Linux SSH login without password (the settings for directory permissions are very detailed, you can refer to it)

Source: Internet
Author: User

Assuming the server IP address is 192.168.1.1, machine name:cluster.hpc.org

client IP address is 172.16.16.1, machine name:p470-2.wangrx.sioc.ac.cn

Client User Yzhao needs to log on to the server's zhaoy account with no password ssh

Implementation principle

SSH login using a method known as "Public private key" authentication. The simple explanation of the "Public private Key" authentication method is

    • First Create a pair of public private keys on the client (public key file:~/.ssh/id_rsa.pub; private key file:~/.ssh/id_rsa)
    • Then put the public key on the server (~/.ssh/authorized_keys)and keep the private key .
    • When SSH is logged in, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.

Settings are as follows:

1. Yzhao User Login to client machine and execute "ssh-keygen-t RSA" on client machine

( Note: "ssh-keygen-t RSA" )

A) If the file "~/.ssh/id_rsa" exists, will be prompted to overwrite the file, at this time you can choose "n" does not overwrite the file and use the existing id_rsa file; If you select "Y" The "~/.ssh/id_rsa" file will be regenerated , followed by a prompt for passphrase, enter OK touse the empty passphrase, again enter the confirmation (this can also output passphrase, which is the equivalent of SSH login password). the "~/.ssh/id_rsa" file and the "~/.ssh/id_rsa.pub" file are regenerated (the results are as follows).

[[email protected] ~]$ ssh-keygen-t RSA

Generating public/private RSA key pair.

Enter file in which to save the key (/DISK2/YZHAO/.SSH/ID_RSA):

/disk2/yzhao/.ssh/id_rsa already exists.

Overwrite (y/n)? Y

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/disk2/yzhao/.ssh/id_rsa.

Your public key has been saved in/disk2/yzhao/.ssh/id_rsa.pub.

The key fingerprint is:

6d:a1:17:8a:b6:d2:c0:a1:6c:66:ba:85:0b:7b:9f:0c [email protected]

b) If the "~/.ssh/id_rsa" file and the "~/.ssh/id_rsa.pub" file do not exist, a new "~/.ssh/id_rsa" file and a "~/" will be created automatically . Ssh/id_rsa.pub " file,passphrase settings Ibid.

[[email protected] ~]$ ssh-keygen-t RSA

Generating public/private RSA key pair.

Enter file in which to save the key (/DISK2/YZHAO/.SSH/ID_RSA):

Created directory '/disk2/yzhao/.ssh '.

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/disk2/yzhao/.ssh/id_rsa.

Your public key has been saved in/disk2/yzhao/.ssh/id_rsa.pub.

The key fingerprint is:

54:49:AD:33:B3:FF:71:DA:6D:DB:78:D0:BB:6A:15:BC [email protected]

2.log in to the server using SSH [email protected], edit the "~/.ssh/authorized_keys" file on the server, and "~/.ssh/id_" on the client machine. Rsa.pub " file contents are appended to the" ~/.ssh/authorized_keys " file.

(Note: You can use the following command on the client machine:

Cat ~/.ssh/id_rsaPub | ssh [email protected]192.168.1. 1 "cat->> ~/.ssh/authorized_keys"

cat/root/.ssh/id_rsa.pub|ssh [email protected] "cat->>/root/.ssh/authorized_keys"

This will require you to enter the login password for Zhaoy on the server, and then append the contents of the "~/.ssh/id_rsa.pub" file on the client machine to the server "~/.ssh/authorized _keys " file)

If this is the first time you connect to the server, you will receive the following prompt, confirm the connection and enter the password after the other direct enter OK.

[[email protected] ~]$ ssh [email protected]

The authenticity of host ' 192.168.1.1 (192.168.1.1) ' can ' t be established.

RSA key fingerprint is 94:91:33:01:6b:e7:10:ae:42:ac:ea:5c:8c:bb:f1:18.

Is you sure want to continue connecting (yes/no)? Yes

warning:permanently added ' 192.168.1.1 ' (RSA) to the list of known hosts.

[email protected] ' s password:

Last Login:fri Dec 17:41:38-172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 03:58 21-jun-2007

kickstarted 12:25 21-jun-2007

Rocks Frontend node-our Cluster Cluster

It doesn ' t appear that It has set up your SSH key.

This process would make the files:

/home/zhaoy/.ssh/id_rsa.pub

/home/zhaoy/.ssh/id_rsa

/home/zhaoy/.ssh/authorized_keys

Generating public/private RSA key pair.

Enter file in which to save the key (/HOME/ZHAOY/.SSH/ID_RSA):

Created directory '/home/zhaoy/.ssh '.

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/home/zhaoy/.ssh/id_rsa.

Your public key has been saved in/home/zhaoy/.ssh/id_rsa.pub.

The key fingerprint is:

7E:F6:AB:B0:79:70:CB:C9:F7:40:37:AA:10:4D:4A:AC [email protected]

3, if the use of the empty passphrase in step 1, you can skip step 4, at this time in the client can use "ssh [email protected]" You can log on to the server without a password, and if passphrase is set in the first step , continue with the following steps.

4、If the first1Step, set thePassphrase, you need to enter thePassphraseLog on to the server.At this time front we put the input password into the input passphrase, This does not bring any convenience but We can use ssh-agentpassphrase (just looks like auto input) , we just input once passphrase, later work can be handed to Ssh-agentssh-add, Here you will be prompted to enter it once passphrase passphrase "~/.ssh< Span lang= "en-US" >/id_rsa " files. The client executes

[Email protected] ~]$ Ssh-add

Enter Passphrase For/disk2/yzhao/.ssh/id_rsa:

Identity added:/disk2/yzhao/.ssh/id_rsa (/DISK2/YZHAO/.SSH/ID_RSA)

[[email protected] ~]$ ssh [email protected]

Last Login:fri Dec 17:55:38-172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 03:58 21-jun-2007

kickstarted 12:25 21-jun-2007

Rocks Frontend node-our Cluster Cluster

[Email protected] ~]$

Linux Modify directory file permissions, directory files belong to user, user group


1: View command: Ls-l

Drwxr-xr-x 4 Gamer FTP 4096 Mar 7 16:56 gstoredrwxrwxrwx root ftp 4096 Dec 01:30 Resin-doc front A total of 10 characters, first If the character is "-" indicates that this is a file, if "D" is a folder, "L" means the link file, and so on the following 9 characters are divided into 3 characters a group of three groups, respectively, the user (file owner) permissions, group group user permissions, and other user permissions. R means read, w means write, X is executed. Number of rights represented by R (4), W (2), X (1) 2: Modify directory file permissions: chmod 777/ftp Change the permissions of the FTP directory to chmod-r 777/ftp change the FTP directory and subdirectories 3: Modify the file to which the user and user Group Drwxr-xr-x 4 Gamer FTP 4096 Mar 7 16:56 gstoredrwxrwxrwx root ftp 4096 Dec 01:30 resin-doc Red section, the previous one is owned by Users, the next one is the user group. Modify the owning user Chown gamer Gstore Change Gstore directory chown-r gamer gstore change Gstore directory and subdirectories modify the owning user group Chown:ftp gstore change Gsto Re directory chown-r: FTP gstore change Gstore directory and subdirectories

http://blog.csdn.net/langeldep/article/details/6565706

Linux SSH login without password (the settings for directory permissions are very detailed, you can refer to it)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.