Latest SSH automatic login scheme (RSA)
I. Preface
When you connect directly to the server using SSH, you need to enter the password manually. If you can not manually enter the password, and automatically log on to the SSH server, it is cool.
After a night of research, finally took care of. (because the old configuration has not been used correctly)
Before configuring, assume that the SSH client is the SSH-CLIENT,SSH server Ssh-server (one side of running the SSH service).
Two. Configuration method
1. Use Ssh-keygen to generate a pair of RSA keys on Ssh-client side
$SSH-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/home/abee/.ssh/id_rsa): < Enter >
Enter passphrase (empty for no passphrase): < Enter >
Enter same passphrase again: < Enter >
Continuous carriage return during execution, after successfully generating key. Private key is saved in ~/.ssh/id_rsa, while public key is saved in ~/.ssh/id_rsa.pub
2. On ssh-client side use Ssh-add to add the newly generated private key to the SSH agent (the old configuration method does not have this step yo)
$ssh-add ~/.ssh/id_rsa
Identity Added:id_rsa (ID_RSA)
3. Append the contents of the public key (id_rsa.pub) above to the ssh-server end of the. Ssh/authorized_keys
$cat ~/.ssh/id_rsa.pub | SSH [email protected] "cat->> Authorized_keys"
4. At this point, the configuration is complete. When you log in using SSH [email protected] again, the password is no longer used.
Three. Restart Ssh-client
After restarting Ssh-client, you need to re-use Ssh-add to add the above private key to Ssh-agent. Since Ssh-agent restarts, it does not retain the private key of the last record, so you need to re-use Ssh-add to add private key.
After testing, it is no problem to ssh-add the same private key multiple times, the overall feeling ssh-add or ssh-agent will filter the duplicate private key.
To achieve a single configuration, reuse it. Consider Ssh-add execution to ~/.profile, and each time you re-login to x or console, the system automatically adds the private key to ssh-agent from the Ssh-add command in ~/.profile.
$echo "Ssh-add ~/.ssh/id_rsa" >> ~/.profile
This method is passed in the ubuntu10.04 test.
Four. Single ssh-client with multiple ssh-server
After testing, in the case of more than one ssh-server, each ssh-server can share the above Publice key. Ssh-client only uses one pirvate key.
Five. Special attention
1. The above uses the RSA method SSH authentication, can view the man ssh specifically. From the above two environments can be seen, Ssh-keygen generated private key is the key file, it can be said that this is the SSH login password. Therefore, on the ssh-client side, the file's permissions are generally set to 600.
2. The Authorized_keys file that stores public key on the Ssh-server side is at least 400, that is, a minimum of user-readable. In addition, because the public key can calculate private key, and generally also write other public key, so its permissions are generally set to 700.
3. In general, for multiple ssh-server, the best solution is to use a unique pair of RSA keys for each ssh-server. This prevents a private key from leaking after only one ssh-server SSH security is affected, and the other ssh-server is not affected (because of the use of different RSA keys).
Six. Differences from the old configuration
1. The. ssh/directory does not have permission requirements on the ssh-server/ssh-client side, so the default is 755.
2. The above configuration does not need to use root privileges, and does not require the configuration of/etc/ssh/sshd_config (default), but also do not need to restart the SSH server.
Finally, I hope it will be useful to everyone.
- This article is from: Linux Learning Network
Latest SSH automatic login scheme (RSA)