SSH No password Authentication login implementation

principle: Use the required user to log in to the client, use Ssh-keygen to generate the user host private key and key, and upload the client public key to the server-side fixed file. When the client accesses the server side via SSH, the server generates a random number and encrypts the random number with the client's public key and sends it to the client. After the client receives the encryption number in the use of the private key decryption, and the decryption number to the server side, the server-side confirmation decryption is correct after allowing the client to connect.

role: using SSH to log in to the host is not required to enter a password. SCP instructions can be placed in the crontab service, so that our system through the SCP directly under the background of its own regular network replication and backup.

Examples of applications:

Both host client Ser1 and server-side SER2,IP addresses are 10.1.1.1 and 10.1.1.2, respectively.
Because the client ser1 frequently accesses the Ser2 host, it is now necessary to implement the client Ser1 SSH login Ser2 the host without a password.

Steps:

1. Check if the system has SSH service and rsync service (rsync is a remote data synchronization tool that can quickly synchronize files between multiple hosts via the network). If not installed, yum installation is required.

[[email protected]  ~]# rpm-qa |grep openssh 

openssh-server-5.3p1-20.el6.i686
openssh-askpass-5.3p1-20.el6.i686 < BR style= "Background-color:inherit;" >openssh-clients-5.3p1-20.el6.i686

[[ Email protected]  ~]# rpm-qa |grep rsync 

2, log in with the root user, modify the SSH configuration file

[ Email protected] ~]# vi/etc/ssh/sshd_config

Rsaauthentication Yes                  //enable RSA authentication

Pubkeyauthentication Yes                  //enable public key private key pairing authentication method

AuthorizedKeysFile         .ssh/authorized_keys           //Public key file path

3. Restart sshd

[[email protected] ~]# service sshd restart

4. Log in with username without password, generate private key and key.

[[email protected] ~]# ssh-keygen-t RSA//The root login used here, encryption method can use RSA will DSA, the default is RSA. All default carriage returns can be

[ [email protected]~]# Ls-ld ~/.ssh; Ls-l ~/.SSH//See if Public and private key files are generated
DRWX------. 2 root root 4096 February 21:59/root/.ssh
-RW-------. 1 root root 1675 February 21:58 Id_rsa//private key
-rw-r--r--. 1 root root 401 February 21:58 id_rsa.pub//Public key

Note: 1, ordinary users generate public key files under the/home/user name/.ssh/.
2, the ~/.ssh/directory must be 700 of the permission to line. Id_rsa must be 600 and belong to the user itself. Otherwise, the key contrast may fail

5, the client Ser1 generated public key files uploaded to the server Ser2

[[email protected]  ~]# SCP   &NBSP;.SSH/ID _rsa.pub       10.1.1.2:/root                  //to pass Ser1 generated public key files Enter the root directory of the ser2

[[email protected]  ~]# cat  id_rsa.pub  >>/root/.ssh/authorized_keys        //import ser1 Public key file contents into authorized_keys file

Note:The Authorized_keys permission is set to 644.

7. Verification

[[email protected]  ~]# ssh 10.1.1.2        //try SSH login ser2

Last Login:sat 10.1.1.1 
[[email protected]  ~]#

Note: If you want to ser2 no password login to the Ser1 method above

This article is from the "life is also a practice" blog, please be sure to keep this source http://wgmml.blog.51cto.com/3050917/1615853

SSH No password Authentication login implementation