Always want to transfer their server SSH authentication mode from user name password mode to RSA and DSA authentication protocol, through the release of OpenSSH 4.2, today wrote a configuration process and collected some reference articles on RSA and DSA.
Has not understood the authentication process in the public key mode, here summarizes the method of making and placing the public key and the secret key. The following assumptions are given as an example of server servers and a single PC.
First, the public keys and keys are not generated on the server. Because many articles about RSA and DSA authentication protocols use Linux servers as props, and naturally use commands such as ssh-keygen-t RSA, which makes me always mistakenly think that I have to first make a public key and a secret key on a Linux server. The real placement method is:
When connecting to the server from a PC, you need to save a pair of keys and keys on your PC (this pair of keys and keys can be generated using tools such as penguinet), and simply upload the generated public key to the server. And often on the server, the public key is placed in the ~/.ssh/authorized_keys file. The settings for this file can be found in /etc/ssh/sshd_config .
Then when connecting from one Linux client server to another Linux Server, we should generate a couple of keys on the Linux client server (RSA defaults to Id_rsa and id_rsa.pub), saved in ~/.ssh /, this setting can be set in /etc/sshd/ssh_config :
# Identityfile ~/.ssh/identity
# Identityfile ~/.ssh/id_rsa
# Identityfile ~/.SSH/ID_DSA
This allows us to better understand the differences between the Ssh_config (client) and the Sshd_config (server side).
Using Ssky-keygen and Ssh-copy-id in the example below, you can log in to a remote Linux host with a simple setup of 3 steps without entering a password.
1. Execute ssh-keygen–t RSA command in client machine to generate SSH public key and SSH private key
2. Execute ssh-copy-id-i. ssh/id_rsa_pub [email protected] on the client machine to copy the local host's public key to the Authorized_keys file on the remote host, Ssh-copy-id The User home directory (home) and ~/.ssh, and ~/.ssh/authorized_keys for the remote host are also set to the appropriate permissions.
3. Client machine test via ssh-v [email protected] No password login server,-V can debug the entire process, can be adjusted wrong.
The problem that appears in 1:
Ssh-copy-id:/usr/bin/ssh-copy-id:error:no identities found
$ Ssh-copy-id Remote-machine
Public key, the private key has been generated and the following error occurred executing the above command:
/usr/bin/ssh-copy-id:error:no identities found
G's discovery lacks a public key path, which can be added by-I:
$ ssh-copy-id-i ~/.ssh/id_dsa.pub [email protected]_IP
The problem that appears in 2:
Ssh-keygen produces Id_rsa, id_rsa.pub, has been placed in the correct position (. ssh), but the following information appears:
Agent admitted failure to sign using the key
On your own client, running Ssh-add, the following message appears:
Identity added:/home/user/.ssh/id_rsa (/HOME/USER/.SSH/ID_RSA)
It's normal to be in the joint again.
SSH password-free login access via Ssh-keygen and Ssh-copy-id commands under Linux