mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
Merge pull request #3710 from fw8899/master
Translated tech/20151223 How to Setup SSH Login Without Password CentOS or RHEL.md
This commit is contained in:
ictlyh
commit
58f174bea1
@ -1,106 +0,0 @@
|
||||
translating by fw8899
|
||||
How to Setup SSH Login Without Password CentOS / RHEL
|
||||
================================================================================
|
||||
|
||||
|
||||
As a system administrator, you plan on using OpenSSH for Linux and automate your daily tasks such as transferring files or database dump file for the backup to another server. To achieve this goal, you need to log in automatically from the host A to host B. Login automatically mean you do not want to enter any password because you want to use ssh from a shell script.
|
||||
|
||||
In this article we’ll show you how to Setup SSH Login without Password on CentOS / RHEL. After automatic login has been configured, you can use it to move the file using SSH (Secure Shell) and secure copy (SCP).
|
||||
|
||||
SSH is open source and the most trusted network protocol which is used to login to the remote server. It is used by system administrators to execute commands, also used to transfer files from one computer to another over a network using SCP protocol.
|
||||
|
||||
After you setup SSH login without password, you can get the following advantages :
|
||||
|
||||
a) Automate your daily task via scripts.
|
||||
b) Enhance security of your linux server. This is one of the recommended method to prevent a brute force attack on virtual private server (VPS), SSH keys are nearly impossible to decipher by brute force alone.
|
||||
|
||||
### What is ssh-keygen ###
|
||||
|
||||
ssh-keygen is a Unix utility that is used to generate, create, manage the public and private keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.
|
||||
|
||||
### What is ssh-copy-id ###
|
||||
|
||||
ssh-copy-id is a script that copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also append the indicated identity file to that machine’s ~/.ssh/authorized_keys file and assigns proper permission to the remote-host’s home.
|
||||
|
||||
### SSH keys ###
|
||||
|
||||
SSH keys provide better and secure way of logging into a linux server with SSH. After you run ssh-keygen, you will generate public key and private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.
|
||||
|
||||
### Setup SSH Login Without Password on CentOS and RHEL. ###
|
||||
|
||||
This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.
|
||||
|
||||
Node1 : 192.168.0.9
|
||||
Node2 : 192.168.l.10
|
||||
|
||||
#### Step One : ####
|
||||
|
||||
Test the connection and access from node1 to node2 :
|
||||
|
||||
[root@node1 ~]# ssh root@192.168.0.10
|
||||
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
|
||||
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
|
||||
Are you sure you want to continue connecting (yes/no)? yes
|
||||
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
|
||||
root@192.168.0.10's password:
|
||||
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
|
||||
[root@node2 ~]#
|
||||
|
||||
#### Step Two : ####
|
||||
|
||||
Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.
|
||||
|
||||
[root@node1 ~]# ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/root/.ssh/id_rsa):
|
||||
Enter passphrase (empty for no passphrase):
|
||||
Enter same passphrase again:
|
||||
Your identification has been saved in /root/.ssh/id_rsa.
|
||||
Your public key has been saved in /root/.ssh/id_rsa.pub.
|
||||
The key fingerprint is:
|
||||
b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.local
|
||||
The key's randomart image is:
|
||||
+--[ RSA 2048]----+
|
||||
| . ++ |
|
||||
| o o o |
|
||||
| o o o . |
|
||||
| . o + .. |
|
||||
| S . . |
|
||||
| . .. .|
|
||||
| o E oo.o |
|
||||
| = ooo. |
|
||||
| . o.o. |
|
||||
+-----------------+
|
||||
|
||||
#### Step Three : ####
|
||||
|
||||
Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :
|
||||
|
||||
[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
|
||||
root@192.168.0.10's password:
|
||||
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:
|
||||
|
||||
.ssh/authorized_keys
|
||||
|
||||
to make sure we haven't added extra keys that you weren't expecting.
