LinuxSSH uses the public key and private key for login-free, login failure, and public key failure.

Source: Internet
Author: User
To write a shell, you must remotely execute the shell command. Login-free principle: viewplainprint? 1. asymmetric keys are a pair of key-public keys and private keys. 2. the private key is held by no one in the system. it is generally stored in your computer...

 

To write a shell, you must remotely execute the shell command. Login-free principle:

View plainprint?

First, describe the processing mechanism:

1. asymmetric keys are a pair of key-public keys and private keys.

2. the private key is held by no one in the system. it is generally stored in your computer or USB flash drive.

3. the public key is transmitted over the network, that is, it can be passed to the other party in the communication, that is, it can be intercepted by hackers.

4. data encrypted with a personal private key can only be decrypted with that individual's public key. Similarly, data encrypted with the public key can only be decrypted with the private key.

 

In this way, the general process of our application in information processing can be as follows:

Assume that we have two message providers, a and B.

1. if a Wants B to send a message, B first obtains or passes the public key to B.

2. then, a encrypts the message with the public key of B and passes it to B.

3. B. use your private key to decrypt the message to obtain the plaintext.

 

 

The public key and private key (I am illiterate, and I used to read yao before the key word. this is a multi-tone word. here I should read yue) are displayed in pairs. once any change is made, the verification will fail.

 

1. login-free implementation:

 

In the following example, ssky-keygen and ssh-copy-id can be used to log on to a remote Linux host without a password.

Ssh-keygen creates the public key and key.

Ssh-copy-id copies the public key of the local host to the authorized_keys file of the remote host.

The ssh-copy-id will also be sent to the user home directory (home) and ~ of the remote host ~ /. Ssh, and ~ /. Ssh/authorized_keys.

 

Step 1: Use ssh-key-gen to create a public key and a key on the local host

Ligh @ local-host $ ssh-keygen-t rsa

Enter file in which to save the key (/home/jsmith/. ssh/id_rsa): [Enter key]

Enter passphrase (empty for no passphrase): [Press enter key]

Enter same passphrase again: [Pess enter key]

Your identification has been saved in/home/jsmith/. ssh/id_rsa.

Your public key has been saved in/home/jsmith/. ssh/id_rsa.pub.

The key fingerprint is: 33: b3: fe: af: 95: 95: 18: 11: 31: d5: de: 96: 2f: f2: 35: f9

Ligh @ local-host

 

 

Step 2: Use ssh-copy-id to copy the public key to the remote host.

Ligh @ local-host $ ssh-copy-id-I ~ /. Ssh/id_rsa.pub root@192.168.0.3

Ligh @ remote-host's password:

Now try logging into the machine,? Ssh? Remote-host '', and check in:

. Ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

 

[Note: The ssh-copy-id appends the key to. ssh/authorized_key of the remote host.]

 

Step 3: log on to the remote host directly

Ligh @ local-host $ ssh remote-host

Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2

 

[Note: SSH does not ask for the password.]

Ligh @ remote-host $

[Note: you have logged on to the remote host]

 

2. logon failure and public key failure

Ssh-copy-id was not used to copy the public key to a remote machine. Instead, it was copied using scp and then manually added to authorized_keys.

But one day this approach suddenly becomes ineffective... No reason is found. Later, the key was regenerated and the problem was solved by using ssh-copy-id.

Note that the public key must be re-copied on the login-free server load balancer client that was previously set after the key is regenerated.

 

Author shootyou

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.