Can we setup a password less authentication between two different uses in two machine.
Eg: Computer A has user A,Computer B has user B. Can we setup passwords ssh that User A from Computer A to log into computer B using his User account(A).
Thank you!!
If I understand your question, can you set up ssh-keys to allow user A and user B to log into to two different computers A & B without providing a password? Sure, but user A can't log into user B's account via ssh any more than user A can log into user B's account on a local machine. (directory ownerships are different for the $HOME, etc.. That's what su is for).
To create a password less login, let's take user A and computer A who has an account on computer B and would like to ssh hostnameB and login without providing a password.
(1) user A creates a public_key and private_key on computer A with ssh-keygen -t ecdsa (for an ecdsa encryption key. dsa keys are no longer supported due to insecurity in the current openssh). When ssh-keygen is run it will create two files (by default in $HOME/.ssh). The keys are id_edcsa (the private key) and id_ecdsa.pub (the public key).
(2) for user A to login to computer B without a password, he must first transfer his public_key to computer B and add it to his $HOME/.ssh/authorized_keys file on computer B. e.g. from computer A:
$ ssh-keygen -t ecdsa # generate key-pair
$ cd ~/.ssh # verify private and public keys created
$ rsync -a id_ecdsa.pub hostnameB:~/.ssh/id_ecdsa.pub.hostA
password: enter pw
$ ssh hostnameB
password: enter pw
$ cd ~/.ssh
$ cat id_dsa.pub.hostA >> authorized_keys # permissions must be 0600
$ exit # exit hostnameB
note: above you could rsync the public_key directory to the computer B ~/.ssh/authorized_keys file if you are sure one does NOT already exist to save time a completely skip the last step copying the transferred file into it above. e.g.
$ rsync -a id_ecdsa.pub hostnameB:~/.ssh/authorized_keys
(you may have to check permissions on computer B afterwards)
Now for the test, user A should no longer need a password to long into computer B. From computer A:
$ ssh hostnameB
$ welcome to hostnameB>
Now you simply repeat the process of creating key-pairs for each user and transferring the public_key to the host you want to access w/o a password and add the public_key to the authorized_keys file. (note: you can just copy the same private_key to everyone's ~/.ssh directory and add the same public_key to everyone's ~/.ssh/authorized_keys file, but that sort of defeats the purpose of having separate keys). note: each authorized_keys file must be owned by the user owning the $HOME/.ssh directory and the file permissions must be 0600 (-rw-------) or sshd will not allow a connection.
That's all there is to it (you can check in /etc/ssh/sshd_config to insure the name of authorized_keys file has not been changed to something else.
Give it a try and let me know if you have questions. I done it hundreds of times -- no issues as long as your follow those rules.
来源:https://stackoverflow.com/questions/36171227/how-to-setup-the-passwords-less-authentication-between-two-different-accounts