"Linux" SSH password-free login

Last Update:2017-09-04 Source: Internet

Author: User

Tags parent directory file permissions

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

First, SSH free-secret configuration

SSH login with no password to use the public and private keys. Linux can be used to generate a public/private key pair with Ssh-keygen, below I take CentOS as an example.

There is machine A (192.168.1.155), B (192.168.1.181). Now want to a through SSH password-free login to B.

1. Generate a public/private key pair under the a machine.

[[email protected] ~]$ ssh-keygen-t rsa-p '

-P for the password,-p ' means the empty password, you can not use the-p parameter, so that three cars to enter, with-P on a return.
It generates the. SSH directory under/HOME/CHENLB, with Id_rsa and id_rsa.pub under SSH.

2. Copy the id_rsa.pub under the A machine to B machine, in the. ssh/authorized_keys file of B machine, I use SCP to copy.

[Email protected] ~]$ SCP. ssh/id_rsa.pub [Email protected]:/home/chenlb/id_rsa.pub
[email protected] ' s password:
Id_rsa.pub 100% 223 0.2kb/s 00:00

Since there is no password-free login, enter the password.

The 3.B machine adds the id_rsa.pub copied from a machine to the. ssh/authorzied_keys file.

[email protected] ~]$ cat id_rsa.pub >>. Ssh/authorized_keys
[Email protected] ~]$ chmod Ssh/authorized_keys

The following is a list of permissions for the. SSH directory and sub-files:

drwx------  2 Hadoop hadoop 4096 2014-06-02 15:32.  DRWXR-xr-x hadoop 4096 2014-06-02 15:06.. -rw-r--r--  1 Hadoop hadoop 2252 2014-06-02 15:32 authorized_keys-rw-------  1 hadoop hadoop  668 2014-06-02 15:11 id_dsa-rw-r--r--  1 hadoop hadoop  615 2014-06-02 15:11 ID_DSA.  Pub-rw-------  1 hadoop hadoop 1675 2014-06-02 15:32 id_rsa-rw-r--r--  1 Hadoop hadoop  407 2014-06-02 15:32 Id_rsa. pub-rw-r--r--  1 hadoop hadoop  442 2014-06-02 15:08 known_hosts

4.A Machine login B machine.

[[email protected] ~]$ ssh 192.168.1.181
The authenticity of host ' 192.168.1.181 (192.168.1.181) ' can ' t be established.
RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 192.168.1.181 ' (RSA) to the list of known hosts.
Last Login:thu Jul 3 09:53:18 from CHENLB
[Email protected] ~]$

The first time you log in is when you want to enter Yes.

Now a machine can be no password login B machine.

Summary: Log on the machine can have a private key, the machine to be logged on to have the public key of the machine. This public/private key pair is typically generated on the private key host. Above is the RSA algorithm's public/private key pair, of course, you can also use DSA (the corresponding file is id_dsa,id_dsa.pub)

Want to let A, B machine without password mutual login, that machine is configured in the same manner as above.

Reference: Ssh-keygen usage http://blog.163.com/[email protected]/blog/static/158584272007101862513886/

Second, SSH password-free login failed to find the wrong method

1. View SSH running status

Ps-e | grep ssh

If sshd and ssh-agent are found to indicate that the SSH service is basically functioning properly

2. Generate public and private keys

Ssh-keygen-t rsa-p ""

3. Append the public key to the file

Cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

4. Test

SSH localhost

If you find that you can log in without entering your password, the SSH password-free mechanism is successful.

5. One of the reasons for the failure:. Permissions issues for SSH and its subordinate sub-files:

The preferred. SSH directory permissions are 700, two DSA and RSA private key permissions are 600, and the remaining file permissions are 644.

The following is a list of permissions for the. SSH directory and sub-files:

DRWX------  2 Hadoop hadoop 4096 2014-06-02 15:32.  DRWXR-xr-x hadoop 4096 2014-06-02 15:06.. -rw-r--r--  1 Hadoop hadoop 2252 2014-06-02 15:32 authorized_keys-rw-------  1 hadoop hadoop  668 2014-06-02 15:11 id_dsa-rw-r--r--  1 hadoop hadoop  615 2014-06-02 15:11 ID_DSA.  Pub-rw-------  1 hadoop hadoop 1675 2014-06-02 15:32 id_rsa-rw-r--r--  1 Hadoop hadoop  407 2014-06-02 15:32 Id_rsa. pub-rw-r--r--  1 hadoop hadoop  442 2014-06-02 15:08 known_hosts

6. Permissions issues for the parent directory of SSH (my question is here):

The parent directory file permission for SSH should be 755, which is the user file of the owning user (a user file from/home).

"Linux" SSH password-free login

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More