What is the password-free configuration method for linux remote login ssh

1. Scenario

Allow remote SSH password-free login between hosts.

2. The principle
is very simple. Use ssh-keygen to generate private and public keys on host a, and copy the generated public key to the remote machine host b. , you can use the ssh command to log in to another machine, host b, without a password.

3. Steps

Host a:

1. Generate the public key and private key files id_rsa and id_rsa.pub (press Enter 3 times That’s it)
[root@bogon ~]# ssh-keygen -t rsa
generating public/private rsa key pair.
enter file in which to save the key (/root/.ssh/id_rsa) :
enter passphrase (empty for no passphrase):
enter same passphrase again:
your identification has been saved in /root/.ssh/id_rsa.
your public key has been saved in /root /.ssh/id_rsa.pub.
the key fingerprint is:
67:da:0d:79:e0:d6:2b:cd:7d:22:af:51:7e:9c:75:fe root@bogon
the key's randomart image is:
--[rsa 2048]----
| |
| |
| . |
| . |
| s b o . o|
| * * = o |
| . o b .=|
| . .|
| ... e|
-------- ---------

2. The ssh-cop-id command will copy the specified public key file to the remote computer

[root@bogon ~]# ssh-copy -id -i ~/.ssh/id_rsa.pub root@10.1.250.166
the authenticity of host '10.1.250.166 (10.1.250.166)' can't be established.
rsa key fingerprint is c8:9d :6d:92:55:77:3d:3e:af:f5:cb:18:80:5a:47:93.
are you sure you want to continue connecting (yes/no)? yes
warning: permanently added '10.1.250.166' (rsa) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [10.1.250.166] failed - possible break-in attempt!
root@10.1.250.166' s password:
now try logging into the machine, with "ssh 'root@10.1.250.166'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

3. Then log in to the host via ssh to verify whether a password is required

[root@localhost ~] # ssh 10.1.250.166
reverse mapping checking getaddrinfo for bogon [10.1.250.166] failed - possible break-in attempt!
last login: wed oct 21 10:05:39 2015 from 10.1.250.141
[ root@bogon ~]

#4. After successful login, we need to do the above 3 steps on host b, so that we can log in to each other through ssh without password. (If there are multiple hosts, perform the same operation on each host to facilitate future management).

5. Permission issues
It is recommended that if you use other users to log in via ssh, adjust the directory file permissions
Set authorized_keys permissions

chmod 644 authorized_keys

Set up .ssh Directory permissions

chmod 700 -r .ssh

6. Make sure that only the user has write permissions for .ssh and authorized_keys. Otherwise the verification is invalid.

The above is the detailed content of What is the password-free configuration method for linux remote login ssh. For more information, please follow other related articles on the PHP Chinese website!