Linux remote logins and password-free logon methods

Source: Internet
Author: User
Tags ssh openssh server ssh secure shell

I. Remote Login method

SSH is a secure channel protocol that is used primarily for remote logins. In the RHEL 5 system, the OpenSSH server is provided by software packages such as OpenSSH, Openssh-server, which are installed by default, and the sshd is added as a standard system service. Use the following methods:

The code is as follows:

$ SSH Host

$ ssh Username@host

$ ssh-p 222 Username@host

-P: Specifies the access port; If this argument is omitted, the default port of SSH service is accessed by default 22;

If you are logged on to the other host for the first time, a prompt appears:

The code is as follows:

The authenticity of host ' host (192.168.0.21) ' can ' t be established.

RSA key fingerprint is 98:2e:d7:e0:de:9f:ac:67:28:c2:42:2d:37:16:58:4d.

Are you sure your want to continue connecting (yes/no)?

This passage is to say, cannot confirm host hosts authenticity, only know its public key fingerprint, ask you still want to continue to connect?

After you enter Yes, a prompt appears indicating that host hosts have been recognized.

The code is as follows:

Warning:permanently added ' host, 192.168.0.21 ' (RSA) to the list of known hosts.

Then ask for a password:

The code is as follows:

$ Password: (enter Password)

At this point, if the secret is correct, you can log in.

Two, password-free login method

In the trust environment, if each remote login, you have to enter a password, feel too wasted time, especially the password is very complex, maintenance of the server more than the case.

So there is a normal need: you do not have to enter a password to achieve remote logins.

The implementation steps are as follows:

1, local generation of a pair of secret key files (public and private key);

The code is as follows:

$ ssh-keygen

# The above command is equivalent to ssh-keygen-t RSA

#-t: Specifies the type of key, which defaults to the RSA type of SSH-2;

After you run the above command, a series of prompts will appear, and you can return all the way. Specifically, one of the issues is whether you want to set a password for the private key (passphrase), and if you are concerned about the security of the private key, you can set one. After the run is completed, the ~/.ssh/directory will be reborn into two files: Id_rsa.pub and Id_rsa. The former public key, the latter is the private key.

2, the public key will be transmitted to the remote host hosts;

The code is as follows:

$ Ssh-copy-id User@host

After two steps, you can achieve a remote login without a password (the host saves the user's public key in the ~/.ssh/authorized_keys file).

Third, frequently asked questions:

1, to generate the key and upload to the remote host, still unable to implement password-free login?

Open the remote host's/etc/ssh/sshd_config this file, and uncomment the following lines.

The code is as follows:

#RSAAuthentication =yes

#PubkeyAuthentication =yes

#AuthorizedKeysFile =.ssh/authorized_keys

Then, restart the SSH service for the remote host.

The code is as follows:

#ubuntu system

$ Service SSH Restart

#debian system

$/etc/init.d/ssh Restart

2. When executing the Ssh-copy-id command, the SSH service port of the remote server is not 22, as follows:

The code is as follows:

$ Ssh-copy-id Nameb@machineb

Ssh:connect to host Machineb Port 22:connection refused

The following command is used:

The code is as follows:

$ ssh-copy-id "-p 22000 Nameb@machineb"

Iv. Supplementary content:

The code is as follows:

$ ssh-copy-id-i ~/.ssh/id_rsa.pub root@192.168.0.2

$ ssh-copy-id-u eucalyptus-i/home/eucalyptus/.ssh/id_rsa.pub eucalyptus@remote_host

#-u: Set no password login to Eucalyptus user

#-I: When no value is passed or the ~/.ssh/identity.pub file is inaccessible (does not exist), Ssh-copy-id will display the following error

/usr/bin/ssh-copy-id:error:no identities found

SSH provides two types of logon authentication:

1, password verification: the server in the Local System user login name, password to verify.

2, secret key to verify: the need to provide a matching secret key information in order to pass the verification. You typically create a pair of secret key files (public and private) in the client, and then place the public key file in the server at the specified location.

Note: When both password authentication and private key authentication are enabled, the server will use secret key authentication as a priority.

V. Configuration file for SSH service:

The configuration file for the SSHD service defaults to/etc/ssh/sshd_config, adjusting the related configuration items to further improve the security of the sshd telnet.

The contents of a configuration file can be divided into the following three sections:

Copy Code

The code is as follows:

#SSH服务器监听的选项

#监听的端口

Port 22

#使用SSH V2 Protocol

Protocol 2

#监听的地址为所有地址

Listenadderss 0.0.0.0

#//Disable DNS reverse resolution

Usedns No

#用户登录控制选项

#是否允许root用户登录

Permitrootlogin No

#是否允许空密码用户登录

Permitemptypasswords No

#登录验证时间 (2 mins)

Logingracetime 2m

#最大重试次数

Maxauthtries 6

#只允许user用户登录, as opposed to the denyusers option

Allowusers User

#登录验证方式

#启用密码验证

Passwordauthentication Yes

#启用秘钥验证

Pubkeyauthentication Yes

#指定公钥数据库文件

Authorsizedkeysfile. Ssh/authorized_keys

View SSH Service Status command:/ETC/INIT.D/SSHD status

Reboot SSH Service command:/etc/init.d/sshd restart

To view the version number of the SSH Software command: $ ssh-v

OPENSSH_3.9P1, OpenSSL 0.9.7a Feb 19 2003 # indicates that the system is in use OpenSSH

Ssh:ssh Secure Shell 3.2.9.1 (non-commercial version) on I686-pc-linux-gnu # indicates that the system is in use SSH2

When a remote host's public key is accepted, it is saved in the file $HOME/.ssh/known_hosts. The next time you connect to this host, the system will recognize that its public key has been saved locally, skipping the warning section and prompting for a password.

Each SSH user has his or her own known_hosts file, and the system also has one such file, usually/etc/ssh/ssh_known_hosts, that holds the public key of a remote host that can be trusted to all users.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.