How to configure the ssh service so that you can connect to the remote host without entering an account and password

We know that the ssh protocol can connect to the remote server by entering the account name and password. So, can I log in directly without entering my account number and password? The answer is yes, and in daily work, this need is also common. For example, if you use scp for off-site backup and want to write scp to crontab, but you will definitely not be able to enter the account and password in crontab, then you need to log in without account and password.

ssh is an asymmetric encryption protocol with public and private keys. The public key is used to encrypt information. Each host will store the public keys of other hosts in the known_hosts file in the .ssh directory of its own home directory. If you want to be free of account and password, the key point is this public key.

Suppose there is a server host SERVER and a client CLIENT. The client wants to connect to SERVER without logging in. Then just append the client's public key to the end of ~/.ssh/authorized_keys on the SERVER machine. The following demonstrates how to log in without a password in two situations:

• The client is a windows system

• The client is a linux system

The client is a windows system

The first step is to generate a secret key pair. Here, we use the git tool to generate Secret key pair (how to install git on a windows system, you can check this yourself, it is very simple, just follow the next step).

ssh-keygen

After entering the above command in the git terminal, there will be a series of prompt messages, directly enter the ENTER key (a total of three times of ENTER required). After that, you can see the public key and private key in the $HOMT/.ssh/ directory. The one ending with pub is the public key.

admin@LAPTOP-7P19B9SH MINGW64 ~/.ssh
$ ll
total 13
-rw-r--r-- 1 admin 197121 1679  5月  3  2019 id_rsa
-rw-r--r-- 1 admin 197121  398  5月  3  2019 id_rsa.pub

Next, upload the public key to the server, and then append the public key information to ~/.ssh/authorized_keys.

# cat id_rsa.pub >> .ssh/authorized_keys

The following demonstrates how to use xshell to log in without a password

The first step is to enter the IP address of the remote host

The second step is to Click User Authentication and select the method as Public Key. Then enter the user name, here we fill in root. Finally, select the key. Note that you need to select the private key here, not the public key.

After these two steps are set up, password-free login is completed.

The client is a linux host

The first step is also to generate a secret key pair

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:GCyx2cSYE6yR7xCuUVOF0Omvp5fEoxv0Y2wOQvMRB98 root@lijia
The key's randomart image is:
+---[RSA 2048]----+
|  .*=Oo          |
|  * OX..         |
| o B=.* E        |
|. + o+ o         |
| ooooo. S        |
|.. +.+=          |
|  . ++*o         |
|   .o*+.         |
|    o=.          |
+----[SHA256]-----+

The second step is to Transfer the produced public key to another machine

# ssh-copy-id root@121.***.***.64
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@121.196.12.64's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@121.***.***.64'"
and check to make sure that only the key(s) you wanted were added.

The third step is to log in to the remote host

# ssh root@121.196.12.64
Welcome to Alibaba Cloud Elastic Compute Service !
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Fri Nov 20 10:28:37 2020 from 111.38.123.86
# 免密码登录成功

For more related technical articles, please visitlinux system tutorialColumn!

The above is the detailed content of How to configure the ssh service so that you can connect to the remote host without entering an account and password. For more information, please follow other related articles on the PHP Chinese website!