SSH stands for Secure Shell, which frankly translates as Secure Shell protocol. We can use SSH protocol to connect to the remote server and complete the authentication operation, that is to say, using SSH key for authentication can avoid the tedious operation of entering the password every time, and the account security is also greatly improved.
SSH is stored in the ~/. SSH directory by default. You can run the $CD ~/. SSH && ls command to view the SSH key files stored in the directory. If there are no files in the directory, the server did not generate SSH keys, otherwise you will see files like id_rsa and id_rsa.pub.
Generating an SSH Key
Industry engineers typically use the asymmetric RSA algorithm to generate a pair of keys — public and private — by typing the following command at a terminal:
ssh-keygen -t rsa -C "[email protected]"
Copy the codeThe -t and -c parameters are not required, but they can be used to specify the algorithm (RSA) and personal identity (mailbox) to be used at generation time. Ssh-keygen SSH key generating SSH keys Enter the preceding command and press Enter. The terminal displays the following prompt:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Copy the codeThe first line is to remind us that we are generating a pair of keys; The second line asks us to choose the file path where the key is stored. Usually, we choose the default path. At this time, we do not need to enter any path, but directly press Enter. Press Enter. The terminal displays the following information:
Enter passphrase (empty for no passphrase):
Copy the codeIt prompts us to enter a string of passphrases, where no value is entered and the result will not be affected, just press enter; Press Enter. The terminal displays the following information:
Enter same passphrase again:
Copy the codeLet’s type the passphrase again so we don’t mistype it the first time. If you did not enter a value in the previous step, you can simply enter the value here; Press Enter. The terminal displays the following information:
Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/k7eBzEwIUHIjh0osGBEkoRMLKKbCV4XzyhHJ3ffsj0 [email protected] The key's randomart image is: +---[RSA 3072]----+ |%O o o+... | |O+. .++o oo | |= .. +O.. .o. | |o o.+oo oo. | |o+. + S +o | |+. . .. E | | . . .. . | | +. | | +.. | +----[SHA256]-----+Copy the codeSSH by default, both the public and private keys are stored in ~/. SSH, which is why we went to ~/.
Avoid close login
Normally, we log in to the server using the SSH username@ip command. After executing the command, the terminal prompts us for a password. A better idea would be to use SSH keys to help us verify our identity without entering a password.
Now that you’ve learned how to generate SSH keys, you’ll learn how to implement a secret-free login to a cloud server. SSH /id_rsa.pub (you can run the cat ~/.ssh/id_rsa.pub command to view the contents of the public key file)
ssh-rsa AAAA ... . 5ztuiXs= [email protected]Copy the codeAll copies are made from ssh-RSA until the end of the personal identity.
Next, go to the target server (i.e. the cloud server where you want to log in confidential-free, assuming the public IP address of the cloud server is 10.1.1.1). Create a new file named authorized_keys in the ~/.ssh directory of your cloud server and write the public key string you just copied from your PC to authorized_keys. If you are using the Vim editor, the command is as follows:
$ cd ~/.ssh
$ vim authorized_keys
Copy the codeUse vim editor to open the file and press I to enter editing mode. Use keyboard shortcut Ctr V to paste the public key string you just copied. Press ESC to enter the command line mode of the Vim editor, type :wq, and press Enter. At this point, the public key of your computer has been stored in the cloud server. When you need to log in, you only need to enter:
SSH [email protected]Copy the codeThen press Enter. If you log in to the cloud server for the first time, the terminal will prompt:
The authenticity of host '10.1.1.1 (10.1.1.1)' can't be established. ECDSA key fingerprint is SHA256:nGvmS+JKzQf1gG+Nzc0QN/qS6xSp1iV0rJFP1dILel4. Are you sure you want to continue connecting (yes/no/[fingerprint])? yesCopy the codeAt this point, type Yes and press Enter. After pressing enter, the terminal gives a new prompt:
Warning: Permanently added '10.1.1.1' (ECDSA) to the list of known hosts. Last login: Wed Dec 23 21:43:28 2020 from 111.94.33.65 Welcome to Cloud Elastic Compute Service! [root@iZ1nmehZ ~]#Copy the codeThis means that we do not need to enter the password can be connected to the remote server through SSH protocol, secret free login success!
Failed to log in secret-free
In some servers, the public key login option is not enabled for the SSHD service configuration. If the terminal displays the password instead of the cloud server information after SSH [email protected] press enter, you need to enable the public key login configuration for the SSHD service on the cloud server.
On the cloud server, run the $vim /etc/ssh/sshd_config command, enter the SSHD configuration file, find the item PubkeyAuthentication, delete the comment # of this item, and ensure that the corresponding switch is yes. Incorrect and correct configurations are as follows:
#PubkeyAuthentication no # -> Incorrect configuration PubkeyAuthentication yes # -> Correct configurationCopy the codeAfter the operation is complete, restart the SSHD service using the service SSHD restart command.
The SSH [email protected] command will not allow you to enter your password.
Of course, in addition to connecting cloud servers with personal computers, this configuration can also be done between cloud servers. : : :
Login without user name and IP address
We omit the password step, but the username and IP address are not short either. To omit the user name and IP address, run ~/. SSH /config. By default, there is no config file in the ~/. SSH directory. $vim ~/.ssh/config Then write the following configuration information:
Host s-crawl HostName 10.1.1.1 Port 22 User root IdentityFile ~/. SSH /id_rsaCopy the codeHost indicates the cloud server nickname, HostName indicates the public IP address of the cloud server, Port indicates the Port number used for connection, User indicates the User name used for connection, and IdentityFile indicates the path of the local private key file. After the configuration is complete, exit the editor and log in to the cloud server using the cloud server nickname. Enter $SSH s-crawl on the terminal.
At the starting Yu Wei east technology column www.weishidong.com/blogs/funct…
After having multiple servers, you can feel how convenient this login method is, and the operation and maintenance students are used to it!