[DO Home] How will Linux hosts to achieve non-root users?

First, the conditions:

1. Host A => 10.114.3.11

2, host B => 10.114.3.12

3. The SSH service of host A accesses host B is a quick, but to enter a password;

Second, the goal:

When accessing host B from host A, you don’t need to enter a password, that is, you can implement free access;

For example, when Jenkins is published, host A is the host of Jenkins, and host B is the target application deployment host.

Third, the operation is divided below:

[1/4], generate the RSA public key and private key on the host A, execute the command [SSH-Keygen -t RSA], and three consecutive return cars, remember not to have any interaction input;

[deploy_user @ bogon .ssh] $ ssh-keygen -t ra

GENERATING PUBLIC / Private RSA Key Pair.

Enter File In Which To Save The Key (/Home/Deploy_user/.ssh/id_rsa):

/Home/dePloy_user/.ssh/id_rsa already exists.

OVERWRITE (Y / N)? Y

ENTER Passphrase (EMPTY for no passphrase):

ENTER SAME Passphrase Again:

Your Identification Has Been Saved in /Home/dePloy_user/.ssh/id_rsa.

Your public key has been saved in /Home/deploy_user/.ssh/id_rsa.pub.

The key fingerprint IS:

SHA256: 6LI + UN8CJNJ50BNJOJQ0JCHPKDGY / XENO7H + IEXBOH4 deploy_user @ bogon

The Key’s Randomart Image IS:

+- [RSA 2048] —- +

| + B.O |

| B =. O. |

|. =. + + |

|. +. +. o |

| =. ++. .S |

| ..Eo + o. |

| .o.oooo |

|. = .o * o. |

|. = + = O. |

+– [sha256] —– +

[2/4] Check if there is file on host B: /Home/Deploy_user/.ssh/authorized_keys

If you don’t exist, you can manually create directories and files.

[3/4] Perform the following command on the host A, the public key of the host A is placed in the host B authentication keys file /Home/deploy_user/.ssh/authorized_keys

# Cat /Home/Deploy_user/.ssh/id_rsa.pub | ssh [email protected] ‘cat >> /Home/deploy_user/.ssh/authorized_keys’

[4/4] Check the file directory and file permissions on the host A

[deploy_user @ bogon .ssh] $ PWD

/Home/deploy_user/.ssh

[deploy_user @ bogon .ssh] $ ll

Total dosage 16

-rw ——-. 1 deploy_user root 399 August 5 17:47 Authorized_Keys

-rw ——-. 1 deploy_user root 1679 August 5 21:29 ID_RSA

-rw-r – r – r-. 1 deploy_user root 399 August 5 21:29 ID_rsa.pub

-rw-r – r – r–. 1 deploy_user root 173 August 5 17:23 KNOWN_HOSTS

You must press the following permissions: It is recommended that host A and host B are set according to this permission.

Host A and host B need: chmod 700 .ssh

Main machine B needs: chmod 600 authorized_keys

Fourth, check the SSH service of the host B on the host A;

[deploy_user @ bogon .ssh] $ ssh [email protected] login: WED AUG 5 21:28:04 2020 from 10.114.3.11

[deploy_user @ bogon ~ iconfig -a

Eth0: flags = 4163 MTU 1500

INET 10.114.3.12 Netmask 255.255.255.0 Broadcast 10.114.3.255

INET6 Fe80 :: BC46: 8EB0: FD84: F77B Prefixlen 64 ScopeID 0x20

Ether 00: 15: 5D: 02: 0E: 01 TXQUEUELEN 1000 (Ethernet)

RX Packets 32221095 BYtes 32087996313 (29.8 GIB)

RX Errors 0 Dropped 15 Overruns 0 Frame 0

Tx Packets 11917673 BYtes 12525092188 (11.6 GIB)

TX Errors 0 Dropped 0 Overruns 0 Carrier 0 Collisions 0

LO: Flags = 73 MTU 65536

INET 127.0.0.1 Netmask 255.0.0.0

INET6 :: 1 prefixlen 128 scopeid 0x10

Loop TXQuelen 1000 (Local Loopback)

RX Packets 298241928 BYtes 27753100908 (25.8 GIB)

RX Errors 0 Dropped 0 overruns 0 Frame 0

Tx Packets 298241928 BYtes 27753100908 (25.8 GIB)

TX Errors 0 Dropped 0 Overruns 0 Carrier 0 Collisions 0

¡¾summary¡¿

1. Use the mechanism of the public key in the non-symmetric password of the RSA;

2, two hosts .SSH permissions must be 700, and the active host’s authorized_keys permission must be 600;

3. When the secret key is produced by the RSA, do not enter the verification data, so that it can be imported, it is quite free;

¡¾Tips¡¿

If you feel satisfied, you can choose to support, your support is my biggest motivation:

Related Posts