background knowledge
We put the public key in the appropriate location of the remote system, and then start the ssh connection from the local .
At this point, the remote sshd will generate a random number and encrypt it with the public key we generated and send it to the local, and the local will decrypt it with the private key and send the random number back to the remote system.
Finally, sshd on the remote system will conclude that we have a matching private key and allow us to log in
The above method is widely used on Linux systems. For example, when Jenkins builds continuous integration, it needs to remotely log in to several other machines to copy the packaged results. In this case, password-free login is required.
The following is the introduction of the steps and conditions for two Linux systems to realize password-free login.
1. The principle of machine A password-free login to machine B
1. First generate a pair of secret keys (ssh-keygen) on machine A, copy the public key to machine B, and rename authorized_keys;
2. Machine A sends a connection request to machine B, and the information includes username and ip;
3. When machine B receives the request, it will search from authorized_keys to see if it has the same username and ip. If so, machine B will randomly generate a string;
4. Then use the public key to encrypt, and then send to machine A;
5. After machine A receives the information from machine B, it will use the private key to decrypt, and then send the decrypted string to machine B;
6. After machine B receives the information sent by machine A, it will compare the previously generated character strings, and if it is consistent, it will allow password-free login.
2. Centos7 has ssh service installed by default
3. Start the ssh service
# 查看 ssh 状态
systemctl status sshd
# 启动 ssh
systemctl start sshd
# 停止 ssh
systemctl stop sshd4. serverA generates a secret key
[root@localhost ~]# ssh-keygen
CentOS7 uses the RSA encryption algorithm to generate a key pair by default, which are stored in id_rsa (private key) and id_rsa.pub (public key) in the ~/.ssh directory. You can also use the "-t DSA" parameter to specify the DSA algorithm, and the corresponding files are id_dsa and id_dsa.pub. During the key pair generation process, you will be prompted to enter the private key encryption password, and you can directly press Enter without password protection.
5. Move the id_rsa.pub file
1. Copy the file id_rsa.pub in the ~/.ssh directory of machine A to the ~/.ssh directory of machine B you want to log in
scp ~/.ssh/id_rsa.pub 192.168.0.101:~/.ssh/2. Then run the following command on machine B to import the public key into the file ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys3. In addition, please note that it must be installed on the server. This is a security requirement of Linux. If the permissions are incorrect, automatic login will not take effect.
~/.ssh permissions set to 700
chmod -R 777 ~/.sshThe permission of ~/.ssh/authorized_keys is set to 600
chmod -R 600 ~/.ssh/authorized_keys6. Verify password-free login
ssh 机器B的ipFinally, I would like to thank everyone who has read my article carefully. Reciprocity is always necessary. Although it is not a very valuable thing, you can take it away if you need it:
Software testing interview applet
The software test question bank maxed out by millions of people! ! ! Who is who knows! ! ! The most comprehensive quiz mini program on the whole network, you can use your mobile phone to do the quizzes, on the subway or on the bus, roll it up!
The following interview question sections are covered:
1. Basic theory of software testing, 2. web, app, interface function testing, 3. network, 4. database, 5. linux
6. web, app, interface automation, 7. performance testing, 8. programming basics, 9. hr interview questions, 10. open test questions, 11. security testing, 12. computer basics
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey. I hope it can help you too!