SSH login with no password to use the public and private keys. Linux can be used to generate a public/private key pair with Ssh-keygen, below I take CentOS as an example.
Note: If the root user cannot log in, the SELinux and firewall will be turned off.
There is machine A (192.168.1.155), B (192.168.1.181). Now want to a through SSH password-free login to B.
First, take the root account login as an example.
1. Generate a public/private key pair under the a machine.
[[email protected] ~]# ssh-keygen-t rsa-p '
-P for the password,-p ' means the empty password, you can not use the-p parameter, so that three cars to enter, with-P on a return.
The command will generate a pair of keys Id_rsa and id_rsa.pub under the/root/.ssh directory.
The RSA key for SSH is generally used:
Id_rsa private Key
Id_rsa.pub Public Key
The following command produces different types of keys
Ssh-keygen-t DSA
SSH-KEYGEN-T RSA
Ssh-keygen-t RSA1
2. Copy the/root/.ssh/id_rsa.pub under the a machine into the/root/.ssh/authorized_keys file of the B machine, first create a good/root/.ssh directory on the B machine and copy it with SCP.
[Email protected] ~]# scp/root/.ssh/id_rsa.pub [email Protected]:/root/.ssh/authorized_keys
[email protected] ' s password:
Id_rsa.pub 100% 223 0.2kb/s 00:00
Since there is no password-free login, enter the root password of machine B once.
3.authorized_keys's Permission if!!!
[Email protected] ~]# chmod 600/root/.ssh/authorized_keys
4.A Machine login B machine.
[Email protected] ~]# ssh-l root 192.168.1.181
The authenticity of host ' 192.168.1.181 (192.168.1.181) ' can ' t be established.
RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 192.168.1.181 ' (RSA) to the list of known hosts.
Last Login:thu Jul 3 09:53:18 from root
[Email protected] ~]#
The first time you log in is when you want to enter Yes.
Now a machine can be no password login B machine.
Summary: Log on the machine can have a private key, the machine to be logged on to have the public key of the machine. This public/private key pair is typically generated on the private key host. Above is the RSA algorithm's public/private key pair, of course, you can also use DSA (the corresponding file is id_dsa,id_dsa.pub)
Want to let A, B machine without password mutual login, that machine is configured in the same manner as above.
The use of Ssh-keygen
Suppose A is a customer machine and B is the target machine;
To achieve the purpose:
A machine SSH login B machine does not need to enter a password;
Encryption mode RSA|DSA can be selected, the default DSA
Practice:
1. Log In a machine
2, Ssh-keygen-t [RSA|DSA], will generate a key file and a private key file id_rsa,id_rsa.pub or id_dsa,id_dsa.pub
3. Copy the. pub file to the. SSH directory of the B machine, and cat id_dsa.pub >> ~/.ssh/authorized_keys
4, finished, from a machine login B machine's target account, no longer need password;
Ssh-keygen do password verification to enable SSH to the other machine, the SCP does not use the password.
Here's how:
SSH-KEYGEN-T RSA
Then all returns, with default values.
This generates a pair of keys that are stored under the ~/.ssh of the user directory.
Test the public key into the user directory of the other machine and copy it into the ~/.ssh/authorized_keys.
Be sure that both SSH and Authorized_keys have write permissions for the user. Otherwise, validation is not valid. (Today is the problem, looking for a long time the problem), in fact, think carefully, this is done so as not to appear system vulnerabilities.
This article is from the "Technology First" blog, please be sure to keep this source http://wuxiangdong.blog.51cto.com/8274747/1584557
Password-free authentication for SSH