Configuration method of ssh password free login
Target: user usera on server ServerA and user userb on server ServerB without password
Steps:
1, Log in to the ServerA server using usera first
[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera
2, Generate key pair on serverA
[usera@serverA ~]$ ssh-keygen -t rsa #Specify rsa as encryption algorithm
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa): #Full path to file where private key is saved
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase): #Password can be empty
Enter same passphrase again:
Your identification has been saved in /home/usera/.ssh/id_rsa. #Generate private key
Your public key has been saved in /home/usera/.ssh/id_rsa.pub. #Generate public key
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| Eo* |
| @ . |
| = * |
| o o . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+
The key pair is generated in the / home/usera/.ssh directory
[usera@serverA ~]$ ls -la .ssh
//Total consumption 16
drwx------ 2 usera usera 4096 8month 24 09:22 .
drwxrwx--- 12 usera usera 4096 8month 24 09:22 ..
-rw------- 1 usera usera 1675 8month 24 09:22 id_rsa #Private key
-rw-r--r-- 1 usera usera 399 8month 24 09:22 id_rsa.pub #Public key
3, Upload the newly generated public key id_rsa.pub to ServerB server, log in to ServerB as userb user, and then append the newly uploaded id_rsa.pub to ~ /. ssh/authorized_keys
[usera@serverA ~]$ scp -p 22 ~/.ssh/id_rsa.pub userb@ServerB:~/.ssh/tmp/
#To upload the public key id_rsa.pub to the ~ /. ssh/tmp / directory in ServerB, you need to enter the password of userb@ServerB
[usera@serverA ~]$ ssh –p 22 userb@ServerB
#Log in to ServerB with userb from ServerA
[userb@serverB ~]$ cat ~/.ssh/tmp/id_rsa.pub >> ~/.ssh/authorized_keys
#Append the uploaded public key id_rsa.pub to ~ /. ssh/authorized_keys
Be careful
The permissions of the. ssh directory are 700, and the permissions of the authorized keys and private keys are 600. Otherwise, it will be unable to log in without password due to permission problems. We can see that the known hosts file will be generated after login.
[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
-rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa #Private key
-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub #Public key
-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts
After that, we can log in without password:
[usera@serverA ~]$ ssh userb@serverB
In addition, there are several ways to append the public key of usera@ServerA to the ~ /. ssh/authorized_keys file of userb@ServerB:
Copy the public key to server B through scp, and then append the public key to ~ /. ssh/authorized_keys file on server B, which is the method I demonstrated above
-
By the following command:
[usera@serverA ~]$ cat ~/.ssh/id_rsa.pub | ssh -p 22 userb@ServerB 'cat >> ~userb/.ssh/authorized_keys'This is also a common method, because the port number can be changed.
-
Through the SSH copy ID program, use the command SSH copy ID userb @ serverb. The specific instructions are as follows:
[usera@ServerA ~]$ ssh-copy-id userb@ServerB The authenticity of host 'ServerB' can't be established. RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ServerB' (RSA) to the list of known hosts. userb@ServerB's password: Now try logging into the machine, with "ssh 'userb@ServerB'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.At this time, the contents of usera's public key file will be appended and written to userb's. ssh/authorized_keys file