-
Currently, SSH-2 provides two common client authentication modes.
1. Password-based client authentication, using the account and password authentication
2, key-based client authentication, password – free authentication
-
By default, sSH-2 attempts key authentication first. If the authentication fails, sSH-2 attempts password authentication only.
-
How to log in without password authentication? Flow chart:
The operation process is as follows: Generate public and private keys on the client and append the public key to the end of the server authorization file. Why append the public key to the end? Because this authorization file will store a lot of authorization public key or other authentication data, naturally cannot be overwritten, can only be added.
Operation process
1. Generate public and private keys, enter the command and press Enter
$ ssh-keygen
Copy the code
dengzemiaodeMacBook-Pro:~ dengzemiao$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/dengzemiao/.ssh/id_rsa): / Users/dengzemiao /. SSH/id_rsa already exists. / / if there are created before, it will ask whether coverage, according to their own situation, if you don't want to cover a change on the above path can Overwrite (y/n)?Copy the code
2. View the public and private keys and locate the directory
$ cd ~/.ssh
Copy the code
dengzemiaodeMacBook-Pro:~ dengzemiao$ cd ~/.ssh dengzemiaodeMacBook-Pro:.ssh dengzemiao$ ls id_rsa id_rsa.pub Known_hosts // id_rsa: private key file // id_rsa.pub: Public key file :. SSH dengzemiao$cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjVE65ziQ/cAyjwS2+zcqGip6jzndh4dYKUsop0kYAfMSnKF3do1fbU903JB4jzbyICuF5oGCLknB2uIvxp/uk2Bdr tstFNuiRqTyY4c/i0ZxsWkGhTOfbuWFzHBpZGuCFKEO4/y2BwDss7R5nlwcQ1tNaB9I5Ck8Uf3d85oqJKBRkVjxGUQz15AQtzvvQf9RIhWtefLJAvqWfZKS/ 5TAcsd9nyznLSAAbHMf/KlmbZ7ifE1QccCZNIAD7fw9WHYNVnNjRDDItoAhRsIm4bSdAWHW++wmUsVoJ6pt0D8fySqnhLLfSYBuEn16KQxooB1dBx4g7Rk5J u90C5gtC1T95 [email protected]Copy the code
3. Send the public key to the server (mobile phone) for storage
$SSH - copy - id [email protected]Copy the code
dengzemiaodeMacBook-Pro:~ dengzemiao$ cd ~/.ssh dengzemiaodeMacBook-Pro:.ssh dengzemiao$ ls id_rsa id_rsa.pub Known_hosts dengzemiaodemacbook-pro :. SSH dengzemiao$ssh-copy-id [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/dengzemiao/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 Key (S) Remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "SSH '[email protected]'" and check to make sure that only the key(s) you wanted were added.Copy the code
4, then we set the input before the login command, do not need to enter the password directly into the server (mobile phone) inside. Here is a detail: when we send the public key, we use the root account, so another mobile account login still need to enter the password, because only the root account is configured, but we only need to use the root account is enough.
$SSH [email protected]Copy the code
DengzemiaodeMacBook -Pro:~ Dengzemiao $SSH [email protected] iPhone:~ root#Copy the code
5. Check the public key we sent to the server (mobile phone), command line according to the above link to enter the mobile phone, after checking the public key can be compared with the above client.
$ cd ~/.ssh
Copy the code
DengzemiaodeMacBook -Pro:~ dengzemiao$SSH [email protected] iPhone:~ root# CD ~/. SSH iPhone:~/. SSH root# ls authorized_keys iPhone:~/.ssh root# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjVE65ziQ/cAyjwS2+zcqGip6jzndh4dYKUsop0kYAfMSnKF3do1fbU903JB4jzbyICuF5oGCLknB2uIvxp/uk2Bdr tstFNuiRqTyY4c/i0ZxsWkGhTOfbuWFzHBpZGuCFKEO4/y2BwDss7R5nlwcQ1tNaB9I5Ck8Uf3d85oqJKBRkVjxGUQz15AQtzvvQf9RIhWtefLJAvqWfZKS/ 5TAcsd9nyznLSAAbHMf/KlmbZ7ifE1QccCZNIAD7fw9WHYNVnNjRDDItoAhRsIm4bSdAWHW++wmUsVoJ6pt0D8fySqnhLLfSYBuEn16KQxooB1dBx4g7Rk5J u90C5gtC1T95 [email protected]Copy the code
This chapter is about doing these steps intelligently. The next chapter is about doing these steps manually, and how to remotely copy the local public key to the server tail. If we use it properly, this chapter will be enough.
But knowing what to do manually is like knowing what to do at the next level of intelligent operation.
Also know how to copy files remotely over SSH and how to handle file permissions.