Windows system >> Linux system Tutorial >> Linux system FAQ

Linux SSH no password login

One: ssh schematic is:

1, is to allow the use of ssh between two Linux machines does not require a username and password. Digital signature RSA or DSA is used to complete this operation

2, model analysis

Assume A (192.168.20.59) is the client machine and B (192.168.20.60) is the target machine; Purpose: A machine ssh login B machine does not need to enter a password; encryption method select rsa| Dsa can be, default dsa

Second, the specific operation process

One-way login operation process (can meet the above purpose): 1 , log in to A machine 2, ssh-keygen -t [rsa| Dsa], will generate the key file and private key file id_rsa, id_rsa.pub or id_dsa, id_dsa.pub 3. Copy the .pub file to the .ssh directory of the B machine, and cat id_dsa.pub >> ~/.ssh/authorized_keys 4. You're done, log in to the target account of the B machine from the A machine, no longer need a password; (Run directly #ssh 192.168.20.60)

Two-way login operation :

1, ssh-keygen password verification can make ssh to the other machine, scp does not need to use the password. The specific method is as follows: 2, both nodes perform the operation: #ssh-keygen -t rsa then All carriage returns, using the default value. 3. This creates a pair of keys, which are stored in ~/.ssh in the user directory. Test the public key to the user directory of the other machine and copy it to ~/.ssh/authorized_keys (operation command: #cat id_dsa.pub >> ~/.ssh/authorized_keys).

4, set file and directory permissions: use hadoop users for /home/hadoop home directory, if it is multiple linux, it is best to build the same user name on each

set authorized_keys permissions $ chmod 600 authorized_keys Set the .ssh directory permissions $ chmod 700 -R .ssh

5. Make sure that both .ssh and authorized_keys have write access to the user. Otherwise the verification is invalid. (Today is the problem, looking for a long time problem), in fact, think about it, in order to avoid system vulnerabilities.

When I visit 20.59 from 20.60, I get the following error:

The authenticity of host '192.168.20.59 (192.168.20.59)' can't be established

RSA key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:d0:ca:21:20:94:be:18.

Are You sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.20.59' (RSA) to the list of known hosts.

[email protected] 's password:

Permission denied, please try again.

[email protected]'s password:

Permission denied, please try again.

[email protected]'s password:

Permission denied (publickey,gssapi-with-mic,password).<textarea class="java" style="display: none;" name ="code">The authenticity of host '192.168.20.59 (192.168.20.59)' can't be established.

RSA key fingerprint is 6a:37:c0:e1:09:a4:29 :8d:68:d0:ca:21:20:94:be:18.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.20.59' (RSA) to the list of known hosts.

[email protected]. 20.59's password:

Permission denied, please try again.

[email protected]'s password:

Permission denied, please try again.
< >>@@@@@@@@@@@@@@@@@@@ >

III. Summary Notes

1. Do not set the permissions of files and directories to chmod 777. This permission is too large, not secure, and digital signatures are not supported. I started doing this and I did it.

2. The generated public key of the rsa/dsa signature is used by the other machine. This public key content should also be copied to authorized_keys

(Note that if there are more than three Linux machines such as hostname h1, h2, h3, the username on each station is hadoop, then < on all machines) Br>

/home/hadoop/.ssh/id_dsa.pub Use scp copy to a directory on a machine and write it to /home/hadoop/.ssh/authorized_keys to make it all contain one The large file of the public key, then copy this file to the /home/hadoop/.ssh /authorized_keys under each linux, and then modify the permissions to 600)

3, access between linux Direct ssh machine ip

4, a machine generates its own RSA or DSA digital signature, the public key to the target machine, and then the target machine to receive the relevant permissions (public key and authorized_keys permissions), this The target machine can be digitally signed by the machine without password access

---------------------

linux establishes trust, has been added to authorized_keys, is unsuccessful; permission problem

Establishing trust relationship between Linux hosts Establish a trust relationship between host A and host B, so that Machine A can log in to host B without password ssh.

Execute ssh-keygen -t rsa -b 1024 on host A (also use ssh-keygen -t dsa -b 1024)
< Li> Generate .ssh directory in the home directory
Enter the ~/.ssh directory
Execute cat id_rsa.pub to copy the results (you can also use cat id_dsa.pub, this is generally available) )
Enter the ~/.ssh in the home directory on the B host (if not, execute ssh-keygen)
Paste the copied result into the authorized_keys in the .ssh directory of the B host. The last line of the file
ok, the trust relationship is established, execute ssh user@B on host A for the first time, will prompt a confirmation, select yes to enter, the result is not to enter the password, the login is successful!

There are three points to note, if you have done the above method, or not, then compare the following three:
1. The authorized_keys file must be 600 permissions (that is, -rw——-) or 644
2. The .ssh directory must be 700 permissions (that is, drwx——)
3. The /home/work directory must be 755 privilege That is drwxr-xr-x
  
  The third (3) is too pit, because the /home/user directory is 777, not 755, why not, the trust relationship can not be built, and finally /The permissions of the home/user directory were changed from 777 to 755. . . >_<, a big pit. . .