Linux remote login ssh without password

1) Question:

Suppose we now have two machines: ServerA and ServerB, and now we want to allow ServerA to access without entering a password.

(2) Method and principle:

We use ssh-keygen to generate private and public keys on ServerA, and after copying the generated public key to the remote machine ServerB, we can use the ssh command to log in to another machine ServerB without a password superior.

In Linux system, ssh is the default tool for remote login, because the protocol of this tool uses RSA/DSA encryption algorithm [default is DSR algorithm], this tool is very safe for remote management of Linux system.
(3) Experimental steps:

1. Log in to ServerA

2. ssh-keygen -t rsa, the public and private key files id_rsa and id_rsa.pub will be generated [if you keep pressing Enter, the last two files should be in /home/ Below $USER/.ssh]

3. Copy the .pub file to the .ssh directory of the ServerB machine and save it as authorized_keys

to use:
ssh-keygen -t rsa -C "[email protected]"
ssh-cop-id The command will copy the specified public key file to the remote computer
[oracle@Test232 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
28
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:


  .ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.


[oracle@Test232 ~] $ ssh [email protected]
[email protected]'s password:
Last login: Thu Nov 24 16:05:32 2011 from 192.168.55.229
[oracle@Test232 ~]$
4. You're done, log in from machine A to machine B The target account no longer needs a password

5. Set file and directory permissions [This step can be omitted, but for security reasons, it is also necessary to add ~]
Set authorized_keys permissions
chmod 644 authorized_keys
set .ssh directory permissions
chmod 700 -R . ssh
6. Make sure that both .ssh and authorized_keys have write permission only for the user. Otherwise validation is invalid. (I encountered this problem today, and I have been looking for the problem for a long time), in fact, think about it carefully, this is to avoid system loopholes.
Error:

The authenticity of host '192.168.20.59 (192.168.20.59)' can't be established. 
RSA key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:d0:ca:21:20: 94:be:18. 
Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '192.168.20.59' (RSA) to the list of known hosts. 
[email protected]'s password:  
Permission denied, please try again. 
[email protected]'s password:  
Permission denied, please try again. 
[email protected]'s password:  
Permission denied (publickey,gssapi-with-mic,password) 
.If the above permission is not available If there is a problem, then go and look at your configuration file, because someone will like to change this stuff, and you will not succeed anyway:

open the /etc/ssh/ssh_config file and find the following section:

# IdentityFile ~/ .ssh/identity
   IdentityFile ~/.ssh/id_rsa
to see if your private key name is this ~/.ssh/id_rsa

haha, you still have to take a good look at the configuration file~

If there is a central control machine that has been opened to each application host without password Remote login, now need to get through another central control, the following is the script I wrote to practice this function:

############################ ################ Realize passwordless login in central control ############################ ################

#!/bin/bash
#Author:zhuying


scriptdir=/home/oracle/zy/changecps


for ip in `grep -v ^# "$scriptdir"/ cps.ip`
do
        scp /home/oracle/zy/changecps/169keys oracle@$ip:~/ </dev/null
        ssh $ip "cat ~/169keys >> /home/oracle/.ssh/authorized_keys;rm ~ /169keys" </dev/null
        ssh $ip "cat /home/oracle/.ssh/authorized_keys|sort|uniq > /home/oracle/.ssh/tmp.keys" </dev/null
        ssh $ip "mv /home/oracle/.ssh/tmp.keys /home/oracle/.ssh/authorized_keys" </dev/null
        ssh $ip "chmod 644 /home/oracle/.ssh/authorized_keys" </dev /null
done
########################################### Realize no central control Password login##############################################

ps:

If we still cannot access after adding the public key, it may be that ServerB's ip information already exists in a file known_hosts on the ServerA host, delete it and re-access.

In addition, if the above methods still do not work, it may be locked due to too many login failures. At this time, we need to look at our system log /var/log/messages, and delete the previous lock information log. .

Reference article:

http://os.51cto.com/art/200812/101989_1.htm



Problems:

(1) Connection closed by $IP

may exceed the default number of system failures, and then cleaning is ok~[faillog -a; faillog -r]

(2) If the previous steps are correct, each time you log in remotely, you are still prompted to enter a password. At this time, it may be a permission problem:

    chmod 644 authorized_keys login again and it will be ok~ [If it is Red Hat 5.6, it is best to change it to 600, otherwise it is considered unsafe~]