Machine A (192.168.221.128), B (192.168.221.129). Now think that A and B want to log in through SSH without password.
Install openssh
First of all, we need to check whether the machine has installed the openssh server (openssh-server) or client (openssh-clients), we can use the rpm command and grep command to query, before that we have to distinguish the difference between the server and the client
- Server (openssh-server): control terminal, which can control the host where the client is installed
- Client (openssh-clients): the controlled end, which can be controlled by the server
[root@promote ~]# rpm -qa|grep openssh
openssh-6.6.1p1-22.el7.x86_64
openssh-clients-6.6.1p1-22.el7.x86_64
openssh-server-6.6.1p1-22.el7.x86_64
Here you can see our host server and the client have been installed, which means a host of others we can control via SSH, others can control my host via SSH
that if the machine is not installed openssh it, all right, Through the yum command
[root@promote ~]# yum install openssh
that's it.
Then you can start the service through the service sshd start command
[root@promote ~]# service sshd start
Redirecting to /bin/systemctl start sshd.service
Prompt appears above signifies a successful start
Note: whenever you want to log in via SSH password required to install openssh-free host
Generate key
The service is started successfully, we can generate the key, because if we want SSH password-free login, then we must first have a password, we can generate the password through the ssh-keygen command
[root@promote ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f2:64:e8:ae:5d:7d:af:ea:0c:7a:7e:20:2e:e7:51:d2 [email protected]
The key’s randomart image is:
+–[ RSA 2048]—-+
| |
| |
| |
| o |
| + E |
| ..B.. |
| .o.+.. . |
| .oo+.o.. . |
| . == o.o +…. |
+ —————– +
After playing ssh-keygen command all the way to enter on it
then we open the file in the root directory .ssh folder
[root@promote ~]# cd .ssh
[root@promote .ssh]# ll
总用量 16
-rw——-. 1 root root 410 5月 2 22:21 authorized_keys
-rw——-. 1 root root 1675 5月 2 22:19 id_rsa
-rw-r–r–. 1 root root 410 5月 2 22:19 id_rsa.pub
-rw-r–r–. 1 root root 177 5月 2 22:21 known_hosts
We can see that there are two files called id_rsa and id_rsa.pub, one of them is the private key and the other is the public key. The id_rsa.pub (public key) we need to log in with SSH without password.
Note: Both A and B must generate a key
Add public key
Adding a public key here is equivalent to the remote host, because we just generate a password is useless, it must be added to the remote host, so that we can log in to the remote host through SSH without password, let’s see operating
[root@promote 桌面]# ssh-copy-id 192.168.221.129
The authenticity of host ‘192.168.221.129 (192.168.221.129)’ can’t be established.
ECDSA key fingerprint is be:5c:73:c5:c9:33:6c:90:6b:06:82:46:d2:8d:b2:16.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
[email protected]’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘192.168.221.129’”
and check to make sure that only the key(s) you wanted were added.
By adding the specified host ip after the ssh-copy-id command, we can automatically assign our public key to the specified ip host, so that you can remotely log in to the host to which the public key has been added. You must enter the password of the remote host when adding the public key.
Note: A and B must add public keys to each other
test
[root@bogon 桌面]# ssh 192.168.221.129
Last login: Tue May 2 22:21:20 2017 from 192.168.221.128
[root@bogon ~]#
We can log in to the remote host through the ssh command and add the specified ip (the above steps must be performed), and we can exit through the exit command.