In present (post production) IT infrastructure many different workstations, servers etc. have to be maintained on a daily basis. When running on *nix operating systems, the main tool to log into and execute arbitrary code on a remote machine is SSH .

Usually with a call like

ssh bob@comp-b

you would be asked every time to enter the password of user Bob. This is not very efficient and also less secure then using key based authentication.

Furthermore the usage of passwords hinders the use of tools like Python fabric for automating certain tasks inside your pipeline e.g. remote backup scripts, deployment scripts.

Keep in mind that with ssh you are not limited to machines inside your local network. You can also use keybased ssh to securely log into machines in remote datacenters and even cloud computers like EC2 instances inside the Amazon public cloud (AWS).

In this tutorial we want to establish a password less and secure connection over ssh between two different computers in your IT environment. Computer A (COMP-A) with user Alice wants to connect to Computer B (COMP-B) with the user Bob.

In order to do so, we will be connecting over ssh with previously set private/public keys. The steps in this tutorial involve:

  1. Creating authentication keys on computer A
  2. Create a .ssh directory on computer B
  3. Store or send the generated public key to computer B
  4. Set correct rights to the key file and folder

We will explain the commands used in the tutorial when they occur. For details on the commands used or on SSH in general please check out the manual pages of e.g. ssh with

man ssh

and the Further Reading section at the end.

Step 1: Create authentication keys on Computer A

Start (or login) on Computer A with user Alice and generate RSA private/public keys by executing the following command in your Terminal:

ssh-keygen -t rsa

When executing above command, you will be asked several questions. The first will be about where to store the keys. Leave it at its default and simply press Enter. The second prompt will ask you for a security passphrase, do not enter anything and leave it empty. Again just press Enter to proceed. The passphrase is another layer of security you can add to your keys. For internal usage it is not necessary.

Your Terminal output will look similar to this:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/alice/.ssh/id_rsa): [Press enter key]

Created directory '/home/alice/.ssh'.

Enter passphrase (empty for no passphrase): [Press enter key]

Enter same passphrase again: [Press enter key]

Your identification has been saved in /home/alice/.ssh/id_rsa.

Your public key has been saved in /home/alice/.ssh/id_rsa.pub.

The key fingerprint is:

af:4f:35:82:d4:04:61:10:6d:11:f0:eb:1d:69:54:4f alice@comp-a

The key's randomart image is:

+--[ RSA 2048]----+

|        ..oooF.++|

|         +. o.o  |

|          ..   . |

|         o  . . .|

|        S .  . + |

|       + .    . o|

|      . . o    +.|

|       + +       |

|        +.       |

+-----------------+

Step 2: Create the .ssh directory on Computer B

After the creation of your local keys you need to transfer them to Computer B. Therefore a specific folder called .ssh needs to be created inside the home folder of Bob on Computer B (if it doesn't already exist). OpenSSH needs this folder to lookup previously stored keys and connected hosts.

Use SSH from Computer A to connect Computer B using Bob as user and create the .ssh directory. You can use the following command:

ssh bob@com-b mkdir -p .ssh

This command will connect to Computer B and then use mkdir to create the folder .ssh inside Bob's home folder.

If this is your first time connecting to Computer B, you will be prompted an authenticity message. This is for security reasons and will ask you if you know the host you are connecting to. Read it carefully and then enter yes. After that you will be as usual prompted with the password of the user Bob for this machine.

Your output will look similar to:

The authenticity of host 'comp-b (192.167.1.1)' can't be established.

RSA key fingerprint is e5:51:92:42:c3:cf:d7:e2:d0:0d:00:7f:12:37:25:2b.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.167.1.1' (RSA) to the list of known hosts.

bob@comp-b password: [Enter Your Password Here]

After this the folder .ssh should have been created on Computer B.

