A: client 10.10.230.211 (need to log on from this machine B) B: Server 10.10.230.119 (remote host, end a operator needs to log on to the final machine)
In general, you can log on to b119 from a211 without a password.
Implementation:
A: Operation
10.10.230.211 # ssh-keygen-T RSA
10.10.230.211 # cd. Ssh/
10.10.230.211 # Cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys
10.10.230.211 # SCP ~ /. Ssh/authorized_keys 10.10.230.119 :~ /. Ssh/authorized_keys
10.10.230.211 # SSH root@10.10.230.119
Multiple servers access each other without a password
Multiple servers access each other without a password. The principle is the same as that of one-way password-free access between the two servers, but because multiple servers access each other without a password, you cannot directly upload the file as if you did not log on to the two servers without a password. The steps are as follows:
1. Execute ssh-keygen-t rsa on each server to generate the key pair:
# Ssh-keygen-T RSA
2. After a key pair is generated on each server, copy the public key to the server that requires logon without a password:
For example, the three servers 192.168.15.240, 192.168.15.241, and 192.168.15.242 need to perform password-free login. After each server generates a key pair, run the ssh-copy-id command on each server (for detailed instructions and usage, see the appendix at the end) to copy the public key to the other two servers (192.168.15.240 is used as an example here, the user is root, the other two steps are the same)
# Ssh-copy-ID-I ~ /. Ssh/id_rsa.pub root@192.168.15.241
# Ssh-copy-ID-I ~ /. Ssh/id_rsa.pub root@192.168.15.242
The preceding command automatically adds the public key to the file named authorized_keys. After performing the preceding steps on each server, multiple servers can log on without a password.
Ssh-copy-ID:
By default, a tool named ssh-copy-ID is included in Linux:
# Type ssh-copy-ID
Ssh-copy-ID is/usr/bin/ssh-copy-ID
You can run the cat or more command to check whether ssh-copy-ID is actually a shell script. The usage is simple:
# Ssh-copy-ID-I ~ /. Ssh/id_rsa.pub user @ Server
There is no need to remember how to spell the name of the authorized_keys file. Isn't that nice, but it's too early to be happy. There is a terrible problem with ssh-copy-id, that is, by default, it only supports SSH running on port 22. However, for security purposes, we often change the ssh port of the server, for example, to port 10022, when you run ssh-copy-ID, an error will be reported. You can modify the ssh-copy-ID script to correct this problem, but it seems too stiff. In fact, there are better methods:
# Vi ~ /. Ssh/config
Add the following content:
Host server
Hostname IP
Port 10022
You can also add only one port configuration line separately, which is a global configuration. After saving the configuration and running the ssh-copy-id command, no error will be reported.
Note: If the port is not 22 and the config file is not modified, you can do the following:
Ssh-copy-ID-I ~ /. Ssh/id_rsa.pub "-P 10022 user @ Server