Vagrant-based tool to Win7 Linux in a password-free environment

First, SSH encryption method

SSH adopts "asymmetric Key system", which is known as Public key encryption system, and its security authentication is divided into two levels.

1. Password-based security verification

This method uses the username password to log on online, which is generally the way we use it. The whole process is roughly as follows:

(1) The client initiates the connection request.

(2) The remote host receives the user's login request and sends its own public key to the client.

(3) The client receives the public key of the remote host, encrypts the login password with the public key of the remote host, and sends the encrypted login password together with its own public key to the remote host.

(4) The remote host receives the client's public key and encrypted login password, with its own private key to decrypt the login password received, if the password is correct to allow login, so that the two sides have each other's public key, start two-way encryption and decryption.

PS: When another spoofed server in the network Impersonate a remote host, the client's connection request is intercepted by Server B, and Server B sends its own public key to the client, the client encrypts the password and sends it to the spoofed server, and the spoofed server can take its private key to get the password and do whatever it wants. Therefore, when you first link to the remote host, in step (3) of the above step, you will be prompted the current remote host "public key fingerprint" to confirm whether the remote host is a genuine remote host, if you choose to continue to enter a password to log in, when the remote host accepts, the server's public key will be saved to ~/. The ssh/known_hosts file.

2. Secret key-based security verification

In this way you need to create a pair of keys for yourself in the current user's home directory and place the public key on the server that needs to be logged in. When you want to connect to the server, the client requests the server to use the key for secure authentication. After the server receives the request, it looks for your public key in the home directory of the user you requested to log on to, and then compares it with the public key that you sent over. If the two keys are the same, the server encrypts the "challenge" with the public key and sends it to the client. After the client receives a "challenge", it decrypts it with its own private key and sends it to the server. The second level does not require a password to be sent over the network compared to the first level.

PS: Simply put, the client's public key is placed on the server, then the client can password-free login to the server, then the client's public key should be placed on the server where? The default is the. SSH directory under the home directory of the user you want to log in to the Authorized_keys file (i.e.: ~/.ssh/authorized_keys)

Second, configure the password-free login 1, Background introduction

Target: a free login b

System: A is win7,b for centos7.0 (Vitualbox)

Tools: Vagrant,ssh (git comes with, you need to configure environment variables)

Background: I use vagrant on the Windows7 on the network box generated virtual machine, of course, using VirtualBox as the intermediate tool, but each use of vagrant to open the virtual machine need to use a password, very troublesome, so want to configure the secret login, But it doesn't work after the configuration is complete.

2. Use the second authentication method to configure 2.1 to generate keys and public keys on Windows

Use Ssh-keygen-t-rsa in any place

This command represents the use of the RSA algorithm to generate the public and private keys, of course, the algorithm also has a DSA algorithm can be used.

This step when prompted enter file in which to save the key (XXXX), you need to provide the path and file, otherwise it will generate unsuccessful, will prompt for a password, you can directly enter the Skip

It is also recommended that the files be generated under the. SSH folder under the user directory

After the build is complete, look under the file path you entered

2.2 Adding the private key to the SSH agent

Because the default is to read only Id_rsa, in order for SSH to recognize the new private key, it needs to be added to the SSH agent Ssh-add ~/.ssh/id_rsa

If there is an error could not open a connection to your authentication agent, try using the command:

Ssh-agent Bash

Ssh-add ~/.ssh/id_rsa

2.3 Copy public key to Linux

1) Log in to Linux, view the current user, my user is root, so directly into the root directory, of course, you can also directly use CD ~ To enter the current user directory, if the client multi-user, it is recommended to view the currently logged on users.

2) Determine if there is SSH under Linux, and if not, execute yum/apt-get install SSH

2) Create the. SSH directory in the user directory

3) Copy the public key generated by Win7 to the. ssh that you just created under Linux and rename it to Authorized_keys

4) modify. SSH permissions

chmod 700-r. SSH modifies directory permissions, which is important and must be modified, otherwise the configuration will not succeed.

Iii. problem solving 1, vagrant login User Configuration

This thought is done, can be free of secret login, but no, I started vagrant, there was SSH auth Method:password

It doesn't have to be a password ... Check the configuration, I used Linux when the use of root login, and configured, so the need for password

So comment out two of these lines and still be able to log in as root.

2. Use of private keys

When I restart the virtual machine, see Default:ssh auth method:private key, a meal chicken frozen, thought finally fix, but then embarrassed ...

Mom Egg, this situation, not just stuck dead ...

Careful look at the alarm, is the authorization failure, and our host-related permissions are only public and private keys. This long-time inability to log on through vagrant ssh may cause failures due to SSH authentication mechanisms. Vagrant defaults to login with key, but the keypair used may not be configured properly.

Use vagrant ssh-config to view

It seems that there is nothing wrong, because the private key is there, but a think, the private key I have not configured, this is when I set up the box when there is not in this machine generated the public key and the private key, so decisively put the private key generated in this machine, and renamed to Private_key, covering out f:/ Download/vagrant/box/centos7.0/.vagrant/machines/default/virtualbox/private_key

3. Verification

After the above steps are complete, use vagrant up to start the virtual machine and then use vagrant SSH to successfully log on to the virtual machine to indicate success

Note: If the environment is not using vagrant to log in to the virtual machine, just look at section one or two, and if other SSH tools need to see the configuration of the SSH service or private key.

Vagrant-based tool to Win7 Linux in a password-free environment