Log on to the Linux system through SSH2 (RSA) Verification

Source: Internet
Author: User

SSH is much safer than telnet, and it is more perfect if RSA verification is added.

A key pair is generated and encrypted by passphrase. The public key is placed on the server to be logged on (in the home directory of an account. SSH). The private key is held by a remote hacker. The private key is distributed to authorized users and passphrase is informed.

Once the private key is leaked, passphrase makes the final delay. At this time, the public key of the server is quickly deleted, and the private key in the illegal hands will be voided. They still cannot log on to the server, ensuring security.

Here we use the best remote terminal securecrt in Windows for instance description.

Open the connection window and create a new session. RSA is used to replace the traditional password verification.

Create a session and use the SSH2 protocol.

Register the IP address and User Name of a remote Linux host

Name a session

Enable session option settings

We use publickey for verification. Cancel the password. Otherwise, password verification is preferred!

Select publickey, and enter properties on the right:

The default value is use global public key setting. Here we select the key for a single session. Put the public key and private key on the C drive. Of course, you can also put the public key anywhere. We recommend that you do not have a Chinese path. The last create key.

Select RSA

Passphrase: a password is used to encrypt an RSA key. You can leave it blank so that the key will not be encrypted. during login, it is completely "password-free login" (without any prompt for entering the password, it is very good! But not recommended .)

The longer the key length, the safer it is! The test is performed here. The default value is enough.

Move the mouse over this window until the key is fully generated. Here, the mouse is shaken to obtain a random number (coordinate) to generate a key.

We strongly recommend that you choose OpenSSH, because OpenSSH is free of charge and most Linux systems use OpenSSH, which avoids compatibility and legal issues!

Figure identity is the private key, and identity. Pub is the Public Key

Click "no" to transfer the data to the server in other ways.

Click OK to complete the configuration.

Upload the public key to the Linux Server

Upload via zmodem, which is convenient and convenient! You no longer need to create samba or FTP ~

User directory (I .e ~) Create the. Ssh directory, and change the permission: 700, only allow me to read and write and run. This step is very important. Otherwise, an error will occur in subsequent verification.

Run the RZ command to upload the file. After Entering RZ, a dialog box is displayed. Find the created public key (C: \ identity. Pub) and upload it to the Linux server. The results are shown in the following figure:

Rename identity. Pub to authorized_keys2. 2 indicates that we use SSH2. If SSH is used, it is authorized_keys.

To change the permission, we recommend that you set the code to 600. No one except yourself can read or write the code.

OK. Now you can use RSA verification to log on.

Successfully logged on! To ensure higher security, we should set passwordauthentication of/etc/ssh/sshd_config to no to disable normal password verification. In this way, only RSA Authentication is supported.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.