Principle:
Key authentication needs to rely on the key, first create a pair of keys (including public keys and keys, and the public key encrypted data can only be decrypted with the key), and put the public key to the need for a remote server. This way, when you log on to a remote server, the client software sends a request to the server requesting authentication with your secret key. After the server receives the request, first in the host directory of the server you look for your public key, and then check whether the public key is legitimate, if the legal use of the public key to encrypt a random number (so-called challenge) and sent to the client software. After the client software receives "challenge", it decrypts the private key and sends it to the server. Because the data encrypted with the public key can only be decrypted with the key, the server can know the legality of the client connection through comparison.
Client: 172.16.142.4
Remote host: 172.16.142.5
Execute the following command on the client as root:
[Root@localhost. ssh]#/usr/bin/ssh-keygen-t RSA
The
Generating public/private RSA key pair.
enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): < br> Enter same passphrase again:
Your identification has been saved.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
30:F6:D7:2A:AC:56:EB:3F:FA:40:25:8D:90:96:68:CB root@localhost.localdomain
----- -------------------------------------------
Description:
The command will generate a pair of keys under the user's home directory/.ssh directory
commonly used RSA key for SSH:
id_rsa private key
Id_rsa.pub public key
The following command produces different types of keys
Ssh-keygen-t dsa
Ssh-keygen-t rsa& nbsp
ssh-keygen-t rsa1
-------------------------------------------------------
[root@localhost. ssh]# scp/root/.ssh/id_rsa.pubroot@172.16.142.5:/root/.ssh/authorized_keys
The authenticity of host ' 172.16.142.5 (172.16.142.5) ' can ' t be established. The
RSA key fingerprint is 4b:a5:74:fb:2e:08:60:af:fa:76:d4:b0:26:4c:13:75.
Are you sure your want to continue connecting (yes/no)? Yes
Warning:permanently added ' 172.16.142.5 ' (RSA) to the List of known hosts.
root@172.16.142.5 ' s password:
id_rsa.pub 100% 236 0.2kb/s 00:00
---------------------------------------------------- ---------
Description:
Copies the public key to the remote host and writes to the authorization list file
You can also copy the public key file to the past and execute it directly under the remote host
Touch/root/.ssh/authorized_keys
Cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys
------------------------------------------------ -------------
Operation completed, landing check.
[Root@localhost. ssh]# ssh 172.16.142.5
root@172.16.142.5 ' s Password:
Please note that if you are prompted to enter your password at this point, it is important that you check the permissions for the following folders and files, otherwise the SSH public key authentication system will not function properly:
172.16.142.4 (client)
The permissions for the/home/root folder are 600
The permissions for the/home/root/.ssh folder are 600 (as if this permission relationship is not very large)
Permissions for/HOME/ROOT/.SSH/ID_DSA private key 600
172.16.142.5 (remote host)
The permissions for the/home/root folder are 644
The permissions for the/home/root/.ssh folder are 644 (as if this permission relationship is not very large)
/root/.ssh/authorized_keys the public Key's permissions 644
--------------------------------------------------------------
[Root@localhost ~]# ssh 172.16.142.5
Last Login:sat Dec 21:10:17 2007 from 172.16.142.4
[Root@localhost ~]#
No password SSH login succeeded.