Linux Configuration dual-machine SSH Trust

Source: Internet
Author: User

First, the realization principle

SSH login using a method known as "Public private key" authentication. The simple explanation for the "Public private Key" authentication method is:

First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When SSH is logged in, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.

Second, the experimental environment

A machine: ts-dev/10.0.0.163

Machine B: cs-dev/10.0.0.188

Third, Linux/unix two machines to build trust

3.1 Generating a certificate on a machine

Under the A-machine root user executes the Ssh-keygen command, where it is required to enter, directly enter, generating a certificate to establish a secure trust relationship.

# ssh-keygen-t RSA

Note: when the program prompts for passphrase, enter the carriage return directly, indicating that no certificate password is required.
The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory.

3.2 View ~/.ssh generated key files

# CD ~/.ssh

# LL

3.3 A establishes a trust relationship with B

Copy the public key certificate id_rsa.pub to the. SSH subdirectory of machine B's root home directory and replace the file name with Authorized_keys, which requires the root user password for B machine (no trust relationship established). After the client-to-server trust relationship is established, the client can copy the data from the server without entering the password.

# scp-r Id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys

3.4 B establishes a trust relationship with a

Perform the same operation on machine B to establish a trust relationship with B.

# ssh-keygen-t RSA

# CD ~/.ssh/

# LL

# scp-r Id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys

Iv. Testing

On the A machine:

# scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/

On the B machine:

Note: If you want B,c to be able to enter the SCP without entering a password, transfer the data in A;

The public key of B and C are given to A;
Operation procedure: The data in the id_rsa.pub of the two machines is copied to the/root/.ssh/authorized_keys file of a, one line is indicated;

V. Remote execution of commands

command format:SSH remote user name @ remote host IP address ' remote command or script '

# SSH [email protected] ' hostname '

When the above command executes, the terminal outputs the host name of the peer host, not the host name of the currently logged-on host. Description hostname This command is actually running on the peer host.

The two-machine trust relationship has been established!

Linux Configuration dual-machine SSH Trust

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.