PuttySSH password-free logon _ How to enable Putty to log on to Linux with a password-free SSH Certificate

PUTTY does not support remembering passwords by default. It is not recommended to use the modified version. Fortunately, SSH supports certificate login. I also asked my friends in the production environment that they also use certificates when logging on to SSH.

Generally, Linux VPS is cheaper than Windows, so several VPS are available in CentOS. The random password generated by the system for accounts with root permissions is complicated. Generally, we can change the password to something we can remember for convenience. However, this is not safe. Password is only seemingly safe. Therefore, after activating the Linux system VPS, we must make some basic security settings for SSH logon.
The public key and private key can be used to achieve SSH password-less login. Follow these steps:
1. Generate public and private keys
Most releases in Linux use OpenSSH, so it is best to use ssh-keygen to generate a public key and private key.CommandIf PUTTYGEN. EXE is generated using putty, it is incompatible with OpenSSH, resulting in a server refused our key error during logon.

 

Run the following command after logging on with root.

Ssh-keygen-t rsaGenerating public/private rsa key pair. enter file in which to save the key (/root /. ssh/id_rsa): # enter the default path Created directory '/root /. ssh '. enter passphrase (empty for no passphrase): # Enter the password phrase (if left empty, press Enter) Enter same passphrase again: # repeat the password phrase Your identification has been saved in/root /. ssh/id_rsa.Your public key has been saved in/root /. ssh/id_rsa.pub.The key fingerprint is: 04: e1: 93: 92: 95: ba: 55: 21: 58: 05: 7d: 57: 58: 92: 32: d3 root @ vpnThe key's randomart image is: + -- [RSA 2048] ---- + | oB * o... = o |. +. + o = E. | o. +... = |... o | o S |. | + --------------- +

Two files are generated under the/root/. ssh/directory. id_rsa is the private key and id_rsa.pub is the public key. The private key is downloaded to the local computer and saved properly. The public key can be made public at will.

2. Import the Public Key
Run the following command.

cat /root/.ssh/id_rsa.pub >>  /root/.ssh/authorized_keys

3. Modify the SSH configuration file
Modify the SSH configuration file/etc/ssh/sshd_config and find the following three lines:

#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile.ssh/authorized_keys

Remove the previous # and save it.
Restart the SSH service and run the following command:
Service sshd restart

4. Create a private key for putty.
Download/root/. ssh/id_rsa from VPS to a local directory, and use PUTTYGEN. EXE to convert it to the ppk file for putty.

Click File and Load private key to import the/root/. ssh/id_rsa File. The following figure shows the success:

Click the Save private key button to generate a file with the suffix "ppk", for example, "teddysun. ppk". This file is the created private key for putty login without a password and is saved properly.

5. Configure putty
The easiest way is to create a desktop shortcut. You can log on to VPS without a password by double-clicking it.
Find the putty.exe file, right-click to create a desktop shortcut, and then edit the shortcut on the desktop. In the project column, modify the parameters as follows.

"C:\Program Files\PUTTY\PUTTY.EXE" -i "D:\key\teddysun.ppk" root@xxx.xxx.xxx.xxx

Change to the complete path for storing the private key, and replace xxx. xxx with your vps ip address.

Now, you can double-click the putty shortcut to see if you can log on without a password.

6. disable SSH password login
After the above step 1 is verified as OK, you can disable SSH Password Logon for security purposes.
Modify the SSH configuration file/etc/ssh/sshd_config and find the following line:

PasswordAuthentication yes

To:

PasswordAuthentication no

Restart the SSH service and run the following command:
Service sshd restart

Get it done, and close the job. Now, you can only log on to the VPS with the private key, which greatly enhances the security. Finally, by the way, do not tell me what to do if the private key is lost (I have said it should be properly saved ).