To create a certificate:
[Email protected] src]# Ssh-keygen-T rsagenerating Public/PrivateRSA key pair. Enter fileinchWhich to save the key (/root/.ssh/id_rsa): Created directory'/root/.ssh'. Enter Passphrase (Empty forno passphrase): # Here to set the password 123456Enter same passphrase again: #再次输入密码123456Your identification has been savedinch/root/.ssh/Id_rsa. Your PublicKey has been savedinch/root/.ssh/id_rsa.pub.The Key Fingerprint is: -: E2: the: F5: the: the: $:d 1: -: About:98: the: E1: -: bd:c5 [email protected]the key's Randomart image is:+--[RSA2048]----+| .+**. || +ooo+. || o.= E | | = * O. || o O S | | . O | | || || |+-----------------+
In this step, the system will automatically generate a public key and save it in the/home/root/.ssh/id_rsa.pub file.
[Email protected] src]# ls/root/.ssh//root/.ssh/id_rsa.pub
Take a look at what's inside:
[[email protected] src]# cat/root/.ssh/id_rsa.pub ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqeapcgmdimrk/ 4jios2x4lhourup2lwcacydtoicdqiyro8jmgh0x8om5nxu/ryan+nzn/ 9cnsy7ovprwudiiada3vpluafdrzjs9mmadhz4xrvhlu5nlczcg30oojj7dhtnsfx5t5cdpiy5fqqanvdotcxenxe5l7qf8pw8gqvhl3tjr3nmvqrthle0mj3 oin6sw6th8szc0t1ctsny6wqqqrwd+dg+5pw27fem9ppnokslkxs8jbm3pycxbgmlpd0oqciml7up26elqefdddj2a1zdjfsxd4bji+ i9ctwx2rqb+d3k0jus9l12kldk6vsf4ipui0ju+/800fejawhbw== [email protected]
We copy the public key to the remote machine:
[Email protected] src]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]192.168.1.12The authenticity of host'192.168.1.12 (192.168.1.12)'Can't be established.RSA Key Fingerprint is5E:5B:D3: Wu: CD: About: About: +: A1: $: F2:ed:9c:ac: the: $. is you sure-want toContinueConnecting (yes/no)?Yeswarning:permanently added'192.168.1.12'(RSA) to the list of known hosts. [Email protected]192.168.1.12's Password: # Enter the login password for 192.168.1.12NowTryLogging into the machine, with"ssh ' [email protected] '", and checkinch:. SSH/Authorized_keysto Make sure we haven'T added extra keys that you weren'T expecting.
Note Ssh-copy-id writes the key to the remote machine's ~/.ssh/authorized_key file:
[[email protected] ~]# ls ~/.ssh//root/.ssh/~]# cat ~/.ssh/authorized_keys ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqeapcgmdimrk/4jios2x4lhourup2lwcacydtoicdqiyro8jmgh0x8om5nxu/ryan+nzn/ 9cnsy7ovprwudiiada3vpluafdrzjs9mmadhz4xrvhlu5nlczcg30oojj7dhtnsfx5t5cdpiy5fqqanvdotcxenxe5l7qf8pw8gqvhl3tjr3nmvqrthle0mj3 oin6sw6th8szc0t1ctsny6wqqqrwd+dg+5pw27fem9ppnokslkxs8jbm3pycxbgmlpd0oqciml7up26elqefdddj2a1zdjfsxd4bji+ i9ctwx2rqb+d3k0jus9l12kldk6vsf4ipui0ju+/800fejawhbw== [email protected]
Login to remote machine 192.168.1.12 you don't need a password.
192.168. 1.12 for'/root/.ssh/id_rsa': 32 :from192.168. 1.103
=============================================================================
The above test has not really implemented password-free login, the following from the new side:
Delete the public key generated above and the private key on the remote machine:
[email protected]. ssh]# lsid_rsa id_rsa.pub known_hosts[[email protected]. ssh]# RM id_rsarm:remove Regular file ' Id_rsa'? y Delete the private key on the remote machine: [[email protected]. ssh]# Lsauthorized_keys Known_ Hosts Known_hosts.bak[[email protected]. ssh]# RM authorized_keys rm:remove regular file ' Authorized_keys '? y
Regenerate the public key:
