Linux SSH without a password login, linuxssh password login

Linux SSH without a password login, linuxssh password login

I. ssh schematic:

1. the user name and password are not required for two linux machines to use ssh. Digital signature RSA or DSA is used to complete this operation.

2. Model Analysis

Assume that A (192.168.000059) is the customer's machine, and B (192.168.000060) is the target machine;

Goals:
Machine A does not need to enter A password to log on to machine B through ssh;
Select rsa for encryption. | dsa is supported. The default value is dsa.

 

Ii. Procedure

 

One-way login operation process (to meet the above objectives ):
1. log on to machine
2. ssh-keygen-t [rsa | dsa] will generate the key file and private key file id_rsa, id_rsa.pub or id_dsa, id_dsa.pub
3. Copy the. pub file to the. ssh directory of machine B and cat id_dsa.pub >> ~ /. Ssh/authorized_keys
4. As A result, you can log on to the target account of machine B from machine A without A password. (directly run# Ssh 192.168.20.60)

 

Two-way login operation process:

1. ssh-keygen performs password verification to enable ssh on the opposite machine. scp does not need to use the password. The specific method is as follows:
2. perform the following operations on both nodes:# Ssh-keygen-t rsa
Then press enter to use the default value.

3. A key pair is generated and stored in the user directory ~ /. Ssh.
Test the public key to the user directory of the target machine.And copy it ~ /. Ssh/authorized_keys (operation command:# Cat id_dsa.pub> ~ /. Ssh/authorized_keys).

4. Set file and directory permissions: Use the hadoop user to perform/home/hadoop main directory. If there are multiple linux instances, it is best to build the same username on each server.

Set authorized_keys Permissions
$ Chmod 600 authorized_keys
Set. ssh Directory Permissions
$ Chmod 700-R. ssh

 

5. Ensure that. ssh and authorized_keys have write permission only for the user. Otherwise, the verification is invalid. (This is the problem we have encountered today. I have been looking for a long time.) In fact, I think about it carefully to avoid system vulnerabilities.

When I access 20.60 from 20.59, the following error is prompted:

 

Java code

1. The authenticity of host' 192. 168.20.59 (192.168.20.59) 'Can't be established.
2. RSA key fingerprint is 6a: 37: c0: e1: 09: a4: 29: 8d: 68: d0: ca: 21: 20: 94: be: 18.
3. Are you sure you want to continue connecting (yes/no )? Yes
4. Warning: Permanently added '192. 168.20.59 '(RSA) to the list of known hosts.
5. Root@192.168.20.59's password:
6. Permission denied, please try again.
7. Root@192.168.20.59's password:
8. Permission denied, please try again.
9. Root@192.168.20.59's password:
10. Permission denied (publickey, gssapi-with-mic, password ). <textarea class = "java" style = "display: none;" name = "code"> The authenticity of host' 192. 168.000059 (192.168.000059) 'Can't be established.
11. RSA key fingerprint is 6a: 37: c0: e1: 09: a4: 29: 8d: 68: d0: ca: 21: 20: 94: be: 18.
12. Are you sure you want to continue connecting (yes/no )? Yes
13. Warning: Permanently added '192. 168.20.59 '(RSA) to the list of known hosts.
14. Root@192.168.20.59's password:
15. Permission denied, please try again.
16. Root@192.168.20.59's password:
17. Permission denied, please try again.
18. Root@192.168.20.59's password:
19. Permission denied (publickey, gssapi-with-mic, password ).
20. </Textarea>

 

Iii. Summary

1. Do not set the file and directory permissions to chmod 777. This permission is too large, insecure, and not supported by digital signatures. I started to save time.

2. The generated rsa/dsa Signature public key is used by the other machine. The public key must be copied to authorized_keys.

(Note: if there are more than three linux machines, such as hostname h1, h2, h3, and the user name on each server is hadoop

/Home/hadoop /. ssh/id_dsa.pub uses scp to copy to a directory on a machine and write to/home/hadoop /. in ssh/authorized_keys, make it a large file containing all public keys, and copy the file to/home/hadoop/in each linux /. under ssh/authorized_keys, modify the permission to 600)

3. Access the ip address of the ssh machine directly between linux

4. A machine generates its own RSA or DSA digital signature, sends the public key to the target machine, and then sets the relevant permissions (Public Key and authorized_keys permissions) after receiving the request ), the target machine can be accessed without a password by the machine that generates a digital signature.

---------------------

 

Linux build trust, added to authorized_keys, is not successful; permission questions June 14, 2013 DigDeeply jump to comment

Establish trust relationships between Linux Hosts
Establish A trust relationship between host A and host B so that host A can log on to host B without A password through ssh.

There are three points to be aware of. If you have already followed the above method and still cannot, compare it with the following three items:

Article (3) is too pitfall, because the/home/user directory is 777, not 755. How can this problem be solved? the trust relationship cannot be created, finally, change the permission of the/home/user directory from 777 to 755. _ <, A big pitfall...