Detailed explanation of ssh password-free login configuration method (pictures and commands)

First, let me explain that what we want to do is to log in to userb on serverB without a password using usera on serverA.

We first use usera to log in to serverA server

[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera

Then generate a key pair on serverA

[usera@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa): 
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[RSA 2048]----+
| Eo* |
| @ . |
| = * |
| oo . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+

At this time, a key pair will be generated in the /home/usera/.ssh directory

[usera@serverA ~]$ ls -la .ssh
Total dosage 16
drwx------ 2 usera usera 4096 August 24 09:22 .
drwxrwx--- 12 usera usera 4096 August 24 09:22 ..
-rw------- 1 usera usera 1675 Aug 24 09:22 id_rsa
-rw-r--r-- 1 usera usera 399 Aug 24 09:22 id_rsa.pub

Then upload the public key to serverB and log in as userb

[usera@portalweb1 ~]$ ssh-copy-id [email protected]
The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
[email protected]'s password: 
Now try logging into the machine, with "ssh '[email protected]'", and check in:
 
 .ssh/authorized_keys
 
to make sure we haven't added extra keys that you weren't expecting.

At this time, the content of usera's public key file will be appended to userb's .ssh/authorized_keys file

[usera@serverA ~]$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

Check the ~/.ssh/authorized_keys file under userb on serverB. The content is the same, so I won’t paste the picture here.

[userb@serverB ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

In addition, we should note that the permissions of the .ssh directory are 700, and the permissions of the files authorized_keys and private keys under it are 600. Otherwise, you will not be able to log in without a password due to permission issues. We can see that a known_hosts file will be generated after logging in.

[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
-rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa
-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub
-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts

After doing this, we can log in without a password.

[usera@serverA ~]$ ssh [email protected]

In addition, there are several ways to copy the public key to the server's ~/.ssh/authorized_keys file:

1. Copy the public key to the server via scp, and then append it to the ~/.ssh/authorized_keys file. This method is more troublesome. scp -P 22 ~/.ssh/id_rsa.pub user@host:~/.

2. Through the ssh-copy-id program, which is the method I demonstrated, ssh-copyid user@host

3. You can use cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host 'cat >> ~/.ssh/authorized_keys'. This is also a common method because you can change the port number.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Detailed explanation of SSH password-free login configuration under Linux
ssh changes the default port number and implements password-free remote login
Solution to the problem of still having to enter a password after configuring ssh password-free login in centos
Detailed explanation of how to configure key password-free login in SSH
How to set up SSH password-free login on CentOS / RHEL
Ubuntu 16.04 server configuration ssh password-free login
Linux remote login ssh password-free configuration method
Implement SSH password-free login and key management, distribution, and deployment of SHELL script sharing under Linux
How to set up ssh password-free login installation in Ubuntu

<<: MySQL 5.7.20 installation and configuration method graphic tutorial under Windows

>>: MySQL 5.7.23 installation and configuration method graphic tutorial