Linux SSH Automatic login based on key exchange principle Introduction and configuration instructions

Negotiation interaction Process

1. The client sends a logon request to the destination server. After the SSH service has enabled the certificate authentication logon method, it takes precedence over the certificate authentication method for login verification.

2. Depending on the SSH service configuration, the target server reads valid public key information in the user's corresponding directory and file.

3. The target server generates a bunch of random numbers and encrypts them with the corresponding public key.

4. The target server sends encrypted ciphertext back to the client.

5. The client uses the default directory or the private key specified by the-I parameter to attempt decryption.

6. If decryption fails, it will continue to try other ways such as password authentication for login verification. If the decryption succeeds, the decrypted source information is sent back to the target server. The meaning is similar to: "Look, this is the original text of this passage." I can read the ciphertext, I have the control of the server, please let me log in. ”

7. The target server makes a comparison of the information returned by the client. If the comparison succeeds, the authentication succeeds and the client can log on. If the comparison fails, the authentication fails, and the login verification is continued with other means, such as password verification.

The Certificate verification Interactive logon process shows:

Linux Client Demo Login:

1. Generate a pair of child keys locally on the client:

[Email protected] ~]#Ssh-keygen-T Rsa-p"'-f/root/.SSH/id_rsagenerating Public/private RSA key pair. Your identification has been savedinch/root/.SSH/Id_rsa. Your public key has been savedinch/root/.SSH/id_rsa.pub.The Key fingerprint Is:cb:e4:e8: the: +: the: F7: the: -: the: +: +: ce:c9: .: B9 [email protected]the key's Randomart image is:+--[RSA2048]----+|   . ooo.        ||         .= .+    || .*.   .        ||     E.. | |  .    So | | .       +=o.     ||     o.=+ | |        .+..     ||         . O. |+-----------------+

2. At the client, copy the public key to a specific file in the home directory of a user of the remote host to which you are logged in:

[Email protected] ~]#SSH-copy-ID-i/root/.SSH/id_rsa.pub [email protected]192.168.77.131The authenticity of host'192.168.77.131 (192.168.77.131)'Can't be established.ECDSA Key fingerprint isDD: 6d:e8: the: the: C9:8f:d8: +: -: BA: +: 6e: the: 4a: -. Is you sure want to continue connecting (yes/no)?Yes/usr/bin/SSH-copy-ID: info:attempting to loginchwith the new key (s), to filter out any that is already installed/usr/bin/SSH-copy-ID: INFO:1Key (s) remain to be installed--ifPrompted now it's toInstallThe new Keys[email protected]192.168.77.131's Password:Number of key (s) added:1Now try logging to the machine with:"ssh ' [email protected] '"and check to MakeSure that is the key (s) you wanted were added.

3. Test Login:

[Email protected] ~]#SSH[Email protected]192.168.77.131 LastLogin: Sat Mar -  +:Geneva: -  .From192.168.77.1[[Email protected]~]# IP Addr list ens373: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU theQdisc Pfifo_fast State up Qlen +Link/etherxx: 0c: in: F0:98: FD BRD ff:ff:ff:ff:ff:ff inet192.168.77.131/ -Brd192.168.77.255Scope Global Dynamic ens37 valid_lft 1280sec preferred_lft 1280sec inet6 fe80::41e6:5671:d 095:3c24/ -scope link Valid_lft forever preferred_lft forever[[email protected]~]# exitlogoutconnection to192.168.77.131Closed.

Windows environment Xshell Login Demo:

1. Open the Xshell program.
2. Click Tools > User Key Manager, and then click Generate.
3. In the Open Key Creation wizard, after selecting the default RSA key algorithm and key length (default 2048-bit), click Next.
4. After the program generates the key pair, click Next.
5. As mentioned earlier, the key encryption password is left blank:

6, copy the generated public key to the target host's/root/.ssh/authorized_keys tail append

Echo ' Ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqea1wpscj31fl+ c8biyb9pbqilrx5s4fzkdaoaqy2d043eddkbvi0fhymyvelu5cibmj8oqibnhas9jqmzxydnqoz0ho3luc6a9eqp0kgj/dx31fghjzcvk5+ de9qsvgu6nrz3wn5f/xvs/htufzipfbwb1c51lchdruizcdfsrqmkwhkcmf+axk0ckhsdo2lwxqyccw9b1d7ww==' > >/root/. ssh/authorized_keys

7, after the copy is completed, return to Xshell, enter the target host IP, user authentication Select public key authentication:

Click "OK" to connect.

Linux SSH Automatic login based on key exchange principle Introduction and configuration instructions