Example:
A is a local host (that is, a machine used to control other hosts);
b is a remote host (that is, a controlled machine server), if IP is 192.168.60.110;
Both A and B systems are Linux.
To run a command on a:
# ssh-keygen-t RSA (three consecutive returns, that is, the public and private keys are generated locally, no password is set)
# SSH root@192.168.60.110 "mkdir. SSH; chmod 0700. SSH (password required)
# SCP ~/.ssh/id_rsa.pub root@192.168.60.110:.ssh/id_rsa.pub (need to enter password)
The Order on B:
# TOUCH/ROOT/.SSH/AUTHORIZED_KEYS2 (If this file is already present, skip this one)
# cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys2 (append id_rsa.pub content to Authorized_keys2)
Back to a machine:
# SSH root@192.168.60.110 (no password required, login successful)
If you can protect your private key, this method is relative to the shell to enter a password, to be safe
Deep learning
Understanding the logon Process
First ssh-keygen-t RSA command generates a key and a public key, and the key can be set its own password, the key can be understood as a key, the public key to understand the key to the corresponding lock, the lock (public key) to the desired control of the server, lock the server, Only the person who has the key (the key), in order to open the lock, enter the server and control, and for the person who owns the key, must know the key to the password to use this key (unless the key is not set the password), so that the key can be prevented from being matched (the private key is copied).
Of course, this example is just easy to understand,
The person with the root password is certainly not locked, and there is not necessarily only one lock (public key), but if any lock is opened with its corresponding key (private key), the server can be controlled by that person.
So, as long as you know the server's root password, and will have the root of the public key to the above, you can use the public key corresponding to the private key "open" server, and then log in as root, even if the root password has been changed!
If you want to control n machines, you need n pairs of keys (keys and public keys), the Ssh-keygen command can change the name of the key pair arbitrarily, for example:
[Root@wwy. ssh]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):/root/.ssh/id_rsa_192.168.102.12
......
This is the name of the private key and the public key, respectively:
Id_rsa_192.168.102.12 and Id_rsa_192.168.102.12.pub
The contents of the Id_rsa_192.168.102.12.pub file are then appended to the sever ~/.ssh/authorized_keys2 file.
Finally, the local key is specified locally with the-I parameter of the SSH command and logged in:
# ssh-i/root/.ssh/id_rsa_192.168.102.12 192.168.102.12
If the key is set with a password, log in with the key password, and then log in directly without setting the password.
The SCP is the same.
Such as:
Scp-i/root/.ssh/id_rsa./xxx 192.168.102.158:/home/wwy/bak