Ssh password-less logon requires the public key and private key. In linux, ssh-keygen can be used to generate public/private key pairs. The following uses CentOS as an example.
There are machines A (192.168.1.155) and B (192.168.1.181 ). Now I want A to log on to B via ssh without A password.
1. Generate A public/private key pair on host.
[Chenlb @ ~] $ Ssh-keygen -T Rsa -P ''
-P indicates the password.-P ''indicates that the password is empty, or you do not need the-P parameter. In this case, you have to press enter three times and press enter once with-P.
It generates the. ssh directory under/home/chenlb, and id_rsa and id_rsa.pub under. ssh.
2. Copy id_rsa.pub under machine A to machine B. In the. ssh/authorized_keys file of machine B, I use scp to copy.
[Chenlb @ ~] $ Scp . Ssh/id_rsa.pub Chenlb@192.168.1.181:/home/chenlb/id_rsa.pub
Chenlb@192.168.1.181's Password:
Id_rsa.pub 100% 223 0.2KB/s 00: 00
Because no password-free logon is available, you need to enter the password.
3. Machine B adds id_rsa.pub copied from machine A to the. ssh/authorzied_keys file.
[Chenlb @ B ~] $ Cat Id_rsa.pub > . Ssh/authorized_keys
[Chenlb @ B ~] $ Chmod 600 . Ssh/authorized_keys
The authorized_keys permission is 600.
4. Machine A logs on to machine B.
[Chenlb @ ~] $ Ssh 192.168.1.181
The Authenticity Of Host '192. 168.1.181 (192.168.1.181 )' Can't Be Established.
RSA Key Fingerprint Is 00: a6: a8: 87: eb: c7: 40: 10: 39: cc: a0: eb: 50: d9: 6a: 5b.
Are You Sure You Want To Continue Connecting (Yes/no )? Yes
Warning: Permanently Added '192. 168.1.181' (RSA) To The List Of Known Hosts.
Last Login: Thu Jul 3 09:53:18 2008 From Chenlb
[Chenlb @ B ~] $
When logging on for the first time, you must enter yes.
Now machine A can log on to machine B without A password.
Summary: The logon host has a private key, and the logged-on host must have a public key. This public/private key pair is generally generated on the host machine of the private key. The above is a public/private key pair using the rsa algorithm. Of course, you can also use dsa (the corresponding file is id_dsa, id_dsa.pub)
If you want A and B to log on to each other without A password, configure the same method as above.
Refer to: SSH-KeyGen usageHttp://blog.163.com/chen98_2006@126/blog/static/158584272007101862513886/
Configure ssh mutual trust in linux
The basic idea of Public Key Authentication:
Different keys are used for information encryption and decryption. These keys are called private keys and public keys respectively. The public keys are stored on the server to be logged on, the private key is held by a specific client. When the client sends a secure connection request to the server, it first sends its own public key. If this public key is allowed by the server, the server sends a random data encrypted with the public key to the client. The data can only be decrypted using the private key, and the client sends the decrypted information to the server, after the server is correctly verified, it confirms that the client is trustworthy and establishes a secure information channel. In this way, the client does not need to send its own identity sign "private key" to the external end to achieve the purpose of verification, and the private key cannot be inferred from the public key in reverse direction. This avoids password leakage caused by network eavesdropping. The client needs to carefully save its own private key to avoid being stolen by others. Once this happens, each server needs to replace the trusted public key List.
To configure ssh mutual trust, follow these steps:
1. First, generate their respective Authenticated key files on the machine for mutual trust configuration;
2. summarize all key files into a total authentication file;
3. Distribute the authentication file containing all mutual trust machine authentication keys to each machine;
4. Verify mutual trust.
Create ssh mutual trust with the same user test on the host name node1, node2, and node3.
1. Create an RSA key and public key on each node
Log On with the test user
Mkdir ~ /. Ssh
Chmod 700 ~ /. Ssh
Cd ~ /. Ssh
Ssh-keygen-t rsa
2. Integrate Public Key Files
Run the following command on node1.
Ssh node1 cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys
Ssh node2 cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys
Ssh node3 cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys
Chmod 600 ~ /. Ssh/authorized_keys
3. Distributed Integrated Public Key Files
Run the following command on node1.
Scp ~ /. Ssh/authorized_keysNode2 :~ /. Ssh/
Scp ~ /. Ssh/authorized_keysNode3 :~ /. Ssh/
4. Test ssh mutual trust
Run the following command on each node. If you do not need to enter the password, the current date of the system is displayed, indicating that SSH mutual trust has been configured successfully.
Ssh node1 date
Ssh node2 date
Ssh node3 dat