One: ssh schematic is:
1, is to allow the use of ssh between two Linux machines does not require a username and password. Digital signature RSA or DSA is used to complete this operation
2, model analysis
Assume A (192.168.20.59) is the client machine and B (192.168.20.60) is the target machine; Purpose: A machine ssh login B machine does not need to enter a password; encryption method select rsa|
Dsa can be, default dsa
Second, the specific operation process
One-way login operation process (can meet the above purpose): 1 , log in to A machine 2, ssh-keygen -t [rsa|
Dsa], will generate the key file and private key file id_rsa, id_rsa.pub or id_dsa, id_dsa.pub 3. Copy the .pub file to the .ssh directory of the B machine, and cat id_dsa.pub >> ~/.ssh/authorized_keys 4. You're done, log in to the target account of the B machine from the A machine, no longer need a password; (Run directly #ssh 192.168.20.60)
Two-way login operation :
1, ssh-keygen password verification can make ssh to the other machine, scp does not need to use the password. The specific method is as follows: 2, both nodes perform the operation: #ssh-keygen -t rsa then All carriage returns, using the default value. 3. This creates a pair of keys, which are stored in ~/.ssh in the user directory. Test the public key to the user directory of the other machine and copy it to ~/.ssh/authorized_keys (operation command: #cat id_dsa.pub >> ~/.ssh/authorized_keys).
4, set file and directory permissions: use hadoop users for /home/hadoop home directory, if it is multiple linux, it is best to build the same user name on each
set authorized_keys permissions $ chmod 600 authorized_keys Set the .ssh directory permissions $ chmod 700 -R .ssh
5. Make sure that both .ssh and authorized_keys have write access to the user. Otherwise the verification is invalid. (Today is the problem, looking for a long time problem), in fact, think about it, in order to avoid system vulnerabilities.
When I visit 20.59 from 20.60, I get the following error:
III. Summary Notes
1. Do not set the permissions of files and directories to chmod 777. This permission is too large, not secure, and digital signatures are not supported. I started doing this and I did it.
2. The generated public key of the rsa/dsa signature is used by the other machine. This public key content should also be copied to authorized_keys
(Note that if there are more than three Linux machines such as hostname h1, h2, h3, the username on each station is hadoop, then < on all machines) Br>
/home/hadoop/.ssh/id_dsa.pub Use scp copy to a directory on a machine and write it to /home/hadoop/.ssh/authorized_keys to make it all contain one The large file of the public key, then copy this file to the /home/hadoop/.ssh /authorized_keys under each linux, and then modify the permissions to 600)
3, access between linux Direct ssh machine ip
4, a machine generates its own RSA or DSA digital signature, the public key to the target machine, and then the target machine to receive the relevant permissions (public key and authorized_keys permissions), this The target machine can be digitally signed by the machine without password access
---------------------
linux establishes trust, has been added to authorized_keys, is unsuccessful; permission problem
Establishing trust relationship between Linux hosts Establish a trust relationship between host A and host B, so that Machine A can log in to host B without password ssh.
There are three points to note, if you have done the above method, or not, then compare the following three:
The third (3) is too pit, because the /home/user directory is 777, not 755, why not, the trust relationship can not be built, and finally /The permissions of the home/user directory were changed from 777 to 755. . . >_<, a big pit. . .
Operating system: Centos6 1.Discover the problem Ping external network packet loss is serious, ping
With ubuntu for a long time, many people will suddenly give a hint: disk space is less than 1G! Then
Speaking of the easiest way to install the system is to find a system installation CD and then slowl
There are a lot of posts on the network about how to install Sogou input method on Ubuntu, but it se
Samba and linux file permissions
Linux system reloading and restoring
Simple and easy to use calculator bc
Ubuntu graphical desktop and command line interface Switch shortcuts
Explain the find and locate commands for finding directories and files in Linux
Find the difference between find, locate, whereis, which, type in linux
How to configure Chinese input method in Linux environment
The difference between the linux command su and su- The maximum essential difference between the
Give win7 system to lose weight
What is the meaning of XP's boot menu?
Set the custom 404 error page in IIS, can not enter the URL address solution
Linux environment variable settings file
Introduce more hardware vendors to join the Windows Phone 8 camp
How to remove system compressed files in Win10 disk cleanup
c disk full of space is insufficient how to do _c disk which files can be deleted (a)