Ssh Password-free login
sshd Service
sshd Introduction:
SSH keys provide a better and more secure mechanism for logging into Linux servers. When Ssh-keygen is run, a public-private key pair is generated. You can place the public key on any server, and it will be used to unlock it when the client holding the private key is connected to the server. When the two match, the system can unlock without a password.
Official Maintenance Document:https://www.ssh.com/ssh/
Reference Document:https://www.cnblogs.com/ioveNature/p/7919115.html
https://www.cnblogs.com/panblack/p/Secure_ssh_trust_connection.html
First, create a user on the server:
Create a regular user on the server and assign a user to each of them.
# Groupadd dd# useradd-g dd dd1[[email protected] ~]# passwd dd1changing password for user dd1. New Password:bad password:the password is shorter than 7 Charactersretype new Password:passwd:all authentication Tokens Updated successfully.
# This password is managed well by the Administrator and not given to anyone else. Later, the user is logged on with their public key + password. You do not need to know the password of the server user.
ii.generate a key- free connection server on Windows:
Xshell Configuring a password-free login:
Reference:
Https://www.cnblogs.com/ioveNature/p/7919115.html
Secret key generation
Generate Public key
Tools , New user key Generation Wizard ,
Next
Click Next to enter your password:
Click Next
Click Save as file to finish.
Generate private key
user Key Manager , tools
export with key type selected
Save, enter the secret key protection password set before, generate the private key
Thus, a pair of Public - private key That 's right.
Add public key permissions on the server
- upload the public key to the server's /root/.ssh directory
- Execute Commands cat id_rsa_2048.pub >> authorized_keys with chmod authorized_keys
- then execute the cat Authorized_keys to see that the public key content has been added to the file.
in the Login in Xshell
The name is not too restrictive. Feel free to fill in, fill in here is rsa-test.
then fill in the host's IP address, which is the IP address of the server to which you want to connect .
- Fill in user authentication Information
The password here is the password for the secret key set previously, and the user name is the user name of the server account.
in the multi-terminal Log on to the Xshell
If you connect to this server account on another computer, you will need to add the private key manually in addition to the configuration in the previous step. The specific methods are:
user Key Manager , tools
Select Import, and then select the private key after selecting open to connect normally.
Note
If you are a server administrator with more than one user account, you will need to add permissions for each user to bind the user name in addition to the previous public key information.
Reference
- Xshell Configuring ssh password-free login - key public key and private key (private Key) login
To Configure a securecry login on the password:
Ref:46062675
Third,generate a key pair of Linux on the secret-free connection server:
1, switch to the corresponding user
# su DD
2, use ssh-keygen generate key, note can add mail,
[[email protected] ~]$ ssh-keygen-t rsa-c "PHP key" generating public/private RSA key pair. Enter file in which to save the key (/HOME/DD/.SSH/ID_RSA): # requires input key save location enter passphrase (empty for No passphrase): # input Key password Enter same passphrase again: # Confirm key Password Your identification has been saved In/home/dd/.ssh/id_rsa. Your public key have been saved in/home/dd/.ssh/id_rsa.pub.the key fingerprint is:cc:67:bb:e7:44:e4:f0:f9:d3:c3:20:98:bd : 55:f1:35 php keythe key ' s randomart image is:+--[RSA 2048]----+| e.| | =|| . . ..|| O + =. || Sooo=o | | o O+.O. | | ... oo.| | O ... | | . O. |+-----------------+[[email protected] ~]$ ls/home/dd/.ssh/-A. .. Authorized_keys Id_rsa id_rsa.pub
3.use ssh-copy-id to send the local public key file to the target server 192.168.188.129 .
[Email protected] ~]$ ssh-copy-id-i ~/.ssh/id_rsa [email protected]/bin/ssh-copy-id:info:attempting to log in with the New key (s), to filter out all that is already installed/bin/ssh-copy-id:info:1 key (s) remain to is installed--if you Was prompted now it's to install the new Keys[email protected] ' s password: #要求输入对方主机dd1的密码Number of key (s) Added:1now t RY logging into the machine, with: "ssh" [email protected] ' "and check for make sure that's only the key (s) you wanted wer E added.
Note: This will expose the user dd1 password on 192.168.188.129.
Avoid exposing password methods:
A. Use rsync to transfer the public key file over
b, Copy the contents of the id_rsa and append it to the 192.168.188.129 Authorized_keys in.
4, set the . ssh/ Permissions
set on the Linux operations master:
# [email protected] ~]$ chmod ~/.ssh/# [[email protected] ~]$ chmod [[email ~/.ssh/*#]. protected ssh]$ 1 6-RW-------1 dd dd 381 16:04 AUTHORIZED_KEYS-RW-------1 dd DD 1766 17:29 ID_RSA-RW-------1 DD DD 389 17:29 ID_RSA.PUB-RW-------1 dd DD 354- 18:24 known_hosts
Set on the linux server:
# [email protected] ~]$ chmod 700/home/dd1/.ssh/# [[email protected] ~]$ chmod 600/home/dd1/.ssh/*# [[email protected] ~]# ll/home/dd1/.ssh/total 8-RW-------. 1 DD1 dd 389 20:52 AUTHORIZED_KEYS-RW-------. 1 dd1 DD 354 09:57 known_hosts
5, this time to connect, it can be normal.
[[email protected]. ssh]$ ssh [email protected]enter passphrase for key '/home/dd/.ssh/id_rsa ': # required to enter key password last login: Thu 20:11:42 2018[[email protected] ~]$# If you do not enter a key password when you generate a key in Ssh-keygen, you will not be required to enter a password when you connect to it using SSH. But it's not safe, because if someone takes your private key file, he doesn't have to log in, and the server is his. (If you don't have a password and want to add it, it's recommended to delete it and start again.) # If you enter a key password when Ssh-keygen generates a key, you will need to enter the password when you connect with SSH here. Recommended
Reference:https://www.cnblogs.com/panblack/p/Secure_ssh_trust_connection.html
Defects:
but this is very troublesome, although do not enter the server password, but need to enter the password, is not conducive to future automation operations, so we also need to configure the Ssh-agent.
6,ssh-agent agent.
To start the agent daemon:
[email protected]. ssh]$ eval ' ssh-agent ' agent PID 26506
To add the private key to the agent daemon:
[email protected]. ssh]$ ssh-addenter Passphrase For/home/dd/.ssh/id_rsa:identity added:/home/dd/.ssh/id_rsa (/home/ DD/.SSH/ID_RSA)
Try connecting to the target host:
[email protected]. ssh]$ ssh [email protected]last login:thu] 20:52:41 2018 from 192.168.188.128[[email protected] ~]$
It's OK!
at this time, we go to the server in the local connection 192.168.188.129 will not need passwords and password.
Four, close the password connection on the server.
Set on the 192.168.188.129 server:
[[email protected]. ssh]# vim/etc/ssh/sshd_configrsaauthentication yespubkeyauthentication Yes # Public key authentication is yes by default, But commented, off to change to noauthorizedkeysfile%h/.ssh/authorized_keys# for security, you can modify the SSH port 222# disable root account login, not necessary, but for security, Please configure Permitrootlogin no# have a certificate login, disable password login, password login to No, security passwordauthentication No
SSH password-free login to Linux server