Linux SSH password-less Login

Http://blog.csdn.net/pyhsky/article/details/5310375

You can use a public/private key authentication method for SSH Login. A simple explanation of the public/private key authentication method is as follows: Create a pair of public/private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa)
Then put the public key on the server (~ /. SSH/authorized_keys) and keep the private key. when using SSH to log on, the SSH program will send a private key to match the public key on the server. if the match is successful, you can log on.
The procedure is as follows:
Local
Generate a public key of the DSA in the token first. Then copy it to the server that you want to authenticate remotely.
Create key
$ Ssh-keygen-T DSA
Copy the key to the server
$ SCP ~ /. Ssh/id_dsa.pub root @ remotehost :/
Password :********
Log on to the server and install the public key.
$ SSH root @ remotehost
Password: ******** what to do on the remote server
$ Cat id_dsa.pub >> ~ /. Ssh/authorized_keys
$ Chmod 600 ~ // Ssh/authorized_keys // permission settings are very important, because insecure settings make you unable to use the RSA function
$ RM id_dsa.pub

The public-key authentication mechanism is safer than the password because the password is not transmitted over the network. in addition, it can be stored in an encrypted manner. For security purposes, you can also set a passphrase. In this way, it is useless for others to obtain the key.
If the above steps do not enable password-free login, you need to check whether the pubkey authentication function of the sshd service is enabled by default.
/Etc/ssh/sshd_config:
Pubkeyauthentication Yes
If you remember to restart your SSH service after the modification, use SSH-V to display the detailed login process.
Last step
We recommend that you do not use static passwords. You can disable password authentication by modifying the following content:
Usepam Yes
Is
Userpam No
Disable Pam's traditional password authentication.
If you use putty in windows
If you want to use putty, because the SSH2 generated by SSH-keygen and the key format of putty are different, you cannot directly use it. You must use puttygen.exe to convert it:
Copy the id_rsalenovo method of linuxlinuxto windows, run puttygen.exe, select the menu conversions-> Import key, and save private key. Then you can use this private key to set putty.
Set Putty to key in Windows
1) Start putty, set the parameters of the session (if previously set, load it), select "ssh-> auth" on the left, and click the Browse button, select key. PPK file.
2) set the auto-login username, connection-> data-> auto-login Username
3) Select the session from the left and click Save to save the modification. Click the OPEN button to log on.
If there are no problems with the above operations, then the system should automatically log on without entering the password. Putty's key is converted to securecrt's key
Previously, Putty was used to generate pub/private key. now puttygen.exe load private key is used, and conversions is used to export the private key in OpenSSH format, named identy. Then, pubkey is exported to identy. put pub in the same directory, and then specify the private key in the session of securecrt. Make sure to make it xx. pub, otherwise it will be stupid to say that the key cannot be found. This article comes from the http://www.bulibuqi.com]
Http://www.bulibuqi.com/thread-2308-1-1.html SSH login without a password
Ssh-keygen-t rsa will be created ~ /. Ssh/id-ras.pub ID-Ras Public Key:/root/. Ssh/id-ras.pub
Private Key:/root/. Ssh/ID-raschmod 755/root/. SSH (do not do this)
Copy the public key to the machine you want to access/. Ssh/and save it as authorized_keys. If multiple machines require logon without a password, each machine generates a public key and appends it to authorized_keys.

Assume that the server IP address is 192.168.1.1 and the machine name is cluster.hpc.org.

Client IP address is 172.16.16.1, machine name: p470-2.wangrx.sioc.ac.cn

The client user yzhao needs to use SSH without a password to log on to the zhaoy account of the server.

 

Implementation Principle

SSH logon is performed using a public/private key authentication method.

• First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa)
• Then put the public key on the server (~ /. Ssh/authorized_keys ),
  Keep your private key
• During SSH Login, the SSH program will send a private key to match the public key on the server.

 

 

The settings are as follows:

1. log on to the client machine as a yzhao user and run "ssh-keygen-t rsa" on the client machine"

(Note: each time you execute "ssh-keygen-t rsa", the private key files will be different)

A) if the file "~ /. If ssh/id_rsa "exists, the system will prompt whether to overwrite the file. In this case, you can select" N "to not overwrite the file and use the existing id_rsa file; if "Y" is selected, "~" is generated again "~ The/. Ssh/id_rsa file will prompt you to enter passphrase, press enter to confirm that an empty passphrase is used, and press enter again to confirm (passphrase can also be output here, which is equivalent to the password used for Logon during SSH ). And then generate "~ /. Ssh/id_rsa "file and "~ /. Ssh/id_rsa.pub "file (the result is as follows ).

[Yzhao @ p470-2 ~] $ Ssh-keygen-T RSA

Generating public/private RSA key pair.

Enter file in which to save the key (/disk2/yzhao/. Ssh/id_rsa ):

/Disk2/yzhao/. Ssh/id_rsa already exists.

Overwrite (y/n )? Y

Enter passphrase (empty for no passphrase ):

Enter same passphrase again:

Your identification has been saved in/disk2/yzhao/. Ssh/id_rsa.

