SSH private key realizes login to remote target server

In our test or production environment , For server security , Sometimes it may be necessary to SSH Log in to the server by using the key , Next , Will show how to pass SSH Private key way to remote server .

One 、 The remote server generates a key pair

1、 First, generate SSH Key pair

All the way back

[[email protected] ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/build/.ssh/id_rsa): 
Created directory '/home/build/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/build/.ssh/id_rsa.
Your public key has been saved in /home/build/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PlPyHlOiZEHn3cAyctH5019FwGNCSdR9dhyR5pj2rAA [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|        . oB==.B=|
|       ..o+.*o=oB|
|        .o.o.+*++|
|         E   +o.o|
|        S + o o.o|
|       + = +   o.|
|        = + . .  |
|         + o .   |
|          .      |
+----[SHA256]-----+

2、 A pair of key pairs will be generated （ Public and private keys ）

Private key ：id_rsa

Public key ：id_rsa.pub

[[email protected] ~]# cd ~/.ssh/
[[email protected] .ssh]# ll
total 8
-rw------- 1 build build 1679 Jul 18 15:14 id_rsa
-rw-r--r-- 1 build build  396 Jul 18 15:14 id_rsa.pub

Two 、 Download private key to local （ Connect to the client ）

1、 Download the private key to the connection client

When the key pair is generated , Put the private key （id_rsa） Download to connect client local , such as , I will download it to my Windows Local , And then through Xshell Client tools ssh Connect to the target server remotely .

2、Xshell configure connections

• Connect

  

• User authentication , Finally, click “ Connect ”

  

• choice “ Browse ” Under Options “ file ”, And select the private key file we just downloaded from the target server

  

• Finally, click “ determine ”

  But at this time, you will find that you still need to enter root User password . This is not what we need , What we need is direct password free login , Otherwise it doesn't make any sense .

  

3、 ... and 、 The remote server copies the public key （ Realize the secret free ）

According to the error in the above figure , So we also need to configure password free login , It's simple , The two methods .

• If it is a key pair generated by itself on the target server , It's just ~/.ssh/ Create a new directory named authorized_keys The file of （ If it doesn't exist ）, And copy and paste your public key into the file .
• If ssh The key pair is not generated directly on the target server , You need to copy the key pair to the target server , And generate the corresponding authorized_keys file .

say something authorized_keys file , This file is the file to realize secret free login , What we use ssh-copy-id <192.168.56.133> In fact, it is to distribute your public key to 133 Realize secret free login on the target server .

That is to say, my remote target server needs to contain at least the following three files , In order to realize secret free login in the way of private key .

[[email protected] .ssh]# ll
total 12
-rw------- 1 root root  395 Jul 18 15:50 authorized_keys
-rw------- 1 root root 1675 Jul 15 17:03 id_rsa
-rw-r--r-- 1 root root  395 Jul 15 17:03 id_rsa.pub

Here's the picture , You can log in normally .