This article describes how to simplify the steps for logging on to a Linux host from a Mac to improve efficiency. The so-called "login-free" does not actually exist. It just means that the password authentication method is changed to the public/private key pair login authentication method. When the latter method is used, the authentication information is automatically sent by the ssh client each time, so the password is not manually entered. It looks like "login-free.
For the principle of doing so, you can go to Google by yourself. The key words are "asymmetric encryption", "RSA algorithm", and "Automatic Logon Based on ssh key pairs, I will not explain it much. Let me talk about the procedure directly:
- Generate key pair
- Log on to the remote host with a password and copy the public key.
How can this problem be solved?
Generate key pair
Run ssh-keygen-t rsa
The execution result is as follows:
Charles @ mac :~ > Ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/charles/. ssh/id_rsa ):
Created directory '/Users/charles/. ssh '.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/Users/charles/. ssh/id_rsa.
Your public key has been saved in/Users/charles/. ssh/id_rsa.pub.
The key fingerprint is:
C8: 4b: 85: 87: 90: 7c: 1a: 67: b6: 71: f5: 51: 0c: 9d: a2: 89 charles@TCMBP.local
The key's randomart image is:
+-[RSA 2048] -- +
|... . O =... |
| +. * O .... + |
| Bo + o. o... |
|... + E o |
| + S |
+ ------ +
Note: Do not enter the password when prompted "enter passphrase", because you would like to play a password less once. If you set a password to protect the private key, you still need to enter the password when logging on, it is done in white.
After completing this step, cd ~ /. Ssh, you can see the key pair you just generated. id_rsa is the private key, and id_rsa.pub is the public key. The next step is to copy the public key to the target host.
Copy the public key to the target host
Log on to the target host using ssh, and then cd ~ /. Ssh directory. If the directory does not exist, create mkdir-p ~ /. Ssh. You can log on to the host using the account you want to use in the home directory of the account you want to use in the future. If you want to log on to the root account without logon, You need to perform operations under/root. Use ~ Better. You don't have to think about it.
Yes. enter the ssh directory, and then upload id_rsa.pub. You can run the scp command. The main operation you want to do here is to copy the file content of id_rsa.pub, write it to a file named authorized_keys. If the corresponding user name of the target host already exists. the ssh directory and the authorized_keys file should be careful when you perform operations. Maybe someone else has done login-free settings. Be careful not to overwrite others' settings. If not, create the file touch ~ /. Ssh/authorized_keys, and then run cat id_rsa.pub> authorized_keys to write your public key to authorized_keys. pub contains only one line of information. The command above is equivalent to appending that line of information to the last line of the authorized_keys file.
If the. ssh directory is just created on your host, you may need to change the permission of this directory to lower the permission, chmod-R 0600 ~ /. Ssh. After all the settings are complete, you can log out and try it on your host. Now, after you press the ssh command, you can log on to the host without a password.