Password-free logon in Linux and password-free logon in Linux

Password-free logon in Linux and password-free logon in Linux
1. Generate a key in Linux

For the command manual of ssh-keygen, run the "man ssh-keygen" command:

　　

Run "ssh-keygen-t rsa"

　　

A ". ssh" folder is generated in the root directory of the user.

　　

Entering ". ssh" will generate the following files:

　　

Authorized_keys: stores the public key for remote password-free logon. This file records the public keys of multiple machines.
Id_rsa: generated private key file
Id_rsa.pub: generated public key file
Know_hosts: list of known host public keys

If you want the ssh public key to take effect, you must meet at least the following two conditions:

　　　　　　1) the ssh directory permission must be 700
2). The ssh/authorized_keys File Permission must be 600

2. Remote Password-free Logon

Schematic:

　　　　

The following methods are commonly used:

2.1 Using ssh-copy-id

Command:Ssh-copy-id-I ~ /. Ssh/id_rsa.put <romte_ip>

Example:

[Root @ test. ssh] # ssh-copy-id-I ~ /. Ssh/id_rsa.pub 192.168.91.135
Root@192.168.91.135's password:
Now try logging into the machine, with "ssh '192. 168.91.135 '", and check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

[Root @ test. ssh] # ssh root@192.168.91.135
Last login: Mon Oct 10 01:25:49 2016 from 192.168.91.133
[Root @ localhost ~] #

Common Errors:

[Root @ test ~] # Ssh-copy-id-I ~ /. Ssh/id_rsa.pub 192.168.91.135

-Bash: ssh-copy-id: command not found // The system prompts that the command does not exist.

Solution:Yum-y install openssh-clients

 

2.2 write content to the object's file through scp

Command:Scp-p ~ /. Ssh/id_rsa.pub root @ <remote_ip>:/root/. ssh/authorized_keys

Example:

[Root @ test. ssh] # scp-p ~ /. Ssh/id_rsa.pub root@192.168.91.135:/root/. ssh/authorized_keys
Root@192.168.91.135's password:
Id_rsa.pub 100% 408 0.4KB/s
[Root @ test. ssh] #
[Root @ test. ssh] #
[Root @ test. ssh] #
[Root @ test. ssh] # ssh root@192.168.91.135
Last login: Mon Oct 10 01:27:02 2016 from 192.168.91.133

 

[Root @ localhost ~] #

 

You can also perform the following two steps:

$ Scp ~ /. Ssh/id_rsa.pub root @ <remote_ip>: pub_key // copy the file to the remote server
$ Cat ~ /Pub_key> ~ /. Ssh/authorized_keys // append the content to the authorized_keys file. However, you must log on to the remote server to execute this command.

2.3 batch password-free through Ansible

2.3.1 Add the hosts of the machine that requires password-free operations to/etc/ansible/hosts:
[Avoid close]
192.168.91.132
192.168.91.20.
192.168.91.134

2.3.2 execute commands for password-free operations

　　Ansible <groupname>-m authorized_key-a "user = root key = '{lookup ('file','/root/. ssh/id_rsa.pub ')}'"-k

Example:
[Root @ test sshpass-1.05] # ansible test-m authorized_key-a "user = root key = '{lookup ('file','/root /. ssh/id_rsa.pub ')}' "-k
SSH password: -----> enter the password
192.168.91.135 | success >> {
"Changed": true,
"Key": "ssh-rsa Secure/secure/18B6FV5moE/8yTbFA4dBQahdtVP secure + sodbtgpc34hmahjflsc/SJffLuT/ug/FIG = root@localhost.localdomain ",
"Key_options": null,
"Keyfile": "/root/. ssh/authorized_keys ",
"Manage_dir": true,
"Path": null,
"State": "present ",
"Unique": false,
"User": "root"
}
[Root @ test sshpass-1.05] #

2.4 manual copy and paste

Copy the content of the local id_rsa.pub file to the remote server ~ /. Ssh/authorized_keys File