{"id":6749,"date":"2017-06-03T17:33:51","date_gmt":"2017-06-03T09:33:51","guid":{"rendered":"http:\/\/rmohan.com\/?p=6749"},"modified":"2017-06-03T17:33:51","modified_gmt":"2017-06-03T09:33:51","slug":"linux-to-achieve-ssh-password-free-remote-access-server","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=6749","title":{"rendered":"Linux to achieve SSH password-free remote access server"},"content":{"rendered":"

Linux to achieve SSH password-free remote access server<\/strong><\/p>\n

Description<\/p>\n

Usually use SSH login remote server, you need to use the input password, hoping to achieve through the key login and exemption from the input password,
\nwhich can be achieved for the future batch automatic deployment of the host to prepare.<\/p>\n

The environment is as follows:<\/p>\n

IP address\toperating system
\nService-Terminal\t192.168.1.10\/24\tCentOS 6.5 x86
\nClient\t192.168.1.129\/24\tUbuntu 16.04 x86<\/p>\n

1. The client generates a key pair<\/p>\n

Generate key pair:<\/p>\n

rmohan@rmohan:~$ ssh-keygen -t rsa -b 2048
\nGenerating public\/private rsa key pair.
\nEnter file in which to save the key (\/home\/rmohan\/.ssh\/id_rsa):
\nCreated directory ‘\/home\/rmohan\/.ssh’.
\nEnter passphrase (empty for no passphrase):
\nEnter same passphrase again:
\nYour identification has been saved in \/home\/rmohan\/.ssh\/id_rsa.
\nYour public key has been saved in \/home\/rmohan\/.ssh\/id_rsa.pub.
\nThe key fingerprint is:
\nSHA256:eLssyXJLzUCfSN5mu6nqNH9dB\/gOyXSvWBwQdNssIYE rmohan@rmohan
\nThe key’s randomart image is:
\n+—[RSA 2048]—-+
\n| o=oo |
\n| E .o = |
\n| o oo o |
\n| + = .o +. |
\n| = So = + |
\n| B o+ = o |
\n| o…=. * o |
\n| ..+=..+o o |
\n| .o++== |
\n+—-[SHA256]—–+
\nView the generated key pair:<\/p>\n

Linuxidc @ rmohan: ~ $ ls .ssh
\nid_rsa id_rsa.pub <\/p>\n

# id_rsa for the private key, this generally need to keep confidential; id_rsa.pub for the public key, this can be made public.<\/p>\n

2. Upload the public key to the server<\/p>\n

Use the scp command to:<\/p>\n

rmohan@rmohan:~$ scp .ssh\/id_rsa.pub root@192.168.1.129:\/root
\nThe authenticity of host ‘192.168.1.129(192.168.1.129)’ can’t be established.
\nRSA key fingerprint is SHA256:0Tpm11wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0.
\nAre you sure you want to continue connecting (yes\/no)? yes
\nWarning: Permanently added ‘10.0.0.128’ (RSA) to the list of known hosts.
\nroot@10.0.0.128’s password:
\nid_rsa.pub 100% 393 0.4KB\/s 00:00
\n3. Server-side operation <\/p>\n

Add the public key from the client to .ssh \/ authorized_keys:<\/p>\n

[root@rmohan ~]# cat id_rsa.pub >> .ssh\/authorized_keys
\n[root@rmohan ~]# chmod 600 .ssh\/authorized_keys<\/p>\n

# authorized_keys 600
\n Modify the ssh configuration file \/etc\/ssh\/sshd_config, find the following line:<\/p>\n

PubkeyAuthentication no
\n change into:<\/p>\n

PubkeyAuthentication yes
\n4. Test <\/p>\n

Log on to the server using the key on the client:<\/p>\n

rmohan@rmohan:~$ ssh -i .ssh\/id_rsa root@192.168.1.129
\nLast login: Tue May 9 15:14:01 2017 from 192.168.1.129<\/p>\n

[root@rmohan ~]#
\n5. Precautions
\nIn the server side need to turn off selinux, or finally can not use the key for remote login;
\nThe client uses the scp command, the server also need to install ssh client, or can not upload the public key to the server side,
\nyou can also use ssh-copy-id root@192.168.1.129 instead of scp operation (so that the server Do not need to perform the operation. Ssh directory and other operations, that is equivalent to the order can help us complete the key upload and configuration work);
\nThe following article on SSH related you may also like, may wish to refer to the following:<\/p>\n","protected":false},"excerpt":{"rendered":"

Linux to achieve SSH password-free remote access server<\/p>\n

Description<\/p>\n

Usually use SSH login remote server, you need to use the input password, hoping to achieve through the key login and exemption from the input password, which can be achieved for the future batch automatic deployment of the host to prepare.<\/p>\n

The environment is as follows:<\/p>\n

[…]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6749"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6749"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6749\/revisions"}],"predecessor-version":[{"id":6750,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/6749\/revisions\/6750"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}