SSH learning 3 SSH and SCP Login Without Password

Generally, a password is required each time you log on via ssh or use scp to copy files from a remote system before further processing. To omit the step of entering a password, you can use Shell script to solve the problem. However, you need to put the password manually entered in the script file as an explicit code.

Using the key configuration file, OpenSSH can be an intermediate step for password verification omitted during ssh remote logon and scp file replication. Therefore, the ssh client should first establish an OpenSSH connection, and then automatically want the server to send its public key. Then, the server can compare the received keys based on the pre-defined key list in the corresponding user's home directory. If a matching key exists, the server will allow ssh or sco to log on automatically.

The key file must be generated separately. The generated key file is stored in the main directory of the server user ~ /. Ssh subdirectory. The id_rsa and id_rsa.pub files are private keys and public keys respectively, while the authorized_keys file is used to store the public keys of all authorized remote customer systems, this allows the remote client system to log on to the local system as a user without providing a password.

To achieve ssh and scp password-less login, You need to generate and install the remote logon and data transmission keys in advance. The only restriction is that the keys must be bound to the IP addresses of the two systems. Then, the server can use the pre-installed key to verify each remote login and file transfer. However, this function is not suitable for dynamically allocating IP addresses using the DCHP protocol, resulting in frequent IP address changes.

As you only need to know the user name to achieve Remote Registration and file transmission, without providing a password, this function is risky. Therefore, it is best to use a common user account between the server and the client in the specific implementation, so as not to cause great damage.

The following uses a webgod user as an example to describe in detail what preparations should be made by both the client and server of OpenSSH before implementing ssh and scp password-less login.

1. Client Configuration

Create a webgod user with the same name in the client and server systems, log on to the client system as a webgod user, and use the ssh-keygen command to generate a key pair. When the system prompts you to Enter a password associated with the key, press Enter.

The two generated key files are stored in the. ssh subdirectory of the webgod user's home directory. The id_rsa File Stores private keys, and the id_rsa.pub File Stores public keys (used to submit remote servers and decrypt encrypted data transmitted by clients ).

Run the following command to copy the generated public key file id_rsa.pub to the webgod user home directory of the remote system.

$ Scp ~ /. Ssh/id_rsa.pub webgod@10.203.131.191: pub_key

2. Server Configuration

Log on to the OpenSSH server as a webgod user, and use the cat command and the ">" redirection symbol to append the data in the pub_key file to the end of the authorized_keys file.

$ Cat ~ /Pub_key> ~ /. Ssh/authorized_keys

The authorized_keys file contains a list of public keys of all OpenSSH client systems. If the webgod users in the customer system listed in the table are still connected to the server as the same identity, no password is required.

3 Examples

After all the above settings are completed, when the webgod user of the OpenSSH client connects to the remote host using ssh, scp, or sftp as webgod, the user will no longer be prompted to enter the password.

However, this method does not work for other users on the client. Even if they log on to the remote server as webgod users, they still need to provide a password.