SSH No password login tutorial in Ubuntu server

Source: Internet
Author: User
Tags ssh file permissions ssh server


The new server OS uses the Ubuntu Server version, which is a lot different from the familiar CentOS.

In peacetime work, we log on to the server, is generally the way to use the SSH password. In fact, there is another way, that is, through the SSH key to the server.

Both of these methods are security authentication methods of SSH, and according to the different authentication methods we divide it into: password-based Security authentication and security authentication based on key.

Note: The SSH certificate mentioned in some articles is actually an SSH key.

Introduction of SSH Two security authentication

Through the above introduction, we know that SSH has two types of security authentication methods, the following we explain how it works.

1.1 Password-based security verification

In this way, you can log on to a remote server by simply knowing the remote server's account number and password. All transmitted data will be encrypted, but it is not guaranteed that the server you are connecting to is the server you want to connect to. There may be other servers posing as real servers, which means that connections in this way are likely to be attacked in a "middleman" manner.

1.2 Security verification based on key

In this way, you need to rely on the key, which means you have to create a pair of key pairs (public and private) for yourself, and put the public key on the server you want to access.

Note: The key cannot be created on the server that needs to be accessed, otherwise it is not possible to connect to the server through the key, but it is normal to connect to another server through the key.

If you are connecting to an SSH server, the SSH client sends a request to the SSH server requesting security verification with your key. After the SSH server receives the request, it first checks the user's home directory for the corresponding public key on the SSH server, and then compares it to the public key you sent over. If two public keys are consistent, the SSH server encrypts the "Challenge" (challenge) with the public key and sends it to the SSH client. After receiving a "challenge", the SSH client can decrypt the "challenge" with your private key and send it to the SSH server.

This security authentication method, you must know your key encryption password. Of course, your key can not be encrypted, and this method of not encryption key, in peacetime work of the use of more.

Through the above comparison, we can easily see. Security authentication based on key does not require the transmission of passwords over the network, as compared to password-based security authentication. In addition, we can see that the "middleman" attack is also impossible (because he does not have your private key).

Second, test SSH no password login

In the first chapter, we introduce two kinds of security authentication methods of SSH. To achieve SSH no password landing server, we need to use SSH key to verify this way.

PS: This test OS is Ubuntu 14.04.02 64bit, as follows:

Uname? A

Cat/etc/issue


2.1 Creating an SSH key

Through the first chapter we know, to use SSH key authentication. We have to create an SSH key pair.

SSH key creation, we can have two ways. The first is to create it by Ssh-kengen This command on Linux OS, and the second is to create it through the SSH client tool under Windows.

Here's how to create the key, as described below.

2.1.1 Creates a key through the Ssh-kengen command

Using the Ssh-kengen command to create an SSH key is simple enough to create it directly using the command. As follows:

Ssh-keygen


With the above diagram, we can clearly see that the newly created key is stored in the/home/ilanni/.ssh directory, and the private key file is Id_rsa and the public key file is id_rsa.pub.

In addition, we also need to note the Ssh-kengen command:

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

These two lines represent the encrypted password for setting the private key, where we do not have an encrypted password to set the private key.

Now let's look at the file properties for the key, as follows:

LL. ssh/


By the above diagram, we can clearly see:

The user right of the SSH directory is 700, the private key Id_rsa is 600, and the public key id_rsa.pub is 644.

Note: The private key id_rsa and public key id_rsa.pub file permissions are important, and if permissions are not set correctly, the system prompts you to enter a password when you log in using the SSH key.

Ssh-keygen the key encryption type used by default is RSA, which we can learn by looking at the public key file id_rsa.pub. As follows:

Cat. Ssh/id_rsa.pub


If you want to use a different type of encryption, we can specify the type of encryption used by the Ssh-keygen-t argument. As follows:

Ssh-keygen-t DSA


Cat. Ssh/id_dsa.pub


For more information on how to use the Ssh-kengen command, we can get it by looking at the help command for Ssh-kengen. As follows:

Ssh-keygen--help


Note: This key was generated on the 192.168.1.8 machine, as follows:

Hostname

Ifconfig


2.1.2 Create keys by Xshell

There are more connection tools for SSH clients under Windows, but the most I use is the Xshell tool.

Here we will create the SSH key with the Xshell tool.

Open Xshell and click the "Tools"--"New User key Generation Wizard", as follows:


For the following interface, we can select the type of key and the length of the key, as follows:


Generate key pairs, as follows:


Enter the key name and the encryption password for the key, as follows:


Note: This key encryption password is the SSH private key encryption password, we can be null.

For the following test area to be divided through Ssh-kengen generated key Id_rsa, the name of this key is named id_rsa_1024.

The public key is generated as follows:


Once the public key is generated, we need to save the public key to a file. As follows:


Once the public key is saved, Xshell jumps to the private key's interface. As follows:


From the figure above, we can see that the name of the current private key is the id_rsa_1024 we named earlier, and the key is 1024 bytes in length.

Now we're going to export the private key, as follows:


So we get a pair of ssh keys, as follows:


2.2 Uploading SSH Public key

In 2.1 chapters, we've created the public and private key to SSH, and now we're going to upload the public key to the server that needs to be accessed, the SSH server.

