Implement ssh password-less login and ssh password login

Implement ssh password-less login and ssh password login

Here ssh refers to the OpenSSH SSH client, which is used to log on to a remote host and execute commands on the remote host. It aims to replace rlogin and rsh, and provide encrypted and secure communication connections between two untrusted hosts on an insecure network. The X11 connection and any TCP/IP Port can be forwarded through this secure channel.

In RedHat 6.1, OpenSSL installed by default is a common SSH server and client software. The default port is 22.

The SSH server is actually a daemon that runs in the background and corresponds to connection requests from clients. The server is generally an sshd process that provides remote connection processing, including public key authentication, key exchange, symmetric key encryption, and non-secure connections.

SSH client programs include ssh programs, scp (Remote copy), slogin (Remote logon), sftp (Secure File Transfer), and other applications.

In some cases, ssh login without a password, or password-free login, is required. For example, Hadoop pseudo-distributed deployment and full distributed deployment.

Configuration

There are two hosts: Host A: 192.168.1.132, host B: 192.168.1.20.. you need to configure host A to log on to host A and host B without A password.

Generate private key and Public Key

On host:

$ Cd ~ /. Ssh (create a folder without modification) $ ssh-keygen-t rsa

In the above ssh-keygen command, the parameter-t is the key generation method, there are three methods: Protocol Version 1 rsa1, Protocol Version 2 rsa and dsa. Rsa or dsa is usually selected, which is safe and easy to use.

At this time, some execution results and interactive operations will be printed. Press enter all the way.

Generating public/private rsa key pair.Enter file in which to save the key (/home/lxh/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/lxh/.ssh/id_rsa.Your public key has been saved in /home/lxh/.ssh/id_rsa.pub.The key fingerprint is:2e:34:7c:3a:be:e4:3b:93:2f:1d:32:4f:2d:fe:13:a1 lxh@masterThe key's randomart image is:+--[ RSA 2048]----+|                 ||                 ||                 ||     .    .      ||      + So .     ||     .o=E o      ||      =O.o .     ||     +=o+ .      ||      =B....     |+-----------------+

Generate a public key for storing RSA/DSA

Copy the generated id_rsa.pub file directly.

$ cp id_rsa.pub authorized_keys$ chmod 600 authorized_keys

In this case, you can log on to the local machine without a password by running the following command:

$ ssh localhost

Enter "yes" for the first time, because you need to log on to the host for the first time and the user will not log on.

Copy Public Key

Then copy the public key file authorized_keys to the same location of host B.

$ scp authorized_keys 192.168.1.133:~/.ssh

The authorized_keys permission has been modified on host A. Generally, host B is also in the 600 format. If not, modify the authorized_keys File Permission on host B to 600.

$ chmod 600 authorized_keys

Generally, you can log on to host A and host B through host A without A password.

"Agent admitted failure to sign using the key ."

In ~ /. Run the command in the ssh directory.

$ ssh-add

The following information is displayed:

Identity added: /home/lxh/.ssh/id_rsa (/home/lxh/.ssh/id_rsa)

If the following information is displayed:

Could not open a connection to your authenticationh agent

Run:

ssh-agent bash

No error message, but you need to enter a password to log on.

You need to check the. ssh directory and authorized.The permission of the keys file. the permission of the. ssh directory is 700, authorizedThe permission of the keys file is 600. If host A is connected to host B, run the following command on host B:

$chmod 700 ~/.ssh$chmod 600 ~/.ssh/authorized_keys

Ssh proxy not enabled

Run the command to check whether the ssh proxy is enabled.

$ ps -ef|grep ssh-agent

If it is enabled, kill it and then start the ssh proxy.

$ ssh-agent

If the problem persists, restart the ssh service:

# Service sshd restart (root permission required)

I have four ubuntu machines that enable ssh and password-less login to each other. One machine A can log on to B, C, and D without A password, but B, C, and D cannot log on to A without A password.

Is this account a local account or an NIS account?
If it is a local account, check whether the permissions of the home directory of the account are the same. It seems that the permissions cannot be 777.
The problem should be found above A. Check whether selinux of A is disabled, and whether there is A problem with hosts configuration.

How to implement secure password-free ssh Login

Home ?? Blogs ?? Jianing Yang's blog Submitted by Jianing Yang on Fri, SSH password-free O & M background ssh implements encrypted remote login. however, as a system administrator, frequent Password Input often breaks down when many machines need to be operated. fortunately, you have read this article and it will show you how to implement secure and convenient password-free ssh login. to create an ssh public/private key, you must first discard the Password Logon method, because that method is too messy. next we will start to use a public/private key authentication method for ssh login. the simple explanation of the "Public/Private Key" authentication method is that you need to create a pair of public/private keys and then put the public keys on the server. Keep the private key yourself when logging on to the server through ssh, the ssh program will send a private key to match the public key on the server. if the match is successful, we can log on to the system. Now we have two machines: qian.jianingy.com (this is our server, actually it is mine), nby. jian Ingy.com (this is my notebook). First, use the ssh-keygen program to create a public/private key pair in the notebook to generate a public/private key jianingy @ nby :~ $ Ssh-keygen