Linux SSH key free password distribution

Specific requirements:

Implement a to distribute data from local to B under the same user Hequan . No password prompts are required during the process

Create user

#useradd Hequan # ID Hequan

#echo 123456 | passwd--stdin Hequan

# Su-hequan

RSA can be either encrypted or digitally signed

DSA can only be used for digital signatures

Start Create key

[[email protected] ~]$ ssh-keygen -t DSA default RSA

Generating Public/private DSA key pair.

Enter file in which to save the key (/HOME/HEQUAN/.SSH/ID_DSA):

Created directory '/home/hequan/.ssh '.

Enter passphrase (empty for no passphrase):

[Email protected] ~]$ ll-l. ssh/

Total Dosage 8

-rw-------1 Hequan Hequan 668 March 04:07 id_dsa private key reserved

-rw-r--r--1 Hequan Hequan 598 March 04:07 id_dsa.pub public Key Distribution

[Email protected] ~]$ ll-ld. ssh/

drwx------2 Hequan Hequan 4096 March 04:07 ssh/

Distributing public keys

Format: Ssh-copy-id [-I [Identity_file]] [[Email Protected]]machine

[Email protected] ~]$ Ssh-copy-id -I. ssh/id_dsa.pub [email protected] Distribution

Is you sure want to continue connecting (yes/no)? Yes

. Ssh/auhorized_keys

To make sure we haven ' t added extra keys so you weren ' t expecting.

[Email protected] ~]$ ll-l. ssh/

-rw-------1 Hequan Hequan 598 April 4 04:49 Authorized_keys

[[email protected] ~]$ ssh [email protected] no password

[Email protected] ~]$

Test outgoing files

[Email protected] ~]$ echo Hequan > Hequan.txt

[Email protected] ~]$ SCP hequan.txt [email protected]:~

If SSH is particularly slow when testing, you can modify the following parameters.

# Vi/etc/ssh/sshd_config

Usedns No

Gssapiauthentication No

#/etc/init.d/sshd Restart

[[email protected] ~]$ SCP -rp /etc/[email protected]:~ send directory to ~

[Email protected] ~]$ SCP-RP [email protected]:~/etc//tmp/copy B's/etc/directory to native/tmp

Password-Free Landing summary:

Password-free verification is one-way

User-based, preferably not across users

Slow connection (can see the solution above)

Bulk distribution initially requires a password, and the first connection is confirmed (expect)

[Email protected] ~]# ssh-v [email protected]-V debug the entire connection process

Test scripts

#!/bin/sh

If [$#-ne 1]

Then

echo "/bin/sh $ arg1"

Exit 1

Fi

For N in 11

Do

SCP-RP $ [email protected] $n: ~;

Done

Bulk distribution Batch processing permissions issues

Visudo

Hequan all= (All) nopasswd:/BIN/CP

# visudo-c

/etc/sudoers: Parse correctly

Remote sudo

# Disable "ssh hostname sudo <cmd>", because it'll show the Passwor

D in clear.

# You has to run "ssh-t hostname sudo <cmd>".

Defaults Requiretty or comment out the article

$ SCP-RP Quan [email protected]:~ first copy the Quan to the home directory,

$ SSH [email protected]- t sudo /bin/cp ~/quan/tmp then copy the Quan file to/tmp and finally the root permission

Rsync

chmod u+s ' which rsync ' has root permissions suid

-RWsr-xr-x 1 root root 415000 October 2013/usr/bin/rsync

SSH [email protected] /usr/bin/rsync ~/yy/tmp

Summary:

Using root

Using Visudo recommendation 2

Using rsync

This article is from the "what-all" blog, please be sure to keep this source http://hequan.blog.51cto.com/5701886/1762853

Linux SSH key free password distribution