Environmental description:

Operating system: centos-7-x86_-minimal-1611

Virtual machine: VMware ® Workstation 12 Pro; 12.5.5 build-5234757

Server: node1 (User1), node2 (User2)

Implementation content:

The user User1 of node1 server can log into the User2 account of node2 through SSH without key;

Configuration process:

By default, user User1 on node1 needs to enter a password to connect to node2, as follows:

  1 [User1@localhost ~]$ ssh User2@node2
  2 The authenticity of host 'node2 (192.168.126.141)' can't be established.
  3 ECDSA key fingerprint is 0c:f2:1d:5b:0a:ea:38:43:e7:d2:07:28:d8:05:8a:d6.
  4 Are you sure you want to continue connecting (yes/no)? yes
  5 Warning: Permanently added 'node2,192.168.126.141' (ECDSA) to the list of known hosts.
  6 User2@node2's password:
  7 Last login: Fri Feb  2 17:03:45 2018

1. Now generate a pair of public key and private key through User1 in the / home/User1 directory of node1:

  1 [User1@localhost ~]$ ssh-keygen -t rsa
  2 Generating public/private rsa key pair.
  3 Enter file in which to save the key (/home/User1/.ssh/id_rsa):
  4 Enter passphrase (empty for no passphrase):
  5 Enter same passphrase again:
  6 Your identification has been saved in /home/User1/.ssh/id_rsa.
  7 Your public key has been saved in /home/User1/.ssh/id_rsa.pub.
  8 The key fingerprint is:
  9 ff:cc:0e:22:aa:79:54:d3:15:90:bd:98:2b:26:e1:35 User1@localhost.localdomain
 10 The key's randomart image is:
 11 +--[ RSA 2048]----+
 12 |       .+..     |
 13 |       . o     |
 14 |       . + .     |
 15 |   . E + .     |
 16 |   . + oS.       |
 17 |    + o ..       |
 18 |   . o... o     |
 19 |   ... . . =     |
 20 |  oo.     .=   |
 21 +-----------------+

2. Then upload the public key to the User2 user of node2:

  1 [User1@localhost ~]$ ssh-copy-id User2@node2
  2 /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  3 /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  4 User2@node2's password:
  5 ​
  6 Number of key(s) added: 1
  7 ​
  8 Now try logging into the machine, with:   "ssh 'User2@node2'"
  9 and check to make sure that only the key(s) you wanted were added.

3. Login validation succeeded:

Explain:

1. At this time, the contents of the private key file of user User1 on node1 (id_rsa.pub) will be appended to the ~ /. ssh/authorized_keys file of user User2 on node2:

2. You can also copy the public key on node1 server to node2 server through scp command, and then append it to ~ /. ssh/authorized_keys,

  1 scp ~/.ssh/id_rsa.pub User2@node2:~/

3. You can also append directly through the cat command:

  1 cat ~/.ssh/id_rsa.pub | ssh -P 22 User2@node2 'cat >> ~/.ssh/authorized_keys'