Linux password free execution of another server script and permission modification

Time:2020-11-26

Password free login

Principle: first, the user generates a pair of keys, and then saves the public key in the ssh server user’s directory, authorized in the SSH subdirectory_ Key file (/ root /. SSH / authorized)_ key)。 The private key is stored in the local computer. When the user logs in, the server checks authorized_ Whether the public key of the key file corresponds to the user’s private key. If the public key matches the user’s private key, login is allowed; otherwise, it is refused. Since the private key is only stored in the user’s local computer, even if the intruder gets the user’s password, he cannot log in to the server.

Configuration file path:/etc/ssh/sshd_config

Note that the SSH secret key path of the non root user is:/home/xxx/.sshIf you are using a non root user, you need to modify the secret key path of SSH in the following tutorial steps. When I deal with this problem myself, I always do it/root/.ssh/The secret key in the path has not been successful. Finally, it is found that it is the user’s problem/home/xxx/.ssh/The secret key in the path is OK.

For example, a 192.168.0.1 host needs to replicate SCP remotely to a 192.168.0.2 host.

1 generate key (server 1)

Using commandsssh-keygen -t rsaKey generation (press enter directly during the generation process)

2 backup public key (server 1)

take/root/.ssh/id_rsa.pubCopy as/root/.ssh/id_rsa.pub_temp

cp /root/.ssh/id_rsa.pub /root/.ssh/id_rsa.pub_temp

take/home/kduser/.ssh/id_rsa.pubCopy as/home/kduser/.ssh/id_rsa.pub_temp

cp /home/kduser/.ssh/id_rsa.pub /home/kduser/.ssh/id_rsa.pub_temp

3 copy the public key to another host (server 1)

takeid_rsa.pub_tempFile remote copy SCP to another target machine/root/.ssh/In the table of contents

scp /root/.ssh/id_rsa.pub_temp [email protected]:/root/.ssh/

takeid_rsa.pub_tempFile remote copy SCP to another target machine/root/.ssh/In the table of contents

scp /home/kduser/.ssh/id_rsa.pub_temp [email protected]:/home/kduser/.ssh/

If there is no directory in server 2, you can generate the key once, or create the directory manually.

4 create authentication file (server 2)

On server 2/root/.ssh/Folder to create a file authorized_ keys:touch authorized_keys

On server 2/home/kduser/.ssh/Folder to create a file authorized_ keys:touch authorized_keys

5. Append the public key content to the authentication file (server 2)

cat id_rsa.pub_temp >> authorized_keys

Modify file permissions and owners

User group

In Linux, each user must belong to a group and cannot be independent of the group. In Linux, each file has the concept of owner, group and other groups

  • owner

    Generally, it is the creator of the file. Whoever creates the file will naturally become the owner of the file

    You can see the owner of the file with the LS ‐ AHL command

    You can also use the chown user name file name to modify the owner of the file

  • File group

    When a user creates a file, the file group is the user’s group

    All groups of files can be seen with LS ‐ AHL command

    You can also use the chgrp group name file name to modify the group where the file is located

  • Other groups

    Except for the owner of the file and the user of the group, the other users of the system are all other groups of the file

file right

ls -lThe contents shown in are as follows:

 -rwxrw-r‐-1 root root 1213 Feb 2 09:39 abc

The first 10 characters determine what different users can do with the file.

  • The first character represents file (-), directory (d), link (L)
  • The rest of the characters are read (R), written (W) and executed (x) every three characters (RWX). It can also be expressed as: r = 4, w = 2, x = 1, so RWX = 4 + 2 + 1 = 7
  • RWX is the first group of read, write, and execute
  • The second group RW -: the permissions of users in the same group as the file owner are read and write, but cannot be executed
  • The third group R –: the permissions of other users who are not in the same group as the file owner are read, write and execute
  • 1 is the number of files connected
  • Root stands for user
  • Root represents the user’s group
  • 1213 indicates the file size (bytes)
  • Feb 2 09:39 is the last modification date
  • ABC stands for the file name

Change authority command

chmod 755 abc: give ABC permission rwxr-xr-x

chmod u=rwx, g=rx, o=rx abcAs above, u = user rights, g = group permissions, o = other user permissions in different groups

chmod u-x, g+w abc: remove the user’s execution permission to ABC and increase the group write permission

chmod a+r abc: add read permission to all users

Change owner (chown) and user group (chgrp) commands

see:ls -al

chown binjf abc: change the owner of ABC to binjf

chgrp root abc: change the ABC Group to root

chown root ./abc: change ABC. The owner of this directory is root

chown ‐R root ./abc: change ABC. The owner of this directory and all the files and directories under it is root

Recommended Today

PHP 12th week function learning record

sha1() effect sha1()Function to evaluate the value of a stringSHA-1Hash. usage sha1(string,raw) case <?php $str = “Hello”; echo sha1($str); ?> result f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0 sha1_file() effect sha1_file()Function calculation fileSHA-1Hash. usage sha1_file(file,raw) case <?php $filename = “test.txt”; $sha1file = sha1_file($filename); echo $sha1file; ?> result aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d similar_text() effect similar_text()Function to calculate the similarity between two strings. usage similar_text(string1,string2,percent) case […]