Set the simplest ssh Secure Automatic Logon mode in Linux

Set the simplest ssh Secure Automatic Logon mode in Linux

A is A local host (that is, A machine used to control other hosts );

B is the remote host (that is, the Server of the controlled machine), if the ip address is 172.24.253.2;

Both system A and system B are Linux

 

Command on:

# Ssh-keygen-t rsa (Press enter three times in a row to generate a public key and a private key in the keystore without a password)

# Ssh root@172.24.253.2 "mkdir. ssh; chmod 0700. ssh" (password required)

# Scp ~ /. Ssh/id_rsa.pub root@172.24.253.2:. ssh/id_rsa.pub (password required)

 

Command on B:

# Touch/root/. ssh/authorized_keys2 (if this file already exists, skip this one)

# Cat/root/. ssh/id_rsa.pub>/root/. ssh/authorized_keys2 (append the id_rsa.pub content to authorized_keys2)

 

Return to machine:

# Ssh root@172.24.253.2 (password not required, login successful)

 

If you can protect your private key, it is safer to enter the password on the shell.

 

 

A little deeper:

 

A simple understanding of the login process on the surface,

First, the ssh-keygen-t rsa command generates a key and a public key, and you can set your own password for the key.

The key can be understood as a key, and the public key can be understood as the lock header corresponding to the key,

Place the lock header (Public Key) on the server to be controlled and lock the server. Only persons with the key (key) can open the lock header, enter the server, and control

For those who own the key, they must know the password of the key to use it (unless the key is not set ), this prevents the key from being configured (the private key is copied)

 

Of course, this example is just easy to understand,

Of course, people with the root password will not be locked, and not necessarily have only one lock (Public Key), but if any lock is used, the corresponding key (Private Key) will be used) the server can be controlled by that person.

Therefore, as long as you have known the root password of the server and put the public key with the root identity on it, you can use the private key corresponding to this public key to "open" server, log on as root, even if the root password has been changed!

 

To control n hosts, you need n pairs of keys (key and public key). The ssh-keygen command can change the name of the key pair at will, for example:

[Root @ wwy. ssh] # ssh-keygen-t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/. ssh/id_rsa):/root/. ssh/id_rsa_192.168.102.12

......

 

In this way, the private key and public key are named respectively:

Id_rsa_192.168.102.12 and id_rsa_192.168.102.12.pub

Then, append the content of the id_rsa_192.168.102.12.pub file to the sever's ~ /. Ssh/authorized_keys2 file,

 

Finally, use the-I parameter of the local SSH command to specify the local key, and log on:

# Ssh-I/root/. Ssh/id_rsa_192.168.102.12 192.168.102.12

 

If a password is set for the key, log on with the key password. If no password is set, log on directly.

The same is true for SCP.