Managing multiple Linux hosts can be troublesome when dealing with a large number of login passwords. Using SSH-KEY for logging into servers can effectively solve this problem. The following are the steps to achieve passwordless login to SSH using SSH-KEY. One set of SSH-KEY can be used for all servers.
- Use ssh-keygen to create the public and private keys for logging into remote SSH servers.
ssh-keygen -t [rsa|dsa] -C "comments"
-t can be used to choose between RSA and DSA keys#
-C is optional for adding comments#
After pressing enter, two files will be created in the ~/.ssh directory: id_dsa (private key) and id_dsa.pub (public key). Make sure to securely store the private key.
-
Copy the public key to the corresponding user's ~/.ssh/ directory on the server.
-
Execute the following command in the ~/.ssh/ directory of the server user:
cat id_dsa.pub >> authorized_keys
For the first time, use:#
chmod 600 authorized_keys
Note that for security reasons, authorized_keys must have 600 permissions.
- Modify /etc/ssh/sshd_config to confirm if the public key authentication mode of SSHD is enabled:
# Allow public key authentication. Only applicable for SSH-2.
PubkeyAuthentication yes|no # Enable for SSH-2
Allow pure RSA public key authentication. Only applicable for SSH-1.#
RSAAuthentication yes|no # Enable for SSH-1
- Exit the remote server and try logging in again:
ssh xxx.xxx.xxx.xxx
- Modify /etc/ssh/sshd_config to disable password authentication for SSHD if needed:
Allow password-based authentication.#
PasswordAuthentication yes|no
Allow challenge-response authentication.#
ChallengeResponseAuthentication yes|no
- For MACOS systems, configure SSH connections locally by opening ~/.ssh/Config and editing the file. If it doesn't exist, create a new file.
Host XXX.XXX.XXX.XXX
HostName XXXX.com
Port 22
User root
Set preferred authentication method to public key#
PreferredAuthentications publickey
Set the location of the private key file#
IdentityFile ~/.ssh/id_dsa
Reference: http://www.2cto.com/os/201401/272738.html