We know that the ssh protocol can connect to a remote server by entering the account name and password. So, can you log in directly without entering the account number and password? The answer is yes, and in daily work, this requirement is also common. For example, if you use scp to do remote backup, and want to write scp into crontab, but you must not be able to enter the account password in crontab, then you need to log in without account password.
ssh is an asymmetric encryption protocol with public and private keys. The public key is used to encrypt information. Each host will store the public keys of other hosts in the known_hosts file under the .ssh directory of its own home directory. If you want to do account-free password, the key point is this public key.
Suppose a server host SERVER, a client CLIENT, the client wants to connect to SERVER without login. Then just append the client’s public key to the end of ~/.ssh/authorized_keys of the SERVER machine. The following two situations demonstrate how to log in without a password:
-
The client is a windows system
-
The client is a linux system
The client is a windows system
The first step is to generate a secret key pair. Here, we use the git tool to generate a secret key pair (how to install git on the windows system, this is very easy to query by yourself. Simple, all the way to next).
ssh-keygen
After entering the above command in the git terminal, there will be a series of prompts, directly enter the ENTER key (total Type ENTER three times). After that, you can see the public key and private key in the $HOMT/.ssh/ directory, and the public key ends with pub.
admin@LAPTOP-7P19B9SH MINGW64 ~/.ssh $ ll total 13 -rw-r--r-- 1 admin 197121 1679 May 3 2019 id_rsa -rw-r--r-- 1 admin 197121 398 May 3 2019 id_rsa.pub
Next, upload the public key to the server, and then append the public key information to ~/. ssh/authorized_keys.
# cat id_rsa.pub >> .ssh/authorized_keys
The following demonstrates how to use xshell to log in without password
The first step is to enter the IP of the remote host
After these two steps are set, the password-free login is completed.
The client is a linux host
The first step is to generate a secret key True
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:GCyx2cSYE6yR7xCuUVOF0Omvp5fEoxv0Y2wOQvMRB98 root@lijia The key's randomart image is: +---[RSA 2048]----+ | .*=Oo | | * OX.. | | o B=.* E | |. + o+ o | | ooooo. S | |.. +.+= | | .++*o | |.o*+.| |o=.| +----[SHA256]-----+
The second step is to send the newly produced public key to another machine
# ssh-copy-id root@121.***.***.64 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@121.***.***.64'" and check to make sure that only the key(s) you wanted were added.
The third step is to log in to the remote host
# ssh [email protected] Welcome to Alibaba Cloud Elastic Compute Service ! Activate the web console with: systemctl enable --now cockpit.socket Last login: Fri Nov 20 10:28:37 2020 from 111.38.123.86 # Password-free login succeeded
For more related technical articles, please visit the Linux System Tutorial column!
The above is how to configure the ssh service so that you can connect to the remote host without entering the account password. For more information, please pay attention to other related articles on 1024programmer.com!
微信扫一扫打赏
支付宝扫一扫打赏
