1. Application scenarios:
In our server, we often need to copy files. We often use SCP commands, but we have to add passwords every time, or we often need to do this when we release code. And we sometimes don't want the password to be known to developers, which gives us the idea of password-free login.
2. Start configuration:
1. Generate ssh key
The suggestion is not to generate with root, because if you generate with root, you have root privileges. Here we create a test user
useradd test
su - test
echo 123456|passwd --stdin test #Set the test user password
Generate key command
ssh-keygen -t dsa
After executing the command, keep pressing Enter. Of course, if you need to add the password again, you can enter the password in Enter passphrase.
Then go to the user directory and you will see the files in a hidden directory of .ssh.
id_dsa.pub is what we call the public key (lock) without id_dsa is the private key (key)
It should be noted here that each server that needs to log in without password must perform the operation of generating the key.
2. Write each id_dsa.pub to the same file authorized_keys (this file is the file that records the key of each server)
After writing, put it into .ssh/, pay attention to the file permission change to 600
Execute the command on one of them as follows:
cp id_dsa.pub authorized_keys
Write other id_dsa.pub to log in without password in this file, and then every machine must have this file
chmod 600 authorized_keys
3. Then test it, you need yes for the first time, and you won’t need it later
Enter yes here
4. There is a know_host file on our host, which is actually to record the information of the host that has been logged in. You can copy the file so that you don't have to log in for the first time for each host.