The latest SSH automatic login solution (RSA)

The latest SSH automatic login solution (RSA) I. preface when you directly connect to the server using ssh, you need to manually enter the password. If you do not need to manually enter the password and automatically log on to the SSH server, that would be nice. After one night of research, I finally got it done. (The reason is that the old configuration... information & the latest SSH automatic login solution (RSA) I. preface when you directly connect to the server using ssh, you need to manually enter the password. If you do not need to manually enter the password and automatically log on to the SSH server, that would be nice. After one night of research, I finally got it done. (The reason is that the old configuration method cannot be used correctly.) before configuring, assume that the ssh client is an ssh-client, the ssh server is an ssh-server (the side that runs the ssh service ). II. configuration method 1. use ssh-keygen on the ssh-client side to generate a pair of rsa keys $ ssh-keygen-t rsa Generating public/private rsa key pair. enter file in which to save the key (/home/abee /. ssh/id_rsa ): <回车> Enter passphrase (empty for no passphrase ): <回车> Enter same passphrase again: <回车> Press enter continuously during execution. after the key is generated successfully. Private key is saved in ~ /. Ssh/id_rsa, while the public key is saved in ~ /. Ssh/id_rsa.pub 2. use ssh-add on the ssh-client side to add the generated private key to the ssh agent (this step is not used in the old configuration method) $ ssh-add ~ /. Ssh/id_rsa Identity added: id_rsa (id_rsa) 3. append the above public key (id_rsa.pub) content to $ cat ~ In. ssh/authorized_keys on the ssh-server ~ /. Ssh/id_rsa.pub | ssh username @ ssh-server "cat-> authorized_keys" 4. the configuration is complete. When you log on again using ssh username @ ssh-server, the password is no longer used. 3. restart ssh-client after restarting ssh-client, you need to use ssh-add again to add the above private key to ssh-agent. Because the private key of the last record is not retained after the ssh-agent is restarted, you need to use ssh-add again to add the private key. After testing, it is no problem to perform multiple ssh-add operations on the same private key. generally, ssh-add or ssh-agent filters out duplicate private keys. To achieve one configuration, use it again. You can consider placing the ssh-add execution in ~ /. Profile, the system automatically starts from ~ The ssh-add command in/. profile adds the private key to the ssh-agent. $ Echo "ssh-add ~ /. Ssh/id_rsa ">> ~ /. Profile this method passed the test in ubuntu10.04. 4. a single ssh-client and multiple ssh-servers have been tested. when there are more than one ssh-server, each ssh-server can share the publice key mentioned above. Ssh-client only uses one pirvate key. v. Note 1. the above uses RSA for ssh authentication. for details, refer to man ssh. From the above two environments, we can see that the private key generated by ssh-keygen is a key file, which can be said to be the ssh login password. Therefore, on the ssh-client side, the file permission is generally set to 600. 2. the authorized_keys file for storing the public key on the ssh-server side has at least 400 permissions, that is, at least the user must be readable. In addition, because the public key can calculate the private key, and other public keys are usually written, the permission is generally set to 700. 3. Generally, the best solution for multiple ssh-servers is to use a unique pair of RSA keys for each ssh-server. This prevents the ssh security of only one ssh-server from being affected after a private key is leaked. other ssh-servers are not affected because different RSA keys are used ). VI. differences from the old configuration 1 .. ssh/directory does not have permission requirements on the ssh-server/ssh-client side, so the default 755 is enough. 2. the above configuration does not require the root permission or/etc/ssh/sshd_config (default), and does not require the ssh server to be restarted. Finally, I hope it will be useful to everyone.