SSH key Logon (two methods)

Source: Internet
Author: User

Method 1:

In the following example, ssky-keygen and SSH-copy-ID can be used to log on to a remote Linux host without a password.
Ssh-keygen creates the public key and key.
Ssh-copy-ID copies the public key of the local host to the authorized_keys file of the remote host.
The SSH-copy-ID will also be sent to the user home directory (home) and ~ of the remote host ~ /. Ssh, and ~ /. Ssh/authorized_keys.

Step 1: Use SSH-key-Gen to create a public key and a key on the local host
[Email protected] $ ssh-keygen-T RSA
Enter file in which to save the key (/home/jsmith/. Ssh/id_rsa): [key file name]
Enter passphrase (empty for no passphrase): [key and password (enter the key without a password)]
Enter same passphrase again: [enter the key and password again]
Your identification has been saved in/home/jsmith/. Ssh/id_rsa.
Your public key has been saved in/home/jsmith/. Ssh/id_rsa.pub.
The key fingerprint is: 33: B3: Fe: AF: 95: 95: 18: 11: 31: D5: de: 96: 2f: F2: 35: F9
[Email protected]

Step 2: Use SSH-copy-ID to copy the public key to the remote host.
[Email protected] $ ssh-copy-ID-I ~ /. Ssh/id_rsa.pub [email protected]
[Email protected]'s password:
Now try logging into the machine, with-ssh? Remote-host '', and check in:
. Ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
[Note: The Ssh-copy-ID appends the key to. Ssh/authorized_key of the remote host.]

Step 3: log on to the remote host directly
[Email protected] $ SSH remote-host
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
[Note: SSH does not ask for the password.]
[Email protected] $
[Note: You have logged on to the remote host]

Http://blog.163.com/lgh_2002/blog/static/44017526201011333227161/

Method 2

I. Overview

1. the user name and password are not required for two Linux machines to use SSH. Digital signature RSA or DSA is used to complete this operation.

2. Model Analysis

Assume that machine a is the customer machine, and machine B is the target machine;

Goals:
Machine A does not need to enter a password to log on to machine B through SSH;
Select RSA for encryption. | DSA is supported. The default value is DSA.

 

Ii. Procedure

 

One-way login operation process (to meet the above objectives ):
1. log on to machine
2. Ssh-keygen-T [RSA | DSA] will generate the key file and private key file id_rsa, id_rsa.pub or id_dsa, id_dsa.pub
3. Copy the. Pub file to the. Ssh directory of machine B and CAT id_rsa.pub >> ~ /. Ssh/authorized_keys
4. As a result, you can log on to the target account of machine B from machine A without a password. (directly run# SSH username @ IP)

Http://blog.csdn.net/kongqz/article/details/6338690

 

Note the following:

1. Configure the Private Key
A. Use the command ssh-keygen-t rsa to generate a key. A private key and a public key are generated. If passphrase is input, press Enter, after you log on to the server, the password will not be verified; otherwise, passphrase will be required. By default, the private key will be placed in/(User Name )/. put the ssh/id_rsa Public Key in
/Username/. Ssh/id_rsa.pub.
B. Copy the public key to the/(User Name)/. Ssh/authorized_keys file on the remote server.
(SCP/username/. Ssh/id_rsa.pub server:/username/. Ssh/authorized_keys). Note that the file name must be authorized_keys.
C. The private key is retained on the client, and the Public Key is retained. That is, the server must have a public key and the client must have a private key. In this way, you can achieve password-free login authentication.
2. If you want to maximize security and disable Password Logon, you can modify
Change passwordauthentication yes
Passwordauthentication No
That is, password authentication is not allowed.

SSH key Logon (two methods)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.