陷阱
Linux7开始,默认在selinux级别上都有所增强,特别对于.ssh文件的 上下文 属性必须是ssh_home_t,否则导致其他权限都正确的情况下,passwordless ssh还是会失败。
1. Config the ssh - /etc/ssh/ssh_config
# - ensure the correct values for the following parameters
PasswordAuthentication yes
ChallengeResponseAuthentication yes
UsePAM yes
# - Then restart the sshd
systemctl restart sshd
2. Generate the ssh key with bits of 4096
#- The default key is of 2048 bits
ssh-keygen -t rsa -b 4096
3. Plant the public key in authorized_keys into the remote server
# Method 1 sample
ssh-copy-id remote_username@remote_IP_Address
# Method 2 sample
cat ~/.ssh/id_rsa.pub | ssh remote_username@remote_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
# Method 3 sample
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
# - Especially for linux 7 or higher
restorecon -FRvv ~/.ssh
restorecon -FRvv ~/.ssh/*
4. Implement the same and ensure the permission and context for .ssh and authorized_keys are the same
5. Verify the connection without prompt
ssh remote_server_name date
- passwordless between servers manual Setuppasswordless between servers manual passwordless transferring passwordless managing multiple manual manually pydoc_manual_document fpga hello-fpga coaxpress manual credentials unauthorized incorrect manually pydoc_manual_document document手册manual manual pop-in table mode