SSH keyless entry to other hosts

SSH keyless entry to other hosts

First to generate a key on this machine, a total of two files

There are two types of RSA DSA for encryption type

Id_rsa equivalent to the key to life

Id_rsa.pub is the equivalent of a lock in life.

[[email protected] ~]# ssh-keygen -t rsagenerating public/private rsa  Key pair. enter file in which to save the key  (/ROOT/.SSH/ID_RSA):  Created  directory  '/root/.ssh '. enter passphrase  (empty for no passphrase):  enter same passphrase  again: your identification has been saved in /root/.ssh/id_rsa. your public key has been saved in /root/.ssh/id_rsa.pub.the key  Fingerprint is:ae:5c:b6:af:c2:c6:95:86:f4:df:cd:f7:80:20:6f:b0 [email protected]the key ' s  RANDOMART IMAGE IS:+--[ RSA 2048]----+|                  | |                  | |                  | |       .          | |      . os.       | |      &NBSP, .... == . .   | |      O OE.O. o.  | |      .=+ o. . o..| |      .o.oo.    .o|+-----------------+

Here we recommend making key pair data with a normal user and then using sudo or su to manipulate commands

Relatively safe to be more

We send id_rsa.pub (lock) to other Linux hosts

[Email protected] ~]# ssh-copy-id-i ssh/id_rsa.pub [email protected]the authenticity of host ' 172.16.30.10 (172.16.30.1 0) ' can ' t be established. RSA key fingerprint is b7:1f:51:1f:7e:71:a9:fc:c6:c3:6d:cd:b8:1a:76:8e. Is you sure want to continue connecting (yes/no)? yeswarning:permanently added ' 172.16.30.10 ' (RSA) to the list of known hosts.  [email protected] ' s password://Enter the root password of the remote host now try logging to the machine, with "ssh" [email protected] ' ", and check In:. Ssh/authorized_keys see it on the instructions sent successfully to made sure we haven ' t added extra keys that you weren ' t expecting. [Email protected] ~]#

After completing the above two steps, we will be able to telnet to the Linux host.

[[Email protected] ~]# ssh -p 22 [email protected]last login: sun  Apr 17 11:31:06 2016 from 172.16.10.200[[email protected] ~]#  ifconfig eth0eth0      link encap:ethernet  hwaddr  00:0c:29:3e:d0:64            inet addr :172.16.30.10  bcast:172.16.255.255  mask:255.255.0.0           inet6 addr: fe80::20c:29ff:fe3e:d064/64 Scope:Link           up broadcast running multicast  mtu:1500   Metric:1          RX packets:13767  errors:0 dropped:0 overruns:0 frame:0           tx packets:5419 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx  bytes:5494833  (5.2 MIB)   TX bytes:2068168  (1.9 MIB)

You can also execute commands from a remote host

[[Email protected] ~]# ssh -p 22 [email protected] /sbin/ifconfig  eth0eth0      link encap:ethernet  hwaddr 00:0c:29:3e :D 0:64            inet addr:172.16.30.10   Bcast:172.16.255.255  Mask:255.255.0.0           inet6 addr: fe80::20c:29ff:fe3e:d064/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500   metric:1          rx packets:13973 errors:0  dropped:0 overruns:0 frame:0          tx  packets:5496 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           rx bytes:5517594   (5.2 MIB)   TX bytes:2082557  (1.9 MIB)

SSH keyless entry to other hosts