To upload the public key to the SSH server, we have a few things to do:

1), determine the user to login to the SSH server

2), modify SSH server SSH configuration file sshd_config

3), create Authorized_keys file

4), upload the public key and redirect the content to the Authorized_keys file

Note: This section is operated on the 192.168.1.7 machine, as follows:

Hostname

Ifconfig


2.2.1 Determine who will log on to the SSH server

Because we are going to password-free login to the SSH server, so we have to determine which user to use to login to the SSH server.

Note: The user must be present on the SSH server and can log on to the SSH server.

Here we are using the Ilanni user to login to the SSH server. As follows:

WhoAmI

CAT/ETC/PASSWD |grep Ilanni


2.2.2 Modify SSH Configuration

The public key that the SSH store user logged in is configured through the Sshd_config file, but this option is not enabled by default. We need to enable by modifying the Sshd_config file as follows:

sudo vi/etc/ssh/sshd_config


We just need to remove the #authorizedkeysfile%h/.ssh/authorized_keys before the line. As follows:


Authorizedkeysfile holds the RSA/DSA public key that the user can use to log on. In this directive,%h represents the user's home directory, and the last public key is stored in the. ssh/authorized_keys file in the home directory.

Note: This step is not necessary because the SSH configuration file does not need to be modified when configured with the Ssh-copy-id command.

2.2.3 Create Authorized_keys file

In the previous section, we learned that the user's public key was stored in the Authorized_keys file, and now we create the file.

First create the. SSH directory and modify its user properties as follows:

mkdir. SSH

chmod. SSH


After the SSH directory is created, we will now create the Authorized_keys file. As follows:

Touch Authorized_keys


2.2.4 redirect Public key content to Authorized_keys file

In 2.1 chapters, we introduce the method of generating SSH key. One is generated by Ssh-kengen command, and the other is generated by Xshell.

We now upload both public keys to the 192.168.1.7 machine and redirect them to the Authorized_keys file. As follows:


Copy the 192.168.1.8 public key to the 192.168.1.7 machine, as follows:

SCP. Ssh/id_rsa.pub Ilanni@192.168.1.7:/home/ilanni


Upload the Xshell generated public key to the 192.168.1.7, as follows:


Now redirect all two public keys to the Authorized_keys file, as follows:

Cat Id_rsa.pub >.ssh/authorized_keys

Cat Id_rsa_1024.pub>>.ssh/authorized_keys

Cat. Ssh/authorized_keys


2.3 Connecting an SSH server

After the public key is uploaded, we will connect the SSH server, that is, connect the 192.168.1.7 machine.

Connection 192.168.1.7, we can also be divided into Linux and Windows, the following on its connection method one by one explained.

2.3.1 to connect SSH server on Linux

We first connect 192.168.1.7 On the Linux machine 192.168.1.8, as follows:

SSH ilanni@192.168.1.7

Ifconfig eth0|grep "inet addr" |awk ' {print $} ' |cut-d:-f2


With the above diagram, we can see clearly that when we connect 192.168.1.7 on the 192.168.1.8, the system does not prompt us to enter the password.

This is also achieved, we password-free login SSH server function.

2.3.2 Connect to SSH server on Windows

We now switch to the Windows system to connect 192.168.1.7. SSH Client tool, we are using the Xshell, or on the Windows machine that generated the key. As follows:

SSH ilanni@192.168.1.7


Note: The user authentication method, where we need to select the public key, which is the key authentication mode, and the user key is the private key id_rsa_1024 when we generated the key earlier.


With the figure above, we can clearly see that the Windows Client connection 192.168.1.7, the system does not require us to enter the password, which also achieved SSH without password landing.

2.4 Using Ssh-copy-id to upload SSH public key

Read section 2.2 About uploading SSH public key, you are not feeling very troublesome. In fact, SSH also provides us with another command Ssh-copy-id,ssh-copy-id command to execute the above steps at once.

Note: The Ssh-copy-id command exists only on the Linux system and is not currently found in the Windows System's SSH client tool.

The Ssh-copy-id command uses the following methods:

Ifconfig eth0|grep "inet addr" |awk ' {print $} ' |cut-d:-f2

Ssh-copy-id-i. Ssh/id_rsa.pub ilanni@192.168.1.9


Cat. Ssh/id_rsa.pub


Log in 192.168.1.9 and view the public key. As follows:

Ifconfig eth0|grep "inet addr" |awk ' {print $} ' |cut-d:-f2

ll--full-time. ssh/


Cat. Ssh/authorized_keys


Through the above two screenshots, we clearly see that the Ssh-copy-id command allows you to create an. SSH directory directly in the home directory of the corresponding user in the SSH server and create a Authorized_keys file under that directory. It also copies the contents of the public key id_rsa.pub file into the Authorized_keys file.

See if the SSH configuration file is modified. As follows:

Cat/etc/ssh/sshd_config |grep Authorized_keys


With the above diagram, we can see clearly that Ssh-copy-id did not modify the SSH configuration.

Now we're going to connect the 192.168.1.9 test, as follows:

Ifconfig eth0|grep "inet addr" |awk ' {print $} ' |cut-d:-f2

SSH ilanni@192.168.1.9


With the above diagram, we can clearly see that even without modifying the SSH configuration file, as long as there are authorized_keys files, SSH can also achieve the password-free landing.

For more information about how to use Ssh-copy-id, you can view its help commands. As follows:

Ssh-copy-id-h


This is the full content of SSH login without password.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.