|
||||
|
||||
#### Step Four : ####
|
||||
|
||||
Try SSH login without Password to node2 :
|
||||
|
||||
[root@node1 ~]# ssh root@192.168.0.10
|
||||
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local
|
||||
|
||||
I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://www.ehowstuff.com/ssh-login-without-password-centos/
|
||||
|
||||
作者:[skytech][a]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.ehowstuff.com/author/skytech/
|
||||
@ -0,0 +1,105 @@
|
||||
如何在CentOS / RHEL上设置SSH免密码登录
|
||||
================================================================================
|
||||
|
||||
|
||||
作为系统管理员,你计划在Linux上使用OpenSSHell,完成日常工作的自动化,比如文件传输、备份数据库转储文件到另一台服务器。为实现该目标,你需要从主机A能自动登录到主机B。自动登录也就是说,要在shell脚本中使用ssh,而无需要输入任何密码。
|
||||
|
||||
本文会告诉你怎样在CentOS/RHEL上设置SSH免密码登录。自动登录配置好以后,你可以在它基础上用SSH (Secure Shell) 和secure copy (SCP)移动文件。
|
||||
|
||||
SSH是开源的,用于远程登录的最为可靠的网络协议。系统管理员用它来执行命令,以及通过SCP协议在网络上向另一台电脑传输文件。
|
||||
|
||||
通过配置SSH免密码登录,你可以享受到如下的便利:
|
||||
|
||||
a) 用脚本实现日常工作的自动化。
|
||||
b) 增强Linux服务器的安全性。这是防范虚拟专用服务器(VPS)遭受暴力破解攻击的一个推荐的方法,SSH 密钥单凭暴力破解是几乎不可攻破的。
|
||||
|
||||
### 什么是ssh-keygen ###
|
||||
|
||||
ssh-keygen是Unix实用工具包里的一个命令,用来生成、创建和管理SSH认证用的公私钥。通过ssh-keygen命令,用户可以创建支持SSH1和SSH2的密钥。ssh-keygen为SSH1创建RSA密钥,SSH2则可以是RSA或DSA。
|
||||
|
||||
### 什么是ssh-copy-id ###
|
||||
|
||||
ssh-copy-id是用来将本地公钥拷贝到远程authorized_keys文件的脚本命令,它还会将身份标识文件追加到远程机器的~/.ssh/authorized_keys文件中,并给远程主机的用户主目录适当的的权限
|
||||
|
||||
### SSH keys ###
|
||||
|
||||
SSH keys为登录Linux服务器提供了更好且安全的机制。运行ssh-keygen后,将会生成公私密钥对。你可以将公钥放置到任意服务器,从持有私钥的客户端连接到服务器的时,会用它来解锁。两者匹配时,系统无需密码就能解除锁定。
|
||||
|
||||
### 在CentOS和RHEL上设置免密码登录SSH ###
|
||||
|
||||
以下步骤在CentOS 5/6/7、RHEL 5/6/7和Oracle Linux 6/7上测试通过。
|
||||
|
||||
节点1 : 192.168.0.9
|
||||
节点2 : 192.168.l.10
|
||||
|
||||
#### 步骤1 : ####
|
||||
|
||||
测试节点1到节点2的连接和访问:
|
||||
|
||||
[root@node1 ~]# ssh root@192.168.0.10
|
||||
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
|
||||
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
|
||||
Are you sure you want to continue connecting (yes/no)? yes
|
||||
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
|
||||
root@192.168.0.10's password:
|
||||
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
|
||||
[root@node2 ~]#
|
||||
|
||||
#### 步骤二: ####
|
||||
|
||||
使用ssh-key-gen命令生成公钥和私钥,这里要注意的是可以对私钥进行加密保护以增强安全性。
|
||||
|
||||
[root@node1 ~]# ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/root/.ssh/id_rsa):
|
||||
Enter passphrase (empty for no passphrase):
|
||||
Enter same passphrase again:
|
||||
Your identification has been saved in /root/.ssh/id_rsa.
|
||||
Your public key has been saved in /root/.ssh/id_rsa.pub.
|
||||
The key fingerprint is:
|
||||
b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.local
|
||||
The key's randomart image is:
|
||||
+--[ RSA 2048]----+
|
||||
| . ++ |
|
||||
| o o o |
|
||||
| o o o . |
|
||||
| . o + .. |
|
||||
| S . . |
|
||||
| . .. .|
|
||||
| o E oo.o |
|
||||
| = ooo. |
|
||||
| . o.o. |
|
||||
+-----------------+
|
||||
|
||||
#### 步骤三: ####
|
||||
|
||||
用ssh-copy-di命令将公钥复制或上传到远程主机,并将身份标识文件追加到节点2的~/.ssh/authorized_keys中:
|
||||
|
||||
[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
|
||||
root@192.168.0.10's password:
|
||||
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:
|
||||
|
||||
.ssh/authorized_keys
|
||||
|
||||
to make sure we haven't added extra keys that you weren't expecting.
|
||||
|
||||
#### 步骤四: ####
|
||||
|
||||
验证免密码SSH登录节点2:
|
||||
|
||||
[root@node1 ~]# ssh root@192.168.0.10
|
||||
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local
|
||||
|
||||
我希望这篇文章能帮助到你,为你提供SSH免密码登录CentOS / RHEL的基本认知和快速指南。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
原载: http://www.ehowstuff.com/ssh-login-without-password-centos/
|
||||
|
||||
作者:[skytech][a]
|
||||
译者:[fw8899](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:http://www.ehowstuff.com/author/skytech/
|
||||
Loading…
Reference in New Issue
Block a user