to the zyh user's home directory of the B machine (note the home directory, not the. SSH directory).

Command: scp/home/zyh/.ssh/id_rsa.pub [email protected]:~
Command description: Replace "B" in the above command with the specific hostname or IP. Note that the BRIUP user's home directory is copied to the B machine, not the ". SSH" directory.

This is because host A and Host B use the same user, so there is no use of [email protected]:~

View server-side

　　　　

　　Step Three: on the B machine, copy the contents of the "id_rsa.pub" (i.e., "id_rsa.pub") fromthe "B" machine zyh the user home directory to the ". SSH" under the Zyh home directory on the B machine. The "Authorized_keys" file under the directory (note: This file is not available for the first time) .
Command: Cat/home/zyh/id_rsa.pub >>/home/zyh/.ssh/authorized_keys
Command description: The above command is executed on the B machine

　　　　

　　Fourth Step: Change the operation permission of the "Authorized_keys" file generated by the third Step Execution command to 600. (This is required by the SSH protocol)
Command: chmod 600/home/zyh/.ssh/authorized_keys
Command description: The above command is executed on machine b

　　

　　Fifth Step: on the A machine by no password login B machine.
Command: SSH B
Command description: The above command executes on the B machine, replacing "B" with the specific hostname or IP address. (This is the case with host A and Host B user names)

Successful test

Add: When using the SSH tool for remote login, if the user name of the two machines logged in the same, you can directly use the command "SSH hostname/IP" to telnet, without the need to enter the user name , that is, do not need to " SSH [email protected] Hostname/IP "This way to log in .

　

　　

　　　　　　

　　　　　　

　　

（

Linux (10) Configure SSH-free login implementation