Your public key has been saved in/disk2/yzhao/. Ssh/id_rsa.pub.

The key fingerprint is:

6D: A1: 17: 8A: B6: D2: C0: A1: 6C: 66: BA: 85: 0b: 7b: 9f: 0C yzhao@p470-2.wangrx.sioc.ac.cn

 

B) if "~ /. Ssh/id_rsa "file and "~ /. Ssh/id_rsa.pub "if the file does not exist, a new file is automatically created "~ /. Ssh/id_rsa "file and "~ /. Ssh/id_rsa.pub "file. The passphrase settings are the same as above.

[Yzhao @ p470-2 ~] $ Ssh-keygen-T RSA

Generating public/private RSA key pair.

Enter file in which to save the key (/disk2/yzhao/. Ssh/id_rsa ):

Created directory '/disk2/yzhao/. Ssh '.

Enter passphrase (empty for no passphrase ):

Enter same passphrase again:

Your identification has been saved in/disk2/yzhao/. Ssh/id_rsa.

Your public key has been saved in/disk2/yzhao/. Ssh/id_rsa.pub.

The key fingerprint is:

54: 49: AD: 33: B3: FF: 71: da: 6d: DB: 78: D0: BB: 6a: 15: BC yzhao@p470-2.wangrx.sioc.ac.cn

 

2. log on to the server using the SSH zhaoy@192.168.1.1 and edit the server "~ /. Ssh/authorized_keys "file "~ /. Ssh/id_rsa.pub "File Content appended "~ /. Ssh/authorized_keys "file.

(Note: You can use the following command on the client:

Cat ~ /. Ssh/id_rsa.pub | SSH zhaoy@192.168.1.1 "cat-> ~ /. Ssh/authorized_keys"

Enter the logon password of zhaoy on the server "~ /. Ssh/id_rsa.pub "File Content appended to the server "~ /. Ssh/authorized_keys "file)

 

If the following prompt appears when you connect to the server for the first time, confirm the connection and enter the password, and press enter to confirm the connection.

[Yzhao @ p470-2 ~] $ SSH zhaoy@192.168.1.1.

The authenticity of host' 192. 168.1.1 (192.168.1.1) 'can't be established.

RSA key fingerprint is 94: 91: 33: 01: 6B: E7: 10: AE: 42: AC: Ea: 5C: 8c: BB: F1: 18.

Are you sure you want to continue connecting (Yes/No )? Yes

Warning: Permanently added '192. 168.1.1 '(RSA) to the list of known hosts.

Zhaoy@192.168.1.1's password:

Last login: Fri Dec 21 17:41:38 2007 from 172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 21-jun-2007

 

Kickstarted 21-jun-2007

Rocks frontend node-our cluster Cluster

 

It doesn't appear that you have set up your SSH key.

This process will make the files:

/Home/zhaoy/. Ssh/id_rsa.pub

/Home/zhaoy/. Ssh/id_rsa

/Home/zhaoy/. Ssh/authorized_keys

 

Generating public/private RSA key pair.

Enter file in which to save the key (/home/zhaoy/. Ssh/id_rsa ):

Created directory '/home/zhaoy/. Ssh '.

Enter passphrase (empty for no passphrase ):

Enter same passphrase again:

Your identification has been saved in/home/zhaoy/. Ssh/id_rsa.

Your public key has been saved in/home/zhaoy/. Ssh/id_rsa.pub.

The key fingerprint is:

7e: F6: AB: B0: 79: 70: CB: C9: F7: 40: 37: AA: 10: 4d: 4A: AC zhaoy@cluster.hpc.org

 

3. If an empty passphrase is used in step 1, you can skip step 2, where the client can use the "ssh zhaoy@192.168.1.1" to log on to the server without a password; if passphrase is set in step 1, continue with the following steps.

 

4. If passphrase is set in step 1, enter the passphrase to log on to the server. In this case, the password is changed to passphrase, which does not bring any convenience. However, we can use SSH-agent to help us automatically enter passphrase (it just seems like automatic input). We only need to enter passphrase once during the first login, later work can be handed over to the SSH-agent. Run the ssh-add command on the client machine. A passphrase prompt is displayed. Enter the passphrase set in step 1 and modify it "~ /. Ssh/id_rsa "file. Then execute "SSH
Zhaoy@192.168.1.1 to log on to the server without a password.

 

[Yzhao @ p470-2 ~] $ Ssh-add

Enter passphrase for/disk2/yzhao/. Ssh/id_rsa:

Identity added:/disk2/yzhao/. Ssh/id_rsa (/disk2/yzhao/. Ssh/id_rsa)

[Yzhao @ p470-2 ~] $ SSH zhaoy@192.168.1.1.

Last login: Fri Dec 21 17:55:38 2007 from 172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 21-jun-2007

 

Kickstarted 21-jun-2007

Rocks frontend node-our cluster Cluster

[Zhaoy @ cluster ~] $