Detailed explanation of SSH password-free login configuration under Linux

Assume there are two Linux servers A and B, and we want to be able to log in to the other server from one server via SSH without a password.

The information of the two servers is as follows:

Environment settings (root permissions)

1. Turn off firewall and SELinux

Redhat uses SELinux to enhance security. The way to disable it is:

a. Permanently modify the SELINUX=enforcing in the /etc/selinux/config file to SELINUX=disabled, then reboot.

b. Provisional effect
setenforce 0
To turn off the firewall:

a. Enable permanently: chkconfig iptables on
Disable: chkconfig iptables off

b. Temporary start: service iptables start
Shutdown: service iptables stop
The two servers need to be configured separately, and the firewall and SELinux need to be turned off.

2. Set the host name

Edit the /etc/sysconfig/network file using the command: vim /etc/sysconfig/network , and set the format to: HOSTNAME=[host name] .
Set the host name of server A to server1.

Set the host name of server B to server2.

3. Configure hosts

Edit the /etc/hosts file using the command: vim /etc/hosts , and add the following configuration to the hosts files of the two servers:

192.168.12.11 server1
192.168.12.12 server2 

4. Configure sshd

Edit the /etc/ssh/sshd_config file of both servers using the command: vim /etc/ssh/sshd_config .

Remove the “#” comments from the following 3 lines:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Restart the sshd service using the command: /sbin/service sshd restart .

Key Settings

1. Create a password-free login account

Use command:

useradd guest1 //Create a new user passwd guest1 //Set the new user login password 

Similarly, create a guest2 account in server2.

2. Generate a secret key

Switch from the root user to the account to be logged in without a password, use the command: su guest1.

Execute the command: ssh-keygen -t rsa

No password is required. Just press Enter. After the command is executed, two files will be generated in the guest1 user's home directory (/home/guest1/.ssh):

id_rsa: private key id_rsa.pub: public key 

Follow the same steps to generate a key file for the guest2 account in server2.

3. Import the public key into the authentication file

Use command:

cat /home/guest1/.ssh/id_rsa.pub >> /home/guest1/.ssh/authorized_keys
ssh guest2@server2 cat /home/guest2/.ssh/id_rsa.pub >> authorized_keys 

Use the command cat authorized_keys to view the contents of the authorized_keys file as follows:

4. Set file access permissions

Use command:

chmod 700 /home/guest1/.ssh
chmod 600 /home/guest1/.ssh/authorized_keys

After completing the above settings, server1 can log in to the local machine without a password, using the command: ssh guest1@server1.

Note: When the host name information is missing in the known_hosts file, the following message will be prompted. Enter yes to write the host name into the known_hosts file and log in successfully.

At this point, the SSH password-free login configuration of the host server1 is complete. Next, configure server2.

5. Copy the authentication file to other hosts

Execute the following command to copy the generated authorized_keys and known_hosts files from server1 to server2.

# scp [local file to be transferred] [remote host username]@remote host ip or host name:[destination location to which the file is to be transferred]
scp /home/guest1/.ssh/authorized_keys guest2@server2:/home/guest2/.ssh/authorized_keys
scp /home/guest1/.ssh/known_hosts guest2@server2:/home/guest2/.ssh/known_hosts 

After the copying is complete, use the following command to set file access permissions.

chmod 700 /home/guest2/.ssh
chmod 600 /home/guest2/.ssh/authorized_keys

Then, execute the ssh guest1@server1 command to use the guest2 account of server2 to log in to the guest1 account of server1 without a password.

At this point, the SSH password-free login of the two servers has been set up. If an error occurs, please check the above steps carefully.

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.