[email protected]. ssh]# RM id_rsarm:remove Regular file ' Id_rsa'? y[email protected]. ssh]# Cd[[email protected]~]# Ssh-keygen-T rsagenerating Public/PrivateRSA key pair. Enter fileinchWhich to save the key (/root/.ssh/id_rsa): Enter Passphrase (empty forno passphrase): # Here is empty words, it is really implemented, no need to enter a password, log on to the remote host same passphrase Again:your identification has been savedinch/root/.ssh/Id_rsa. Your PublicKey has been savedinch/root/.ssh/id_rsa.pub.The Key Fingerprint is: C9:fe: -: 6a:7c:e1:2a:ba:aa:6e:2c:f0:ee: the: 7d:af [email protected]the key's Randomart image is:+--[RSA2048]----+| || || || . . || S | |. . . || o+. O. || oo+. . O=o | | ==++e=.ooo. |+-----------------+[[Email protected]~]# ls ~/.ssh/id_rsa id_rsa.pub known_hosts [[email protected]~]# ls ~/.ssh/Id_rsa/root/.ssh/Id_rsa[[email protected]~]# Cat ~/.ssh/Id_rsa-----BEGIN RSA PRIVATE KEY-----Miieoqibaakcaqeaxtlnozvt2oxots6xaro25g0moradvx7iqomqmgplykn1z3vtgpwwybj9alh1a6y5ziwuyv7oknhmga6qajylhv6v3/Z2QWZVJ9NEIQEAEESHWSPUIR5H7HDLF21B569ZBRRQF+Myqsbyuoujflaajimwiqkhxakgwnwk5t0pkr5kkivji2n1nhexi+i8yp67qsrtfr7s3ofwbmgmnjt5ly1wq09doymaz3xeeriq3ke3g+lhc6qej4offiu95r/jpqnigxkrjga15tbmln1jsbekl0ohmsa2ffjjqqh3pafd2j/Umdulnbezcwcotigbdjndumtbo9mx5kk3uryfcqibiwkcaqbr8lzu9jeta/4brs1m/5oko0dbgtnojqc6dlcarrs1v9i9bykov9vkhdhlik5fancmw/+T8BE7NOQGOJ8IG8SCMNY7AIMQDLXXD9EYDK/7gs/G1dxnyalgvdbmfthklat1vhlqaowpavxzaavzpo4x9cowdxabovix1omsywe3o2xbq9c7w4rxmdarzfqluc16gqtjt7dznlonsbexgxdaskcn62nfuiut RZ2+3b5j4/rye7vljmzbx482yasvmag9zpvfrfofqafj9+Igyuysna/HD5SFZJPD3W4ANMULSRQUIA7RTV9OEVDDVYDFN5YL0UO53QOYULWICXQR+Qwlaogbapm2cvvskxxl8s2jl0axmj27lhmgevhcowyw0d0iw5wrkut2uncj3fqdoljb5ee8zqbfpmqauohexgatzipz4kytqckvuymlm3nx +rcdjdzhb6p+Ugyrzdb9kyq7o6vzz2egnhy93zyct4+OOY6XIPCWJTR9C32OJEZUPPD5LAHZAOGBAMVBHBGT/tra3xmyczkhrpkupz7jnngz2f9nh8fodxj3su4ancg/Rxflyhjuzzmqrdlpjzwulra9l8ey/ejejtfbk9jqdgui+ryhjnisp/plezycdgycvcd/tgy7auowycv9+0kot901vxaeuq4t+xduyz+z552atbmoiso/Xg6xaogbaorpcgrmje6jfwune6hpt2ukl/osua/fs+hpymowpdbrfybskw3xpmf5zxxqw69nksrc9cb1uuoj2z+DFD4JCWSKQ3YE3LHEWVMONBUKKFTTMUV6ZTANRYTRFBQ50CIMOFHYVILDI9MCFYQRCJK6GEMUOXFCYK1PITBNZRZG7BILAOGAANCVV+w1a2hvfhouyyd+4yerf22juhvrnsehpt5lb6spwcslpxhpnlg9a+Hswb6ecfr1ivj5yfpky1wmtf2qtmmcetepkxlnvmdmfff69c2u3verwryycekxtdy6pey75udkxmuwyylahfo0hxbuzemsilwndzmfsymqqanug6scgya R/fom3tlfz9rzytmlvyes0u0oz7lerrv/3hotxgec7frp3mfpedcwvvi2zsdpmx7ts44oalqdibdi9tdjjeclcwy3tvloi1o0blphwi+ukwtdspacfiz+3MLIZCUHHXKWJKXRVI6BMYPZOAAZOB10HWFLHPPKTOTIWH3BFUDICG= =-----END RSA PRIVATE KEY-----
Use Ssh-copy-id to copy the public key to the remote machine:
[Email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]192.168. 1.12 [email protected] 192.168. 1.12 ' try"ssh" [email protected] '"in: . SSH/ Authorized_keysto Make sure we haven ' T added extra keys that you weren 't expecting.
To view the private key that is generated on the remote host:
[[email protected] ~]# cat ~/.ssh/authorized_keys ssh-rsa Aaaab3nzac1yc2eaaaabiwaaaqeaxtlnozvt2oxots6xaro25g0moradvx7iqomqmgplykn1z3vtgpwwybj9alh1a6y5ziwuyv7oknhmga6qajylhv6v3 /z2qwzvj9neiqeaeeshwspuir5h7hdlf21b569zbrrqf+myqsbyuoujflaajimwiqkhxakgwnwk5t0pkr5kkivji2n1nhexi+ i8yp67qsrtfr7s3ofwbmgmnjt5ly1wq09doymaz3xeeriq3ke3g+lhc6qej4offiu95r/ jpqnigxkrjga15tbmln1jsbekl0ohmsa2ffjjqqh3pafd2j/umdulnbezcwcotigbdjndumtbo9mx5kk3uryfcq== [email protected]
Successfully implemented without password login:
192.168. 1.12 $: from192.168. 1.105
Linux down Board machine and client without password login