In Linux systems, SSH is the default tool for remote logins because the tool's protocol uses the RSA/DSA encryption algorithm. This tool is very secure for remote management of Linux systems. Telnet, because of its insecurity, is shelved in the Linux system.
"Public Private Key" authentication method Simple Explanation: First create a pair of public private key (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa) on the client. Then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When using SSH login, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.
The Ubuntu and Cygwin configurations are smooth, and there are a number of issues with configuring the CentOS system. In this paper, CentOS (CENTOS5) as an example in detail how to configure the certificate authentication login, the following steps:
Verify that the system is already installed OpenSSH server and client confirm the native sshd configuration file (root)
$ vi/etc/ssh/sshd_config
Find the following and remove the comment "#"
Rsaauthentication Yes
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
If you modify the configuration file, you need to restart the sshd service (root)
$ vi/sbin/service sshd Restart
Execute test command after SSH login system
$ ssh localhost
Enter will prompt you for the password because we have not generated the certificate at this time.
2.7 Steps to generate a certificate public private key
$ ssh-keygen-t Dsa-p "-F ~/.SSH/ID_DSA
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
2.8 Test Login SSH localhost
$ ssh localhost
Under normal circumstances will be successful login, display some successful login information, if the failure please see the following " general debugging steps."
2.9 General Commissioning Steps
I failed in the configuration, follow the above steps are still prompted to enter a password. Then use SSH-V display detailed login information to find the reason:
$ ssh-v localhost
The Enter shows the detailed login information as follows:
。。。。。。 Omitted
Debug1:authentications that can Continue:publickey,gssapi-with-mic,password
Debug1:next Authentication Method:gssapi-with-mic
Debug1:unspecified GSS failure. Minor code may provide more information
Unknown Code KRB5 195
Debug1:unspecified GSS failure. Minor code may provide more information
Unknown Code KRB5 195
Debug1:unspecified GSS failure. Minor code may provide more information
Unknown Code KRB5 195
Debug1:next Authentication Method:publickey
Debug1:trying private key:/home/huaxia/.ssh/identity
Debug1:trying private key:/home/huaxia/.ssh/id_rsa
Debug1:offering Public Key:/HOME/HUAXIA/.SSH/ID_DSA
Debug1:authentications that can Continue:publickey,gssapi-with-mic,password
Debug1:next Authentication Method:password
[email protected] ' s password:
At the same time with the root user login to view the system log files:
$tail/var/log/secure-n 20
。。。。。。 Omitted
Jul 11:21:05 shnap sshd[3955]: Accepted password for huaxia from 192.168.8.253 Port 51837 ssh2
Jul 11:21:05 shnap sshd[3955]: Pam_unix (sshd:session): Session opened for user Huaxia by (uid=0)
Jul 11:21:47 shnap sshd[4024]: Connection closed by 127.0.0.1
Jul 11:25:28 shnap sshd[4150]: authentication Refused:bad ownership or modes for file/home/huaxia/.ssh/authorized _keys
Jul 11:25:28 shnap sshd[4150]: authentication Refused:bad ownership or modes for file/home/huaxia/.ssh/authorized _keys
Jul 11:26:30 shnap sshd[4151]: Connection closed by 127.0.0.1
。。。。。。 Omitted
There is a problem with the permissions of the file/home/huaxia/.ssh/authorized_keys from the log information above .
See the following files for more information on/home/huaxia/.ssh/:
$ LS-LH ~/.ssh/
Total 16K
-rw-rw-r--1 Huaxia huaxia 602 07-13 11:22 Authorized_keys
-RW-------1 Huaxia huaxia 672 07-13 11:22 ID_DSA
-rw-r--r--1 Huaxia huaxia 602 07-13 11:22 id_dsa.pub
-rw-r--r--1 Huaxia huaxia 391 07-13 11:21 known_hosts
Modify the permissions of the file Authorized_keys ( the settings for permissions are important, because unsafe setting of security settings will make it impossible for you to use the RSA feature):
$ chmod ~/.ssh/authorized_keys
Test again to log in as follows:
$ ssh localhost
Last login:wed Jul 14:04:06 from 192.168.8.253
See this message indicates that the machine has been successfully implemented without password login.
2.10 Authentication Login Remote Server
Note: The remote server OpenSSH service will certainly start.
Copy locally produced key to remote server side (two methods)
1) Method One:
$cat ~/.ssh/id_rsa.pub | SSH remote User name @ Remote server IP ' cat->> ~/.ssh/authorized_keys '
2) Method Two:
To perform on this machine:
$ SCP ~/.ssh/id_dsa.pub [email protected]:/home/michael/
Log on to the remote server [email protected] after the execution:
$ cat Id_dsa.pub >> ~/.ssh/authorized_keys
Test of the remote login 192.168.8.148 of the machine:
$ssh [email protected]
Linux michael-virtualbox 2.6.35-22-generic #33-ubuntu SMP Sun Sep 20:34:50 UTC all i686 gnu/linux
Ubuntu 10.10
Welcome to ubuntu!
* documentation:https://help.ubuntu.com/
216 packages can be updated.
Updates are security updates.
New release ' Natty ' available.
Run ' Do-release-upgrade ' to upgrade to it.
Last login:wed Jul 14:46:37 from Michael-virtualbox
[Email protected]:~$
Visible has been successfully landed.
If the login test is unsuccessful, you need to modify the permissions on the file Authorized_keys on the remote server 192.168.8.148 ( The settings for permissions are important because unsafe settings will make it impossible for you to use the RSA feature )
chmod ~/.ssh/authorized_keys
Focus, this configuration has many problems, first of all, Authorized_keys content errors, mainly or careless problems
Then there is the issue of permissions, which must be required as follows:
. SSH Parent Directory hadoop/permission if 700
DRWX------. Hadoop hadoop 4096 November 16:22 Hadoop
. SSH is also 700
DRWX------. 2 Hadoop hadoop 4096 November 16:19 SSH
Authorized_keys's permission needs to be 644.
-rw-r--r--. 1 Hadoop Hadoop 610 November 16:09 Authorized_keys
CentOS SSH login without password