Linux configuration SSH Public key authentication, through the root user's password-free input SCP Channel

Source: Internet
Author: User

1.ssh-keygen

Ssh-keygen is a tool used by the unix-like system to generate and manage SSH public and private keys.


2. Usage

The most important options that are commonly used are:

-B num Specifies how many bit-length keys are generated, in the units of B., the default is 1024b

-t specifies the type of key to be generated, that is, which encryption algorithm to use, optional RSA1 | RSA | Dsa

3.

[[Email protected] ~]#ssh-keygen-t RSAGenerating public/private RSA key pair. Enter fileinchWhich to save the key (/root/.ssh/id_rsa): <--Direct Input Enter enter passphrase (empty forno passphrase): <--Direct Input Enter enter same passphrase again: <--Direct Input Enter your identification has been savedinch/root/.ssh/Id_rsa. Your public key has been savedinch/root/.ssh/id_rsa.pub.The Key Fingerprint is:23:12:af:af:37:ea:e5:2d:49:63:97:27:d4:bf:2d:75[email protected]the key's Randomart image is:+--[RSA 2048]----+|                 ||    ||    .       .     || O.      .    || .     O.s.     || O+.+ ....    e| | . o.+ O +.     ||    +=.  O.   ||    . ++oo.   . |+-----------------+[[Email protected]~]#ll/root/.ssh/Id_rsa id_rsa.pub known_hosts
 When the program prompts to enter passphrase, enter the carriage directly, indicating no certificate password. The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory. 


Reprinted from: Http://www.361way.com/ssh-public-key/3662.html

on two Linux hosts because of the needs of the environment, often to configure the two host password-free login, This is the use of key authentication, also known as the public key authentication. The
is easy to understand, I specify two hosts as a and B here. If a host wants to password-free to log on to Host B, the host computer holds the private key and the host computer holds the public key. The
two files generated by the Ssh-keygen command are: Public key file ~/.ssh/id_rsa.pub; private key file ~/.ssh/id_rsa.
When the public key is stored on Host B, the contents of the id_rsa.pub need to be stored in the ~/.ssh/authorized_keys file, and the permissions are guaranteed to be

    # Import the key to the remote B host and modify the permissions
# operate on a host ' Cat->> ~/.ssh/authorized_keys ' # Operation on host b $ chmod ~/.ssh/authorized_keys

However, there is a simpler way, do not need to modify the permissions on the Host B, and directly import the public key content on the remote host, using the Ssh-copy-id command, as follows:

$ ssh-copy-id  -i/root/.ssh/id_rsa [email protected],xxx,xxx,xxx

After configuring key, you need to turn on key authentication in the Sshd_config file.

    $ vim/etc/ssh/sshd_config    pubkeyauthentication Yes  //Change the item to Yes    

After the modification is complete, reload the configuration via/etc/init.d/sshd Restart to restart the SSH service. If you want to disable password authentication, change the following:

    $ vim/etc/ssh/sshd_config    usepam Yes    userpam no

Reprinted from: http://blog.csdn.net/aabbcc456aa/article/details/18981279

How do I make a public key acknowledgement when I connect to a new host?

When you first connect to the server, the public key confirmation prompt pops up. This causes some automation tasks to be interrupted because of the initial connection to the server. Or the automated task is interrupted because the contents of the ~/.ssh/known_hosts file are emptied. The stricthostkeychecking configuration directive of the SSH client enables the new public key to be accepted automatically when the server is first connected. You only need to modify the/etc/ssh/ssh_config file, which contains the following statements:

Host * stricthostkeychecking no

Or use the-o parameter in the SSH command line

$ ssh-  o stricthostkeychecking=no  192.168.0.110

Linux configuration SSH Public key authentication, through the root user's password-free input SCP Channel

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.