As a system administrator, you plan to use OpenSSH on Linux to automate routine tasks such as file transfers, backup database dump files to another server, etc. To achieve this, you need to be able to automatically log in from host A to host B. Automatic login That is, to use ssh in a shell script without entering any password.
This article will show you how to setup SSH passwordless login on CentOS/RHEL. After automatic login is configured, you can use SSH (Secure Shell) and Secure Copy (SCP) to move files through it.
SSH is open source and the most reliable network protocol for remote login. System administrators use it to execute commands and transfer files over the network to another computer via the SCP protocol.
By configuring SSH password-free login, you can enjoy the following conveniences:
- Automate your daily tasks with scripts.
- Enhance the security of Linux servers. This is a recommended way to protect virtual private servers (VPS) from brute force attacks, as SSH keys are nearly impenetrable by brute force alone.
what is ssh-keygen
ssh-keygen is a tool for generating, creating and managing public and private keys for SSH authentication. With the ssh-keygen command, users can create keys that support both SSH1 and SSH2 protocols. ssh-keygen creates RSA keys for the SSH1 protocol, SSH2 can be either RSA or DSA.
what is ssh-copy-id
ssh-copy-id is a script command used to copy the local public key to the remote authorized_keys file. It also appends the identity file to the remote machine's ~/.ssh/authorized_keys file and sends it to the remote host's Appropriate permissions for the user's home directory.
SSH key
SSH keys provide a better and more secure mechanism for logging into Linux servers. After running ssh-keygen, a public-private key pair will be generated. You can put the public key on any server and it will be used to unlock when connecting to the server from a client that holds the private key. When the two match, the system can be unlocked without a password.
在 CentOS 和 RHEL 上设置免密码登录 SSH
以下步骤在 CentOS 5/6/7、RHEL 5/6/7 和 Oracle Linux 6/7 上测试通过。
节点1 : 192.168.0.9 节点2 : 192.168.l.10
步骤1 :
测试节点1到节点2的连接和访问:
[root@node1 ~]# ssh root@192.168.0.10The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.[email protected]'s password:Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1[root@node2 ~]#
步骤二:
使用 ssh-key-gen 命令生成公钥和私钥,这里要注意的是可以对私钥进行加密保护以增强安全性。
[root@node1 ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.localThe key's randomart image is:+--[ RSA 2048]----+| . ++ || o o o || o o o . || . o + .. || S . . || . .. .|| o E oo.o || = ooo. || . o.o. |+-----------------+
步骤三:
用 ssh-copy-id 命令将公钥复制或上传到远程主机,并将身份标识文件追加到节点2的 ~/.ssh/authorized_keys 中:
[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10root@192.168.0.10's password:Now try logging into the machine, with "ssh '192.168.0.10'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.
步骤四:
验证免密码 SSH 登录节点2:
[root@node1 ~]# ssh root@192.168.0.10Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local
我希望这篇文章能帮助到你,为你提供 SSH 免密码登录 CentOS / RHEL 的基本认知和快速指南。