This article describes how to use rsa for password-free logon over ssh in linux. For more information, see
A is A local host (that is, A machine used to control other hosts );
B is the remote host (that is, the Server of the controlled machine), if the ip address is 172.24.253.2;
Command on:
Copy codeThe code is as follows:
Ssh-keygen-t rsa
(Press enter three times in a row to generate a public key and a private key in the producer. If no password is set, the generated public key and private key are ~ /. In the ssh Directory, id_rsa is the private key and id_rsa.pub is the public key)
Copy codeThe code is as follows:
Ssh muye@172.24.253.2
Mkdir. ssh
Chmod 700. ssh
(Enter the password. note: The. ssh permission must be set to 700)
Copy codeThe code is as follows:
Scp ~ /. Ssh/id_rsa.pub muye@172.24.253.2 :~ /. Ssh
Then create the authorized_keys file on the server:
Copy codeThe code is as follows:
Touch ~ /. Ssh/authorized_keys
Chmod 600 ~ /. Ssh/authorized_keys
(Note ~ /. The ssh/authorized_keys permission is changed to 600. This file is used to save the public key generated by the ssh client. you can modify the ssh server configuration file/etc/ssh/sshd_config of the server to change the file name, the default value is authorized_keys)
Copy codeThe code is as follows:
Cat id_rsa.pub> authorized_keys
# (Append the content of id_rsa.pub to authorized_keys. Be sure not to use>. Otherwise, the original content will be cleared and others will not be able to log on using the original key)
Return to machine:
Copy codeThe code is as follows:
# Ssh muye@172.24.253.2 (password not required, login successful)
A simple understanding of the login process on the surface,
First, the ssh-keygen-t rsa command generates a key and a public key, and you can set your own password for the key.
The key can be understood as a key, and the public key can be understood as the lock header corresponding to the key,
Place the lock header (public key) on the server to be controlled and lock the server. only persons with the key (key) can open the lock header, enter the server, and control
For those who own the key, they must know the password of the key to use it (unless the key is not set ), this prevents the key from being configured (the private key is copied)
More concise method:
Step 1. if no authorized_keys file exists on the server, skip this step: (if Yes)
Copy codeThe code is as follows:
Ssh muye@172.24.253.2
Mkdir. ssh
Chmod 700. ssh
Touch ~ /. Ssh/authorized_keys
Chmod 600 ~ /. Ssh/authorized_keys
Step 2. on the local machine:
Copy codeThe code is as follows:
Ssh-keygen-t rsa
Ssh-copy-id-I ~ /. Ssh/id_rsa.pub muye@172.24.253.2
Ssh-keygen-t rsa # Press Enter Next three times, indicating no password. You can.
Note: ssh-copy-id automatically appends the key to. ssh/authorized_key of the remote host.