当前位置:网站首页>Detailed explanation of SSH password free login
Detailed explanation of SSH password free login
2022-07-05 13:57:00 【Brother Xing plays with the clouds】
For better understanding SSH Password free login principle , Let's talk about it first SSH Security verification of ,SSH It's using ” Asymmetric key system ”, That is the familiar public key and private key encryption system , Its security verification is divided into two levels .
1. Password based security verification
This way, you can log in online with your user name and password , In general, we use this method . The whole process is as follows :
(1) Client initiates connection request .
(2) The remote host receives a login request from the user , Send your public key to the client .
(3) The client receives the public key of the remote host , Then use the public key of the remote host to encrypt the login password , Then send the encrypted login password together with your public key to the remote host .
(4) The remote host receives the public key and encrypted login password of the client , Decrypt the received login password with your own private key , If the password is correct, login is allowed , So far, both sides have each other's public key , Start two-way encryption and decryption .
PS: When there is another fake in the network The server When impersonating a remote host , The connection request of the client is The server B Intercept , The server B Send your own public key to the client , The client will encrypt the password and send it to the fake server , The fake server can get the password with its own private key , Then do whatever you want . So when you first link to a remote host , In the second step of the above steps (3) In step , Will prompt you the current remote host's ” Public key fingerprint ”, To confirm whether the remote host is a genuine remote host , If you choose to continue, you can enter your password to log in , When the remote host accepts , The public key of the server will be saved to ~/.ssh/known_hosts In file .
2. Key based security verification
In this way, you need to create a pair of keys for yourself in the current user's home directory , And put the public key on the server that needs to log in . When you want to connect to the server , The client will request the server to use the key for security authentication . After the server receives the request , You will find your public key in the home directory of the user you requested to log in to on the server , Then compare it with the public key you sent . If the two keys are the same , The server uses the public key to encrypt “ inquiry ” And send it to the client . Client received “ inquiry ” Then decrypt it with your own private key and send it to the server . Compared with the first level , The second level does not need to send passwords over the network .
PS: Simply speaking , Is to put the client's public key on the server , Then the client can log in to the server without password , So where should the client's public key be placed on the server ? The default is under the home directory of the user you want to log in .ssh In the catalog authorized_keys In file ( namely :~/.ssh/authorized_keys).
3. Use scenarios
rsync Password free login during automatic backup , colony In the environment, hosts need to communicate with each other, such as :Hadoop, At present, Xiaobian only involves these two places , There are other places to use and supplement in the future ~
3. Related configuration items
SSHD The configuration file for the service is located in /etc/ssh/sshd_config
Configuration item 1 :PubkeyAuthentication Whether to allow login using key authentication
Configuration item II :AuthorizedKeysFile Allow the public key of the login host to store files , The default is... In the user's home directory .ssh/authorized_keys
4. Permission problems
.ssh Folder 700 chmod 700 .ssh
authorized_keys file 644 chmod 644 .ssh/authorized_keys
5. Configuration to realize
The server :192.168.0.10 user :server
client :192.168.0.11 user :client
# Client configuration
# Use client The user logs in and enters the home directory
# cd /home/client
# Establish authentication public key and private key
# ssh-keygen -t rsa ( There will be a prompt for the password , Just go back )
# Then it will be created in the home directory .ssh Folder , There are id_rsa( Private key ) and id_rsa.pub( Public key ) Two documents
# Upload the public key file to the server server Home directory
# scp ~/.ssh/id_rsa.pub [email protected]:~
# Server side configuration
# Use server The user logs in and enters the home directory
# cd /home/server
# establish .ssh Folder
# mkdir .ssh;
# Modify folder permissions
# chmod 700 .ssh
# Send the client to id_rsa.pub The contents of the file are added to authorized_keys in
# cat id_rsa.pub >> .ssh/authorized_keys
# chmod 644 .ssh/authorized_keys
Then you use... From the client client User login server server The user does not need to enter a password , But the first time you connect, you will still be prompted to check the public key fingerprint of the remote host and store it in ~/.ssh/known_hosts file .
边栏推荐
- IP packet header analysis and static routing
- Sqllab 1-6 exercise
- Anchor navigation demo
- Data Lake (VII): Iceberg concept and review what is a data Lake
- 锚点导航小demo
- When there are too many input boxes such as input transmitted at one time in the form, the post data is intercepted
- Recommendation number | what are interesting people looking at?
- Leetcode array question brushing notes
- js 从一个数组对象中取key 和value组成一个新的对象
- Elk enterprise log analysis system
猜你喜欢
NFT value and white paper acquisition
Laravel框架运行报错:No application encryption key has been specified
深拷贝真难
Comparison of several distributed databases
神经网络物联网未来发展趋势怎么样
Internal JSON-RPC error. {"code":-32000, "message": "execution reverted"} solve the error
荐号 | 有趣的人都在看什么?
Liar report query collection network PHP source code
Those things I didn't know until I took the postgraduate entrance examination
嵌入式软件架构设计-消息交互
随机推荐
ELFK部署
About the problem and solution of 403 error in wampserver
Laravel generate entity
Wechat app payment callback processing method PHP logging method, notes. 2020/5/26
Ueditor + PHP enables Alibaba cloud OSS upload
Set up a website with a sense of ceremony, and post it to the public 2/2 through the intranet
常见问题之PHP——Fatal error: Allowed memory size of 314572800 bytes exhausted...
Apicloud studio3 WiFi real machine synchronization and WiFi real machine preview instructions
Elfk deployment
深拷贝真难
鸿蒙第四次培训
:: ffff:192.168.31.101 what address is it?
Selenium crawls Baidu pictures
leetcode 10. Regular expression matching regular expression matching (difficult)
ZABBIX monitoring
Network security - Novice introduction
Controller in laravel framework
Request + BS4 crawl Netease cloud music popular comments
搭建一个仪式感点满的网站,并内网穿透发布到公网 2/2
In addition to the root directory, other routes of laravel + xampp are 404 solutions