Key authentication for SSH and SSH

1. What is openssh

is a software that provides remote access control.

2. remote login via ssh

SSH [email protected] # Login

Louout # Log Out

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/86/F6/wKioL1fP2MCQ4wcLAAFQgJ_mgnc851.png "title=" Picture 1.png "alt=" Wkiol1fp2mcq4wclaafqgj_mgnc851.png "/>

2.ssh key authentication

key is divided into public Keyand PrivateKey# Public Key equivalent to lock private Keyequivalent to the key

(1) Create key

Ssh-keygen # Generate key

[[email protected] desktop]# Ssh-keygen # Create key

Generating public/private RSA key pair. # Creation Process

Enter file in which to save the key (/root/.ssh/id_rsa): # generates A key storage location, it is recommended to use the default

Enter passphrase (empty for no passphrase): #key password, can be empty

Enter same passphrase again: # repeat key 's password

Your identification has been saved In/root/.ssh/id_rsa.

Your public key has been saved in/root/.ssh/id_rsa.pub.

The key fingerprint is:

8c:dd:ed:96:49:73:db:e8:38:0a:7c:fc:25:90:c4:42 [email protected]

The key ' s Randomart image is:

+--[RSA 2048]----+

| E |

| .       . |

| . o |

| + + O |

| .  S + +. |

| . . + = + |

| o O * +. |

| o o.= |

| .. O.. |

+-----------------+ # creation process

Key storage location #is_rsa. Pub is the public key,Id_rsa is the private key

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/86/F7/wKiom1fP2Omg1j9MAAB04MzRNpA036.png "title=" Picture 2.png "alt=" Wkiom1fp2omg1j9maab04mzrnpa036.png "/>

(2) use key to encrypt target user of target host

Ssh-copy-id-i/home/test/.ssh/id_rsa.pub [email protected]

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/86/F6/wKioL1fP2QSBT1SIAAFWHzwAxyk633.png "title=" Picture 3.png "alt=" Wkiol1fp2qsbt1siaafwhzwaxyk633.png "/>

Ssh-copy-id # # # tools to upload key

- I. # # # Specifies the public key to use

/home/test/.ssh/id_rsa.pub ##### using the name of the public key

Root # # # of managed target users

172.25.28.10 # # # IP of the host on which the managed user resides

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M02/86/F8/wKiom1fP2RrT8kpgAAB-MtcmatE397.png-wh_500x0-wm_3 -wmp_4-s_327287044.png "title=" image 4.png "alt=" Wkiom1fp2rrt8kpgaab-mtcmate397.png-wh_50 "/>

The highlighted Authorized_keys file is the final key file created. # The content is the same as the public key. Can be sent to specific users for their login.

(3) Simple configuration of sshd services

/etc/ssh/sshd_config # # #sshd configuration file for service

permitrootlogin yes|no# # # # # # allows the root user to pass sshd The Certification

passwordauthentication Yes|no # # # Turn user password Authentication on or off

allowusers Student Westos # # # user Whitelist, only allow users appearing on the list to use the sshd service

systemctl Restart sshd # # Reload configuration

Key authentication for SSH and SSH