Step 3: Upload your generated public key to Computer B

From Step 1 the generated RSA keys have been stored into the .ssh folder inside the home folder of Alice. Go check them out as user Alice on Computer A with

cd ~/.ssh

You will find the following files inside this directory by listing them with the ls command:

alice@comp-a:~/.ssh$ ls

id_rsa  id_rsa.pub  known_hosts

The file id_rsa contains your private key. You have to keep this file secret and secure. Your job (life) depends on it.

The file id_rsa.pub contains your public key. This is the file you can share with computers to which you want to connect without entering a password.

Again you can use SSH to connect to Computer B and upload the id_rsa.pub public file into the recently created .ssh folder. The file needs to be renamed to authorized_keys.

Enter the following command as Alice on Computer A to send the contents of id_rsa.pub into the new file authorized_keys on Computer B:

cat .ssh/id_rsa.pub | ssh bob@comp-b 'cat >> .ssh/authorized_keys'

The above command uses cat to print out the contents of id_rsa.pub to standard out and immediately pipes the output with the pipe operator | into the command that is run after the ssh connection is established to Computer B.

This final command is again a cat which is used in conjunction with the output redirection operator >> to create a new file authorized_keys inside the .ssh folder.

You will be yet again prompted to enter the password. Just hold up - we are almost in password-less ssh heaven.

[alice@comp-a ~]$ cat .ssh/id_rsa.pub | ssh bob@comp-b 'cat >> .ssh/authorized_keys'

bob@comp-b password: [Enter Your Password Here]

Step 4: Set Permissions on Computer B

The final step is to set the correct permissions with chmod for the authorized_keys file and the .ssh directory on Computer B. This is due to security reasons and different SSH versions that might be running on both computers in connection.

ssh bob@comp-b "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

You will be prompted the last time for a password. After this call you are done.

Optional Step: Restore your SELinux settings on Computer B

If you are running a Linux version which has SELinux enabled, you might have to run the following command on the home folder of Bob.

  restorecon -R -v /home/bob/.ssh

Step 5: Password less login from Computer A to Computer B

Finally! If you ssh from user Alice on Computer A to user B on Computer B there should not be any password prompt.

ssh bob@comp-b

In case your keyfile is not located in the .ssh folder you can use the -i argument of ssh to define the path to the private keyfile:

  ssh -i /path/to/private_key bob@comp-b

原文链接:   http://vfx.engineering/2014/05/11/infrastructure-how-to-establish-passwordless-login-with-ssh/

[转载] 构造linux 系统下免密码ssh登陆  _How to establish password-less login with SSH的更多相关文章

  1. 【转载】在Linux系统下用dd命令制作ISO镜像U盘启动盘

    #### 将U盘插入USB接口 #umount /dev/sdb* #dd if=/iso存放路径/XXX.iso of=/dev/sdb bs=1M ##### [转载]在Linux系统下用dd命令 ...

  2. Linux系统下root密码遗忘等系统故障的修复方法 - 运维总结

    IDC机房有一台centos系统的服务器,由于这台服务器的系统装了好长时间,且root密码中间更新过几次,后面去机房现场维护时,登陆密码遗忘了,悲催啊~没办法,只能开机进入“单用户模式”进行密码重置了 ...

  3. 【转载】Linux系统下命令行连接蓝牙设备 查看查找 蓝牙

    Linux系统下命令行连接蓝牙设备 2018年11月26日 10:47:27 Zz笑对一切 阅读数:741   1.打开系统蓝牙 sudo service bluetooth start 1 进入bl ...

  4. linux系统下,11款常见远程桌面控制软件(转载)

    远程控制能够给人们带来很多便利,本文介绍了11款常见的Linux系统下的远程桌面控制工具,总有一款能适合您. 一. Grdc 它是一个用GTK+编写的,适用于gnome桌面环境的远程桌面访问软件.看图 ...

