You can configure SSH to use key-based authentication instead of using username and password authentication. In order to use the key authentication method, you need to generate a pair of keys (public key and private key—). The private key operation "password" is stored on the user side, and the public key is placed on the remote host that the user wants to connect to. The local computer uses the private key to verify the public key on the remote host to determine the "legitimacy" of the remote host.
Environment introduction:
There are two virtual machines-workstation and servera. Workstation is the client and servera is the server. Now we are going to use ssh to connect to servera from the workstation virtual machine through key authentication.
Generate a key pair on the workstation through ssh-keygen , and specify the password of the key (if no password is specified, it means that no password is used. When logging in with the key, you will not be prompted to enter the password.)
[it@workstation ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/it/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/it/.ssh/id_rsa.
Your public key has been saved in /home/it/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bUXox2I6qVu4frpCPSgXhFo8b48tc8qyzsv851UGaoc [email protected]
The key's randomart image is:
+---[RSA 3072]----+
| . . .. |
| = . .. |
| o + .. .. |
|. + o o+.o |
| . BE S+=o |
| . B.*o++ |
| = =.oo. |
| +. + o+. |
| .B=.=B= |
+----[SHA256]-----+
[it@workstation ~]$ ls .ssh/
id_rsa id_rsa.pub
[it@workstation ~]$
id_rsa is the private key, id_rsa.pub is the public key (here I use the system default name)
Use ssh-copy-id to upload the public key to servera
[it@workstation ~]$ ssh-copy-id -i .ssh/id_rsa it@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'servera (10.10.10.25)' can't be established.
ECDSA key fingerprint is SHA256:/Xj4qZo8BWSfrzHt3OpZ4sLuasIFYxd6Wf/ucFN2UL8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
it@servera's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'it@servera'"
and check to make sure that only the key(s) you wanted were added.
Connect to servera via ssh , and enter the private key password in the pop-up window (my workstation is a graphical interface, so you will be asked to enter the key password in a pop-up window).
[it@workstation ~]$ ssh it@servera
Last login: Thu Oct 29 14:41:13 2020 from 10.10.10.20
[it@servera ~]$
Some people may find it annoying to input the password repeatedly. Is there any way not to input the password? We can use ssh-agent to cache the password of the private key in the bash process.
[it@workstation ~]$ eval $(ssh-agent)
Agent pid 3191
[it@workstation ~]$ ssh-add .ssh/id_rsa
Enter passphrase for .ssh/id_rsa:
Identity added: .ssh/id_rsa ([email protected])
[it@workstation ~]$ ssh it@servera
Last login: Thu Oct 29 14:42:51 2020 from 10.10.10.20
[it@servera ~]$ Because the password is cached in the current bash, when we switch to a new bash, we will still have to enter the private key password.
In the same way, transfer the key to serverb.