Use RSA certificate authentication instead of password for SSH Login
Source: Internet
Author: User
Log on to SSH and use RSA certificate authentication instead of password-Linux Enterprise Application-Linux server application information. The following is a detailed description. When you use the cvs command in Linux, it is inconvenient to enter a password for each submission, query status, update, and other operations. Is there a way to leave the password empty?
Of course, SSH supports multiple authentication methods. We can use public and private keys for authentication. The following describes the specific practices. Assume that two Linux servers are server1 and server2. We use the user dboper as an example (that is, dboper users are created on both servers ).
Log on to Server 1 with dboper. Run the following command:
Ssh-keygen-d
Generating public/private dsa key pair.
Enter file in which to save the key (/home/wuysh/. ssh/id_dsa): (use the default value, press Enter)
Enter passphrase (empty for no passphrase): (no password, press Enter)
Enter same passphrase again: (Press Enter)
Your identification has been saved in/home/wuysh/. ssh/id_dsa.
Your public key has been saved in/home/wuysh/. ssh/id_dsa.pub.
In this way, the following two files are generated under the user's. ssh directory:
Id_dsa
Id_dsa.pub
In the user's. in the ssh directory, copy id_dsa.pub to the authorized_keys2 file, and change the authorized_keys2 attribute to 600, that is, the file owner has the read and write permissions, and the group users and other users are prohibited from reading and writing.
Cp id_dsa.pub authorized_keys2
Chmod 600 authorized_keys2.
Then, log on to server 2 with dboper and perform the preceding operation.
In this way, both servers generate the user's public key and private key, and then perform mutual authentication. Put the public key on the other server.
Server2 recognizes server1, that is, server1 does not need to enter a password when logging on to server2:
Copy id_dsa.pub on server1 to server2 (do not overwrite id_dsa.pub on server2) and copy it to id_dsa.pub_server1. Add the content of id_dsa.pub_server1 to the authorized_keys2 file in the dboper user. ssh directory on server2.
Cat id_dsa.pub_server1> authorized_keys2
OK. Now you log on to server2 as a dboper user on server1, and you no longer need a password.
Ssh dboper @ server2
Enter now. No Password is prompted.
If you want to recognize server2 on server1, add the content in id_dsa.pub on server2 to the authorized_keys2 file under the user. ssh directory on server1.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
