Linux No password login sftp

Directory (?) [-]

1. Overview
2. SFTP Password-Free login operation method
1. 1 log on to the server host in the current user root directory execution with RSA algorithm as an example
2. 2 Upload the Homesshid_rsapub file on the server to the HOMESSH directory of the client machine
3. 3 Adding client host information to the Homesshknown_hosts file
4. Description
5. Real Exercise
3. SSH Special Slow fault

Overview

The main attraction of public key authentication is the commitment to establish a connection with a remote system without having to provide a password.

Public key authentication is based on a pair of keys, public key and private Key,public key encrypt the data and can only be used for encryption, private key can only be decrypted by the matching public key encrypted data.

We put the public key in the appropriate location of the remote system and then start the SSH connection locally.

At this point, the remote sshd generates a random number and is encrypted with the public key we generate, which is decrypted locally with private key and sent back to the remote system.

Finally, the sshd of the remote system concludes that we have a matching private key that allows us to log in.

SFTP Password-Free login operation Method 1) Log on to the server host, in the current user root directory Execution (RSA algorithm for example)

As the following command:

ssh-keygen –t rsa

• 1

• 1

The contents of the screen can be directly used to enter the default entry, at this time in the $HOME/.SSH directory generates the I D_RSA private key and id_rsa.pub public key two files.

2) The service side of the $home/.ssh/id_rsa.pubFiles uploaded to the client computer. $home/.sshDirectory under

Upload to client via SCP command

scp  $home/.ssh/id_rsa.pub username@client_ip:$home/.ssh

• 1

• 1

Execute the command in the client machine $home/.ssh directory:

cat id_rsa.pub >> authorized_keys

• 1

• 1

3) Add client host information to the $home/.ssh/known_hosts file

For example:
Server-side IP is 10.45.7.154
The client is: 10.45.7.61

Execute SFTP on the server [email protected] command prompt as follows:

[email protected]:~/.ssh> SFTP [ Email protected]10.45.710.45.7.61 ... The authenticity of host  ' 10.45.7.61 (10.45.7.61) ' Can ' t be Established. RSA Key fingerprint is ea:53:c8:cf:24:31:18:d8:47:68:8d:18:65:a4:e8:20.are your sure you want to continue connecting (yes/n o)? Yeswarning:permanently added ' 10.45.7 .61 (RSA) to the list of known hosts.     

• 1
• 2
• 3
• 4
• 5
• 6

• 1
• 2
• 3
• 4
• 5
• 6

In this way, a known_hosts file will appear in the $home/.ssh/directory on the server side, and the client host information will be added to this file.

According to the above method to achieve the server-side host and the client host between the public private key pairing, from the server host to the client host can be the same user name of the SFTP automatic security login operation.

Attention:
If I log in with the root user on the server and execute the

 sftp oracle@10.45.7.61  或者 ssh  oracle@10.45.7.61

• 1
• 2
• 3

• 1
• 2
• 3

This time to execute SSH on a [email protected] can be automatically logged in,
But if only ssh 10.45.7.61, this time Linux will automatically get the current logged on user, and given to this command, this will become the current user @10.45.7.61, but because of our password-free login under the root user, this time to become an Oracle user, Although it is also ssh [email protected], but the user has changed, so the same can not be automatically logged in. As shown

Exit SSH input Logout can, if exit SFTP, enter the Exit command.

Description

When configuring automatic SSH transfer, be aware that

• The owner and group of the. SSH directory use the current user and user group,
• Please keep the permissions of the. SSH directory 700,
• The Authorized_keys has a permission of 644,
• The ID_RSA has a permission of 600,
• The id_rsa.pub has a permission of 644,
• Also check that the user $home directory permission must be 755.

Confirm Permissions.
R 4 W 2 x 1
chmod 644 dir is assigned permissions through chmod.

Real Exercise

The following operations are the same host, which is typically used between two host computers.

