Please reprint from the source: http://eksliang.iteye.com/blog/2187265
1. Principle
We use ssh-keygen to generate the private key and public key on ServerA, and after copying the generated public key to the remote machine ServerB, we can use the ssh command to log in to another machine ServerB without a password.
There are two encryption methods for generating public key and private key. The first is rsa (default), and the other is dsa. You can choose one of the two methods when you use it.
/usr/bin/ssh-keygen -t [rsa | dsa] If ssh-keygen is executed directly, then rsa is used by default to generate the public key and private key
2. Operation steps
After understanding the principle of mutual trust, we can effectively divide the steps of configuring ssh mutual trust.
- Generate the respective authenticated key files on the machines (web-15 and web-211) to be configured with mutual trust.
- Aggregate all key files into a general authentication file.
- Distribute the total authentication file to the machines that want to trust each other (web-211, web-15)
- Mutual trust verification
For example, there are the following two machines:
host | user |
192.168.27.211 | web211 |
192.168.27.15 | web15 |
The first step : log in to 192.168.27.211 and switch to the web211 user
[web211@master01 ~]$ /usr/bin/ssh-keygen -t rsa
Press Enter three times, and the following two files, id_rsa (private key) and id_rsa.pub (public key), will be generated under the ~/.ssh/ directory.
Step 2: Log in to 192.168.27.15 and switch to web15 user
[web15@Node03 ~]$ /usr/bin/ssh-keygen -t rsa [web15@Node03 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Step 3: Summarize id_rsa.pub to the authorized_keys file on 192.168.27.15
[web15@Node03 ~]$ ssh [email protected] cat /home/web211/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Step 4: Distribute the authorized_keys file on 192.168.27.15 to 192.168.27.211
[web15@Node03 .ssh]$ scp ~/.ssh/authorized_keys [email protected]:~/.ssh/authorized_keys
Step 5: Modify the permissions of the authorized_keys file, only the current mutual trust user can read and write, otherwise it will not pass the SSH security check
Both 15 and 211 have to be executed: This step has made me sore for a long time, which is why I take notes.
chmod 600 ~/.ssh/authorized_keys
So far, the mutual trust configuration is complete, check whether it is successful.
[web15@Node03 .ssh]$ ssh [email protected] [web211@master01 ~]$ --This has become web211, indicating that you have entered 92.168.27.211 without login