Shell instance: ssh, scp password-free Login

I. Requirements

It is often difficult to enter a password for different linux machines, such as ssh Login or scp file copying. You can generate a public key through ssh-keygen, establish a trusted channel between the two machines.

II. Environment Description

Server1: 192.168.10.221 (server controlled end, host name server1.com)

Server2: 192.168.10.222 (server controlled end, host name server2.com)

Client1: 192.168.10.223 (client controller, host name itnul.com)

Client2: 192.168.10.20.( client controller, host name woiit.net)

1. Generate rsa keygen using client1

[Root @ itnul ~] # Ssh-keygen-B 1024-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/. ssh/id_rsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in/root/. ssh/id_rsa.
Your public key has been saved in/root/. ssh/id_rsa.pub.
The key fingerprint is:
Ad: 05: e9: 44: e7: d2: 6a: 9a: 41: 72: 37: a9: e1: 9c: 8e: ea root@itnul.com

You can press enter to directly store the public key and private key. You can press enter to directly enter the private key and password.

2. view the private key and public key files in the. ssh directory

[Root @ itnul ~] # Ls/root/. ssh/
Id_rsa id_rsa.pub known_hosts

3. Copy the public key to the target machine and change it to authorized_keys.

[Root @ itnul ~] # Sshroot@192.168.10.221 "mkdir/root/. ssh; chmod 700/root/. ssh" (Note: The. ssh permission must be set to 700)

[Root @ itnul ~] # Scp/root/. ssh/id_rsa.pub root@192.168.10.221:/root/. ssh/authorized_keys

When you run the scp command for the first time, you will still be prompted to enter the password and whether to continue the link. Copy it to the authorized_keys file name because the file name is specified in/etc/ssh/sshd_config.

4. Test Access to ssh

[Root @ itnul ~] # Ssh 192.168.10.221

Last login: Tue Mar 18 19:59:58 2014 from192.168.10.222

3. Multiple clients manage one server

Add a second Console

1. Generate rsa keygen in client2

[Root @ woiit ~] # Ssh-keygen-B 1024-t rsa

2. Copy the public key to the target machine.

[Root @ woiitl ~] # Scp/root/. ssh/id_rsa.pub root@192.168.10.221:/root/. ssh/id_rsa.pub

3. log on to server1 and add the content to authorized_keys, which cannot be overwritten.

[Root @ server1 ~] # Cat/root/. ssh/id_rsa.pub>/root/. ssh/authorized_keys

4. Test Logon

[Root @ woiitl ~] # Ssh root@192.168.10.221

4. One client manages multiple servers

Add a second server as the foundation

1. Copy the public key to the target machine and change it to authorized_keys.

[Root @ itnul ~] # Ssh root@192.168.10.222 "mkdir/root/. ssh; chmod 700/root/. ssh" (Note: The. ssh permission must be set to 700)

[Root @ itnul ~] # Scp/root/. ssh/id_rsa.pub root@192.168.10.222:/root/. ssh/authorized_keys

2. Test Logon

[Root @ itnul ~] # Ssh root@192.168.10.222

 

Note: The above settings only allow the client to log on to the server without a password. The server cannot log on to the client without a password, for example, client1 → server1, client2 → server2.

V. Reference Links

Http://www.2cto.com/ OS /201205/133514.html

Http://hi.baidu.com/dafkkrcvvzbtvyq/item/d91b9e406dd631096dc2f03c

Vi. Error Correction feedback

Email: contact@itnul.com

QQ group: 216083473 (Certification: IT is in its infancy)

Address: http://yunpan.cn/QDAS83AR29Q2M

Community: http://bbs.itnul.com/