Linux to achieve SSH password-free remote access server
Description
Usually use SSH login remote server, you need to use the input password, hoping to achieve through the key login and exemption from the input password,
which can be achieved for the future batch automatic deployment of the host to prepare.
The environment is as follows:
IP address operating system
Service-Terminal 192.168.1.10/24 CentOS 6.5 x86
Client 192.168.1.129/24 Ubuntu 16.04 x86
1. The client generates a key pair
Generate key pair:
rmohan@rmohan:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rmohan/.ssh/id_rsa):
Created directory ‘/home/rmohan/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rmohan/.ssh/id_rsa.
Your public key has been saved in /home/rmohan/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eLssyXJLzUCfSN5mu6nqNH9dB/gOyXSvWBwQdNssIYE rmohan@rmohan
The key’s randomart image is:
+—[RSA 2048]—-+
| o=oo |
| E .o = |
| o oo o |
| + = .o +. |
| = So = + |
| B o+ = o |
| o…=. * o |
| ..+=..+o o |
| .o++== |
+—-[SHA256]—–+
View the generated key pair:
Linuxidc @ rmohan: ~ $ ls .ssh
id_rsa id_rsa.pub
# id_rsa for the private key, this generally need to keep confidential; id_rsa.pub for the public key, this can be made public.
2. Upload the public key to the server
Use the scp command to:
rmohan@rmohan:~$ scp .ssh/id_rsa.pub root@192.168.1.129:/root
The authenticity of host ‘192.168.1.129(192.168.1.129)’ can’t be established.
RSA key fingerprint is SHA256:0Tpm11wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.0.0.128’ (RSA) to the list of known hosts.
root@10.0.0.128’s password:
id_rsa.pub 100% 393 0.4KB/s 00:00
3. Server-side operation
Add the public key from the client to .ssh / authorized_keys:
[root@rmohan ~]# cat id_rsa.pub >> .ssh/authorized_keys
[root@rmohan ~]# chmod 600 .ssh/authorized_keys
# authorized_keys 600
Modify the ssh configuration file /etc/ssh/sshd_config, find the following line:
PubkeyAuthentication no
change into:
PubkeyAuthentication yes
4. Test
Log on to the server using the key on the client:
rmohan@rmohan:~$ ssh -i .ssh/id_rsa root@192.168.1.129
Last login: Tue May 9 15:14:01 2017 from 192.168.1.129
[root@rmohan ~]#
5. Precautions
In the server side need to turn off selinux, or finally can not use the key for remote login;
The client uses the scp command, the server also need to install ssh client, or can not upload the public key to the server side,
you can also use ssh-copy-id root@192.168.1.129 instead of scp operation (so that the server Do not need to perform the operation. Ssh directory and other operations, that is equivalent to the order can help us complete the key upload and configuration work);
The following article on SSH related you may also like, may wish to refer to the following:
Recent Comments