First, the question
As above, a machine often need remote operation B machine, transfer files to B machine, each time the password is too cumbersome to enter the account, the following SSH public key can solve the problem of password-free operation.
Second, the settlement
1. The programme
SSH authentication adopts public key and private key authentication mode.
2. Step 1) A m
can be modified for an SSH configuration that wants to connect to a Linux operating system with a public key:
# Vi/etc/ssh/sshd_config//Open the following content
Hostkey/etc/ssh/ssh_host_rsa_key
Rsaauthentication Yes
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authori
Requirements: Four Linux hosts, IP address 192.168.10.10/11/12/13, configure root user equivalence1. Each node Ssh-keygen generates an RSA key and public key?
1
ssh-keygen -q -t rsa -N "" -f ~/.ssh/id_rsa
, retains the public key file as Authorized_keys, and downloads the public key private file to the client locally, which is provided to the SECURECRT connection for use. 1. Create a public key with Ssh-keygen (SERVER1)[Email protected] ~]# Ssh-keygenGenerating public/private RSA key pair.Enter file in which to save the key(/ROOT/.
" for the remote server1. Generate SSH private key and public key on a "the generated files are all in the ~/.ssh directory"[Plain]View PlainCopy
ssh-keygen-t RSA # #需要3次回车
Ssh-keygen-t Rsa-p # #仅一次回车
2, the publ
Every time you log in to Linux need to enter a large number of passwords (sometimes wait a long time to enter the password, the article finally has a solution), password set too short, security is not high, long hard to remember and input trouble.Using a key to log in can not only eliminate the steps of password entry, but also improve the security of the server.1. Generate the keyExecute ssh-
Operating System:centos 6.5 64bitSSH Clients:putty/puttygen1) Installing the SSH service#yum install-y openssh-server//install SSH service #/etc/init.d/sshd start//start SSH Service #netstat-anpt | grep sshd//To see if it started successfully2) generate the key on the server#ssh-ke
password every time, we need to configure SSH without password login more convenient.Enter exit to exit just SSH, go back to our original terminal window, then use Ssh-keygen to generate the key and add the key to the authorization:exit # 退出刚才的 ssh
under the user's root directory and compares it to the public key that was sent over. If two keys are consistent, the server encrypts the "challenge" with the public key and sends it to the client software (Putty,xshell, etc.). After a client receives a challenge, it can be decrypted and sent to the server with a local private key, which is quite secure.
First, generate the key
Because Puttygen generated key problems may occur: "Server refused our key", it is best to use Xshell to generate th
Many of the online SSH-free password use git commands do not take into account the situation of multiple public key keys, here to collect and tidy up the management of multiple SSH public key keys.
The public key and the key are generated first, and by default the public key has a file name that is more than the end of the key. Pub, for example, to manage SSH pub
Configure dual-host SSH trust in LinuxI. Implementation principle using a "public/private key" authentication method for ssh login. A simple explanation of the "Public/Private Key" authentication method is: first, create a pair of public/private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /.
under the root directory of the user, and then compares it with the public key sent. If the two keys are consistent, the server uses the public key to encrypt the question and send it to the client software (putty, xshell, etc ). After receiving the question, the client can decrypt it with a local private key and then send it to the server. This method is quite safe.1. Generate a key
Because the key generated by puttygen may have a problem: "Server refused our key", it is best to use XShell to
More and more webmasters begin to use independent hosts and VPS. In order to save costs or improve performance, many independent machines and VPS are all unmanaged bare-metal machines, and everything needs to be DIY. At this time, the implementation of security policies is still important. In the following article, I will take CentOS as an example to briefly summarize how to configure Secure SSH access.
Linux
I. Implementation Principle
Use a public/private key authentication method for ssh login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /.
I. Implementation Principle
Use a public/private key authentication method for SSH login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~
full description of SSH authentication:https://www.ibm.com/developerworks/cn/linux/security/openssh/part1/Description: Point me to checkToday we only say to generate SSH key, so as to achieve the purpose of password-free landing.Do not know what SSH is to look at the description. All right, no more nonsense.System: Cen
Operating System:centos 6.5 64bitSSH Clients:putty/puttygen1) Installing the SSH service#yum install-y openssh-server//install SSH service #/etc/init.d/sshd start//start SSH Service #netstat-anpt | grep sshd//To see if it started successfully2) generate the key on the server#ssh-ke
First, the realization principle
SSH logon is done using a method known as "Public key" authentication. A simple explanation for the "public Key" authentication method is:
First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), and then put the public key on the server (~/.
server through my own VPN. The settings are as follows:
# edit/etc/hosts.allow
vi/etc/hosts.allow
# For example, only allow 123.45.67.89 login
sshd:123.45.67.89
Linux SSH security Policy four: Login SSH with certificate
Using a certificate is more secure than using a password to log on. tap water for coffee has written a detailed tutorial, with its consent, re
). # The loopback network Interfaceauto loiface Lo inet loopback# the primary NetworkInterfaceauto eth0iface eth0 inet staticaddress 192.168.1.100 #其它Linux服务器的IP需设置在同一网段netmask 255.255.255.0gateway 192.168.1.1 You can query whether IP is set correctly through the Ifconfig command 3, SSH password-free configuration (192.168.1.101 is my other Ubuntu IP) $ssh 192.1
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.