A is a local host (that is, the machine used to control other hosts); b is the remote host (that is, the controlled machine server), if the IP is 172.24.253.2; A and B systems are linux on a command: # ssh-keygen-t RSA (three consecutive returns, that is, the public and private keys are generated locally, no password is set) # SSH [email protected] "mkdir. SSH; chmod 0700. SSH "(Requires password, note: You must set the. SSH permissions to #) # SCP ~/.ssh/id_rsa.pub [email protected]:.ssh/id_rsa.pub (password required) command on B: # Touch/root/.ssh/authorized_keys (if this file already exists, skip this) # chmod ~/.ssh/authorized_keys (# Note: Must be ~/. Ssh/authorized_keys permissions to 600, the file is used to save the SSH client generated public key, you can modify the server's SSH service-side configuration file/etc/ssh/sshd_config to specify a different file name) # cat/root/.ssh/ Id_rsa.pub >>/root/.ssh/authorized_keys (append id_rsa.pub content to Authorized_keys, be careful not to use >, otherwise it will empty the original content. Make the other person unable to log on with the original key) back to a machine: # SSH [email protected] (no password required, login successful) If you specify a different file name when generating the key pair (or you need to control n machines, You will generate a multi-pair key at this time, you need to specify the private key file with the parameter-I # SSH [email protected]-i/path/to/your_id_rsa www.2cto.com The same is true for SCP, such as: Scp-i/root/.ssh/id_rsa ./xxx 192.168.102.158:/home/wwy/bak because the SSH command uses ~/.ssh/id_ by default RSA is logged in as a private key file if you need to connect to multiple servers and you do not want to use SS every timeH command when specifying a private key file, you can add the following configuration in the SSH client Global profile/etc/ssh/ssh_config (or local profile ~/.ssh/config if the file does not exist) identityfile/path/to/ your_id_rsa. can also specify a Host configuration for each server: host 172.24.253.2 Identityfile/ path/to/your_id_rsa If the following error occurs when connecting: Agent admitted failure to sign using the key uses Ssh-add instructions to add private keys (based on personal Key name different change id_rsa) 1ssh-add ~/.ssh/id_rsa If you can protect your private key, this method is more secure than entering a password on the shell, it's a bit safer Www.2cto.com ######################################################################### Dive into a little: From the surface of a simple understanding of the process of login, first ssh-keygen-t RSA command generated a key and a public key, and the key can set its own password can be understood as a key, the public key is understood as the key corresponding to the lock, the lock (public key) Put it on the server you want to control, lock the server, only the person who owns the key (key) can open the lock, enter the server and control and for the person who owns the key, must know the key itself password, in order to use this key (unless the key is not set the password), This prevents the key from being matched (the private key is copied) Of course, this example is easy to understand, the person who has the root password will not be locked, and there is not necessarily a lock (public key), but if any one lock, the corresponding key (private key) is opened, The server can be controlled by that person. So, as long as you know the root password of the server, and put the root of the public key on the above, you can use the private key corresponding to the public key "open" server, and then log in as root, even if the root password is nowModified! ---------------------------------------------------------------------------------------Method II, installation Sshpass # sudo apt-get install sshpass after installation, use Sshpass allows you to specify a clear-text password with the-p parameter and then log in directly to the remote server. For example: # sshpass-p ' your password ' SSH username @ server IP address www.2cto.com Specify the password with '-P ', you also need to follow the standard SSH Connection command later. sshd configuration file/etc/ssh/ssd_config -------------------------------SSH without password Authentication to send commands to the remote host send a: SSH [ Email protected]_server_ip your_command ssh [email protected]_server_ip "YOUR_COMMAND1; Your_command2; Your_command3 " This is from the fat shark net
How to do ssh password-free login under Linux system (GO)
