Sshkey authentication in Linux

Sshkey authentication in Linux

In the actual production environment, sshkey key authentication is often used for data distribution and other operations. You can also operate Intranet servers in batches and implement password-free authentication to push and distribute data.

1. view the environment

Distributor

Node Server

2. Add a system account to the server

3. Generate a key pair

[Root @ localhost1 ~] # Su-bkjia
[Fenfa @ localhost1 ~] $ Whoami
Bkjia

[Fenfa @ localhost1 ~] $ Ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/bkjia/. ssh/id_dsa ):
Created directory '/home/bkjia/. ssh'. # create a directory
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/bkjia/. ssh/id_dsa.
Your public key has been saved in/home/bkjia/. ssh/id_dsa.pub.
The key fingerprint is:
2c: 33: 62: 96: d5: 5a: 56: a8: 19: 63: 29: de: 63: 35: 83: f1 bkjia @ localhost1
The key's randomart image is:
+ -- [DSA 1024] ---- +
|. +... |
|. * O =. |
|. +. * Eo |
|. O * = |
| =. =. S |
| O. + |
|
|
|
+ ----------------- +
[Bkjia @ localhost1 ~] $ Cd/home/bkjia/. ssh/
[Bkjia @ localhost1. ssh] $ ls-ld. ssh
Ls: cannot access. ssh: No such file or directory
[Bkjia @ localhost1. ssh] $ ls-ld/home/bkjia/. ssh/
Drwx ------ 2 bkjia fenfa 4096 Feb 21/home/bkjia/. ssh/
[Bkjia @ localhost1. ssh] $ ll
Total 8
-Rw ------- 1 bkjia fenfa 668 Feb 21 id_dsa
-Rw-r -- 1 bkjia fenfa 606 Feb 21 00:25 id_dsa.pub

[Bkjia @ localhost1. ssh] $ cat/home/bkjia/. ssh/id_dsa
----- Begin dsa private key -----
MIIBuwIBAAKBgQDLu2NAZzbTkIb5qAXlFEEud/Ka3dS37dSzIgpkWeX5M65niDgJ
NoXybn5t14YC5Ur7ef1MXQWsTJlzz1Y6 + 2MXNUnqnttIsbFGqPFCxfITDCryE9xZ
L16LF7LLFcYyAiXDNJApQXRfnt8p4 + 5NYEx7WUtRnFhcAyolGCKGV9FlpQIVAPd4
UIqd7o3o3z + R8JbB0kB7uQmzAoGAb7DhH9aXMrDCERjr3u3kb6/P5yKl1h4Bx/Il
K6Ye/hmly5jPk2ylwifPb0iVHVfKvREVGEQ84SUkYzGhAkws1hcrEp9auunzYDNP
Sw8rTRwnGHe + jeSJpMFyE/XiAdLm9dlvNubgcprAhrY7j2dgM6lMzI4Wzx64yPm5
QqEF3AwCgYAswJiFXDeTFDumtSeAYwukCbuYFmuOZFep17Vo + 5GO/EYmhv0WLkry
Mfkwizeq9rfidj2jvgxmpwrdfiqqethzrs8njkngiwhi8yn/EcjwdHA9iwkMWng
+ Shards/
Lrntwfo0hwe1_dpeghsx
----- End dsa private key -----

4. distribution key

Command Format for Distribution
Ssh-copy-id-I key name user @ Remote Host IP address ------------ used for ssh is the default port
Ssh-copy-id-I key name "-p port user @ Remote Host IP Address" -- used for ssh non-default port

[Bkjia @ localhost1. ssh] $ ssh-copy-id-I id_dsa.pub bkjia@192.168.181.129 # distributed command
The authenticity of host' 192. 168.181.129 (192.168.181.129) 'can't be established.
RSA key fingerprint is 9e: 81: e9: 02: 86: a0: 24: 37: 2b: d0: 4e: AE: d4: 41: 6f: 0d.
Are you sure you want to continue connecting (yes/no )? Y
Please type 'yes' or 'no': yes
Warning: Permanently added '192. 168.181.129 '(RSA) to the list of known hosts.
Bkjia@192.168.181.129's password:
Permission denied, please try again.
Bkjia@192.168.181.129's password:
Permission denied, please try again.
Bkjia@192.168.181.129's password:
Now try logging into the machine, with "ssh 'bkjia @ 192.168.181.129 '", and check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

[Bkjia @ localhost1. ssh] $ ssh-copy-id-I id_dsa.pub bkjia@192.168.181.129
Now try logging into the machine, with "ssh 'bkjia @ 192.168.181.129 '", and check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

Check whether the distribution is successful

[Bkjia @ localhost2 ~] $ Tree/home/bkjia/. ssh/
/Home/bkjia/. ssh/
── Authorized_keys distribution successful

0 directories, 1 file

5. distribute data

No Password required

When data needs to be distributed every day, you can write the command into the script, and then add the scheduled task to automatically distribute the data.

This article permanently updates link: https://www.bkjia.com/Linux/2018-02/151034.htm