[[Email protected] ~]# CD $HOME [[email protected] ~]# ssh-keygen-t rsagenerating public/private RSA key pair. EnterFilein whichTo saveThe key (/ROOT/.SSH/ID_RSA): Enter Passphrase (emptyFor no passphrase): Enter same passphrase Again:your identification have been savedIn/root/.ssh/id_rsa. Your public key has been savedIn/root/.ssh/id_rsa.pub.the Key Fingerprintis:79:E6:C1:13:7d:05:39:8a:c8:e8:84:9f:8E:C6:0e:0f [email protected]the key ' s randomart imageis:+--[RSA 2048]----+|. o.| | . O. | | . o ..... | . O oo ... | | + . S * | | + + O | | E. O. || ++ . || OO |+-----------------+[[email protected] ~]# CD. Ssh/[[email protected]. SSH]# Lltotal24-rw-------1 root root 1671 Nov 3 14:05 id_rsa-rw-r--r--1 root root 393 Nov 3 14:05 id_rsa.pub[[email protected]. SSH# cat Id_rsa.pub >>authorized_keys[[email protected]. SSH]# Lltotal28-rw-r--r--1 root root 393 Nov 3 14:08 AUTHORIZED_KEYS-RW-------1 root root 1671 Nov 3 14:05 id_rsa-rw-r--r--1 root root 393 Nov 3 14:05 id_rsa.pub[[email protected]. SSH# sftp [Email protected]connectingTo10.45.7.198...The Authenticityof host '10.45.7.198 (10.45.7.198) ' can ' t be established. RSA Key FingerprintIs5f:b5:f8:02:5a:b0:ad:6b:10:ce:6A:CC:53:35|68:c7. Is you sure wantToContinue connecting (yes/no)? Yeswarning:permanently added '10.45.7.198 ' (RSA)ToTheListof known Hosts.sftp>Exit View directory appears known_hosts[[email protected]. SSH]# Lltotal32-rw-r--r--1 root root 393 Nov 3 14:08 AUTHORIZED_KEYS-RW-------1 root root 1671 Nov 3 14:05 id_rsa-rw-r--r--1 root root 393 Nov 3 14:05 id_rsa.pub-rw-r--r--1 root root 393 Nov 3 14:09 known_hosts[[email protected]. SSH# Cat Known_hosts10.45.7.198 Ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqea1wcbn8xdrgx2ersub6u8cdty2a0ug5yt9fvqtcjm+dcqvj/ dzvyvc5odbc03idp54ugsotofluo1rabjjrtezgmwjykczzexryo3sq4wagip1d27byls9gw23vzup0qwpmpkujs8asx7s1m9knoqo+ wieyqqt0gkw3tkm4qjspasfqsl0xustoczs9kbntgocpyob7kthse8q87oqrlfjr2epn3bdtl6rkx8idm2pelq2g+ oaqccmwluf11tywbahn0bky7rnpseqwlypk0qgdnvtwmgy1j2drlzolsyulfmu5+ngpvgx9mkmlfqlpvdfqyb/n5nshgxg+vapa+6cq==[[email protected]. Ssh]# ssh [email  Protected]last login:thu Nov 3 14:06 : 17 2016 from 10.45.22.168[[email  Protected] ~]# sftp [email protected]connecting to 10.45.7.198...sftp>   

1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• Ten
• one
• 2
• (
• )
• +
• +
• /
• 0
• +
• all
• +
• +
• +
• -
• 29
• +
• +
• all
• +
• +
• PNS
• up
i>39
• 48
• all
• /
• /
• /
• /li>
• ,
• ,
• ,
• up-
• -
• +
• -
• +
• *
• +
• ,
• ,
• +
• $
• "
• "
• [+]

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11
• 12
• 13
• 14
• 15
• 16
• 17
• 18
• 19
• 20
• 21st
• 22
• 23
• 24
• 25
• 26
• 27
• 28
• 29
• 30
• 31
• 32
• 33
• 34
• 35
• 36
• 37
• 38
• 39
• 40
• 41
• 42
• 43
• 44
• 45
• 46
• 47
• 48
• 49
• 50
• 51
• 52
• 53
• 54
• 55
• 56
• 57
• 58
• 59
• 60
• 61
• 62
• 63
• 64
• 65
• 66
• 67
• 68
• 69

SSH Special Slow fault

Background:

Our application in the QDG upload file is very slow, the file directory is very small, but passed 5 hours to pass, found the command to perform sftp/ssh This machine, is also a very card. The problem is likely to be present here.

Process:

Use ssh-v target IP to see the detailed connection setup process

Solve:

Use the root user to adjust/etc/ssh/ssh_config modify Gssapiauthentication Yes to No

Use the following command to see the SSH connection time

time ssh xgj@172.25.146.14 exit

• 1

• 1

After modifying the configuration, restart the QDG, the second pass, the problem is resolved.

Common solutions:

1. Change the configuration in the/etc/ssh/sshd_config file on the SSH server to the following:

no# GSSAPI optionsGSSAPIAuthentication no

• 1
• 2
• 3

• 1
• 2
• 3

Then, perform/etc/init.d/sshd restart restart the sshd process so that the above configuration takes effect, the connection is generally not slow.

2, if it is still slow, check the SSH server/etc/hosts file, 127.0.0.1 the corresponding hostname and uname-n results, or the native IP and hostname (uname-n result) into the/etc/hosts.

[xgj@entel2 ~]$ uname -nentel2[xgj@entel2 ~]$ cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain610.45.7.198 entel2[xgj@entel2 ~]$ 

• 1
• 2
• 3
• 4
• 5
• 6
• 7

• 1
• 2
• 3
• 4
• 5
• 6
• 7

1. Use the Debug function of Ssh-v to find the cause of slowness
   In fact, you can use the following command to debug why the slow details (learning this idea is very important).

Linux No password login sftp