Password-free logon in Linux and password-free logon in Linux
1. Generate a key in Linux
For the command manual of ssh-keygen, run the "man ssh-keygen" command:
Run "ssh-keygen-t rsa"
A ". ssh" folder is generated in the root directory of the user.
Entering ". ssh" will generate the following files:
Authorized_keys: stores the public key for remote password-free logon. This file records the public keys of multiple machines.
Id_rsa: generated private key file
Id_rsa.pub: generated public key file
Know_hosts: list of known host public keys
If you want the ssh public key to take effect, you must meet at least the following two conditions:
1) the ssh directory permission must be 700
2). The ssh/authorized_keys File Permission must be 600
2. Remote Password-free Logon
Schematic:
The following methods are commonly used:
2.1 Using ssh-copy-id
Command:Ssh-copy-id-I ~ /. Ssh/id_rsa.put <romte_ip>
Example:
[Root @ test. ssh] # ssh-copy-id-I ~ /. Ssh/id_rsa.pub 192.168.91.135
Root@192.168.91.135's password:
Now try logging into the machine, with "ssh '192. 168.91.135 '", and check in:
. Ssh/authorized_keys
To make sure we haven't added extra keys that you weren't expecting.
[Root @ test. ssh] # ssh root@192.168.91.135
Last login: Mon Oct 10 01:25:49 2016 from 192.168.91.133
[Root @ localhost ~] #
Common Errors:
[Root @ test ~] # Ssh-copy-id-I ~ /. Ssh/id_rsa.pub 192.168.91.135
-Bash: ssh-copy-id: command not found // The system prompts that the command does not exist.
Solution:Yum-y install openssh-clients
2.2 write content to the object's file through scp
Command:Scp-p ~ /. Ssh/id_rsa.pub root @ <remote_ip>:/root/. ssh/authorized_keys
Example:
[Root @ test. ssh] # scp-p ~ /. Ssh/id_rsa.pub root@192.168.91.135:/root/. ssh/authorized_keys
Root@192.168.91.135's password:
Id_rsa.pub 100% 408 0.4KB/s
[Root @ test. ssh] #
[Root @ test. ssh] #
[Root @ test. ssh] #
[Root @ test. ssh] # ssh root@192.168.91.135
Last login: Mon Oct 10 01:27:02 2016 from 192.168.91.133
[Root @ localhost ~] #
You can also perform the following two steps:
$ Scp ~ /. Ssh/id_rsa.pub root @ <remote_ip>: pub_key // copy the file to the remote server
$ Cat ~ /Pub_key> ~ /. Ssh/authorized_keys // append the content to the authorized_keys file. However, you must log on to the remote server to execute this command.
2.3 batch password-free through Ansible
2.3.1 Add the hosts of the machine that requires password-free operations to/etc/ansible/hosts:
[Avoid close]
192.168.91.132
192.168.91.20.
192.168.91.134
2.3.2 execute commands for password-free operations
Ansible <groupname>-m authorized_key-a "user = root key = '{lookup ('file','/root/. ssh/id_rsa.pub ')}'"-k
Example:
[Root @ test sshpass-1.05] # ansible test-m authorized_key-a "user = root key = '{lookup ('file','/root /. ssh/id_rsa.pub ')}' "-k
SSH password: -----> enter the password
192.168.91.135 | success >> {
"Changed": true,
"Key": "ssh-rsa Secure/secure/18B6FV5moE/8yTbFA4dBQahdtVP secure + sodbtgpc34hmahjflsc/SJffLuT/ug/FIG = root@localhost.localdomain ",
"Key_options": null,
"Keyfile": "/root/. ssh/authorized_keys ",
"Manage_dir": true,
"Path": null,
"State": "present ",
"Unique": false,
"User": "root"
}
[Root @ test sshpass-1.05] #
2.4 manual copy and paste
Copy the content of the local id_rsa.pub file to the remote server ~ /. Ssh/authorized_keys File