  5. Java基础 之软引用、弱引用、虚引用 ·[转载]

    Java基础 之软引用.弱引用.虚引用 ·[转载] 2011-11-24 14:43:41 Java基础 之软引用.弱引用.虚引用 浏览(509)|评论(1)   交流分类:Java|笔记分类: Ja ...

  6. 【转】Linux系统下的ssh使用

    Linux系统下的ssh使用(依据个人经验总结)   对于linux运维工作者而言,使用ssh远程远程服务器是再熟悉不过的了!对于ssh的一些严格设置也关系到服务器的安全维护,今天在此,就本人工作中使 ...

  7. Linux系统下远程文件拷贝scp命令

    在Linux系统下,不同机器上实现文件拷贝 一.将本地文件拷贝到远程机器: scp /home/administrator/news.txt root@192.168.6.129:/etc/squid ...

  8. 解决Linux系统下Mysql数据库中文显示成问号的问题

    当我们将开发好的javaWEB项目部署到linux系统上,操作数据库的时候,会出现中文乱码问题,比如做插入操作,发现添加到数据库的数据中文出现论码,下面就将解决linux下mysql中文乱码问题! 打 ...

  9. Linux系统下如何设置IP地址?

    Linux系统下如何设置IP地址?我们可以通过命令设定IP的方法,不过此方法的前提条件是用户需root权限.在linux系统的 /etc/sysconfig/network-script/ifcfg- ...

随机推荐

  1. 【转载】跟随 Web 标准探究DOM -- Node 与 Element 的遍历

    跟随 Web 标准探究DOM -- Node 与 Element 的遍历 这个是 Joyee 2014年更新的,可能是转战github缘故,一年多没有跟新了.这篇感觉还挺全面,就转载过来,如以前文章一 ...

  2. 图解TCP/IP→第2章基础知识

    ####TCP.IP背景**关键词:ARPANET,UNIX,分组交换技术,*ARPANET(阿帕网),也是全球互联网的鼻祖.阿帕网的成功也充分证明了基于分组交换技术的通信方法的可行性.*20世纪70 ...

  3. hdu2211杀人游戏

    Problem Description 不知道你是否玩过杀人游戏,这里的杀人游戏可没有法官,警察之类的人,只有土匪,现在已知有N个土匪站在一排,每个土匪都有一个编号,从1到N,每次杀人时给定一个K值, ...

  4. linux sed命令详解

    简介 sed 是一种在线编辑器,它一次处理一行内容.处理时,把当前处理的行存储在临时缓冲区中,称为“模式空间”(pattern space),接着用sed命令处理缓冲区中的内容,处理完成后,把缓冲区的 ...

  5. iOS-关于使用其他应用打开本应用文档

    简介:本片文章是对官方文档的翻译,非常的感谢文章的翻译者:颐和园 官方地址:Document Interaction Programming Topics for iOS 文章的介绍内容: ***** ...

  6. 我的js函数库(持续更新)

    常用js初始化函数 function id(obj) { return document.getElementById(obj); } function bind(obj, ev, fn) { if ...

  7. 学习 opencv---(6)玩转opencv源代码:生成opencv 工程解决方案与opencv 源码编译

    在这篇中,我们探讨如何通过已安装的opencv选择不同的编译器类型,生成高度还原的OpenCV开发时的解决方案工程文件,欣赏OpenCV新版本中总计 六十六多万行的精妙源代码.我们可以对其源代码进行再 ...

  8. linux终端实现代理

    ubuntu 14.04安装Shadowsocks-Qt5 sudo add-apt-repository ppa:hzwhuang/ss-qt5 sudo apt-get update sudo a ...

  9. .NET+IIS+MSSQL配置

    好久没配置.NET+IIS+MSSQL了,跟以前不大一样了.总结下吧. 环境: Windows Server 2012 标准版 x64 SQL Server Express 2014 一.HTTP E ...

  10. 完整mybatis应用

    <?xml version="1.0" encoding="UTF-8" ?><!DOCTYPE mapper PUBLIC "-/ ...