ssh passwordless login requires public and private keys. Under linux, you can use ssh-keygen to generate a public/private key pair. Below I take CentOS as an example.
There are machines A (192.168.1.155), B (192.168.1.181). Now I want to log in to B through ssh without password.
1. Generate a public/private key pair on the A machine.
-P means password, -P '' means empty password, you can also not use -P parameter, so you need three carriage returns, and -P is used for one carriage return.
It generates .ssh directory under /home/chenlb with id_rsa and id_rsa.pub under .ssh.
2. Copy id_rsa.pub from computer A to computer B. In the .ssh/authorized_keys file of computer B, I use scp to copy it.
[email protected] ' s password:
id_rsa.pub 100% 223 0.2KB/s 00:00
Since there is no password-free login yet, you need to enter a password.
3. Machine B adds the id_rsa.pub copied from machine A to the .ssh/authorzied_keys file.
[chenlb@B ~]$ chmod 600 .ssh/authorized_keys
The authority of authorized_keys should be 600 .
4. Machine A logs in to machine B.
The authenticity of host ' 192.168.1.181 (192.168.1.181) ' can ' t be established.
RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ' 192.168.1.181 ' (RSA) to the list of known hosts.
Last login: Thu Jul 3 09:53:18 2008 from chenlb
[chenlb@B ~]$
第一次登录是时要你输入yes。
现在A机可以无密码登录B机了。
小结:登录的机子可有私钥,被登录的机子要有登录机子的公钥。这个公钥/私钥对一般在私钥宿主机产生。上面是用rsa算法的公钥/私钥对,当然也可以用dsa(对应的文件是id_dsa,id_dsa.pub)
想让A,B机无密码互登录,那B机以上面同样的方式配置即可。
参考:SSH-KeyGen 的用法 http://blog.163.com/chen98_2006@126/blog/static/158584272007101862513886/