In order to ensure the security of a Linux host, so we usually log in each host when we set the account password login. But many times for ease of operation, we have to set up SSH password-free login. So how do I set it up? Is it not safe to login without a password?
One, the access to the host's secret key storage mechanism
In the SSH login host, in fact, there is a store to log on the host's secret key file, its name is Authorized_keys, it is located in the hidden directory under root/. SSH (Note: If this host is not set up with any secret key login, This file is not present by default)
In the Authorized_keys file, ID information is stored for each host that can log on to the local host, and their storage format is a set of strings that begin with Ssh-rsa. Here, we don't have to understand what he means, but remember two points:
1. Each ssh-rsa and its subsequent strings make up a unique secret key that represents a host;
2. The secret key cannot be modeled;
Second, SSH password-free login settings
(1) password-free login from Linux system
Target machine: HostA
Local Machine: HostB
A. Generate a public private key pair with Ssh-keygen on the local machine
[[Email protected] ~] Ssh-keygen
At this point, a. SSH directory is generated under/root/and two files are generated in this directory
Id_rsa is the private key, be sure to save it well. Cannot be lost, and must never be distributed to other users. If the private key is lost, identity can be impersonated by someone else.
Id_rsa.pub is a public key that is used for external distribution. When the other host gets the public key, it can determine if the private key is accurate.
B. Copy the locally generated public key to the target host that needs to be logged on
[Email protected] ~]SCP ssh/id_rsa.pub [email protected]:/home/
C. On the remote host, after adding the public key to the Authorized_keys file
[Email protected] ~]cat id_rsa.pub >>. Ssh/authorized_keys
[Email protected] ~]chmod. SSH
[Email protected] ~]chmod Ssh/authorized_keys
Here are two points to note:
1) Here is the target host hosta, not the host HostB
2) It is necessary to use the Cat command to add the contents of the public key to the Authorized_keys file after the redirect command >>, instead of simply using the CP command. The reason is because the authorized_keys inside may have previously added the secret key, if the CP command, the previous secret key may be flushed away.
D. After the above steps have been completed, the password-free login has been set to complete, you can return to the local host for SSH login
Excerpt from: http://blog.csdn.net/royalfizz/article/details/53356584
Linux host SSH Encryption-free setting parsing