Principle:
Key authentication needs to rely on the key, first create a pair of keys (including the public key and the key, and the public key encrypted data can only be decrypted with the key), and put the public key to the need for a remote server. When you log on to a remote server, the client software makes a request to the server requesting authentication with your key. After the server receives the request, first look for your public key in the host directory of the server, and then check whether the public key is legal, if it is legal to encrypt a random number with the public key (that is, the so-called challenge) and sent to the client software. After receiving "challenge", the client software decrypts it with the private key and sends it to the server. Because the data encrypted with the public key can only be decrypted with a secret, the server can know the legitimacy of the client connection by comparison.
Client: 172.16.142.4
Remote host: 172.16.142.5
In the client computer, execute the following command with the root user:
[email protected]. ssh]# /usr/bin/ssh-keygen-t RSA
Generating public/private RSA key pair.
enter file in which to save the key (/ROOT/.SSH/ID_RSA):
Enter passphrase (empty for no passphrase):
Enter Sam E Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
30:F6:D7:2A:AC:56:EB:3F:FA:40:25:8D:90:96:68:CB [email protected]
--------- ---------------------------------------
Description:
The command generates a pair of key
commonly used SSH RSA keys under the user's home directory/.ssh directory:
Id_rsa private key
Id_rsa.pub public key
The following command produces different types of keys
Ssh-keygen-t DSA
ssh-keygen-t RSA
Ssh-keygen-t RSA1
-------------------------------------------------------
[[email protected]. ssh]# Scp/root/.ssh/id_rsa.pub [Email protected]:/root/.ssh/authorized_keys
The authenticity of host ' 172.16.142.5 (172.16.142.5) ' can ' t be established.
RSA key fingerprint is 4b:a5:74:fb:2e:08:60:af:fa:76:d4:b0:26:4c:13:75.
is you sure want to continue connecting (yes/no)? Yes
Warning:permanently added ' 172.16.142.5 ' (RSA) to the L Ist of known hosts.
[email protected] ' s password:
id_rsa.pub 100% 236 0.2kb/s 00:00
---------------------------------------------------------- ---
Description:
Copy the public key to the remote host and write to the authorization list file
You can also copy the public key file past, execute directly under the remote host
touch/root/. Ssh/authorized_keys
cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys
------------------ -------------------------------------------
Operation completed, login check.
[email protected]. ssh]# ssh 172.16.142.5
[email protected] ' s password:
Please note that if you are still prompted to enter your password, it is important to check the permissions of the following folders and files, otherwise the SSH public key authentication system will not work properly:
172.16.142.4 (client)
The permissions for the/home/root folder are 600
The permissions for the/home/root/.ssh folder are 600 (as if this permission relationship is not very large)
/HOME/ROOT/.SSH/ID_DSA Permissions for private keys 600
172.16.142.5 (remote host)
The permissions for the/home/root folder are 644
The permissions for the/home/root/.ssh folder are 644 (as if this permission relationship is not very large)
/root/.ssh/authorized_keys permissions for public keys 644
--------------------------------------------------------------
[[email protected] ~]# ssh 172.16.142.5
Last Login:sat Dec 21:10:17-172.16.142.4
[Email protected] ~]#
No password SSH login success!
SSH key explanation