Configure key authentication to login Ubuntu (next)

Outline:

• Using the certificate login, can reduce the use of passwords, to avoid password leakage, certificate landing more convenient and secure.
• The Secure CRT and putty principle are the same, generating key pairs (key pair) operations are different.

1, generate key pair, first take securecrt as an example

The key type has RSA and DSA two kinds, sshd_config inside two kinds of support, generally choose RSA.

512-2048-bit length optional.

Passphrase: This place is similar to a password, in the establishment of the session will be asked to input, the individual feel that there is no need to fill out the equivalent of the certificate in the process of landing and added the password this thing.

Note: Just fill in, can be described as a paragraph, this content will be visible in the contents of the private key.

2. After generating the key pair, save the public key and private key to local. The private key is automatically applied to global variables or can be added manually.

Public key: Identity.pub

Private key: Identity

The client configuration is complete.

3, upload the public key identity.pub to the user directory on the server ~/.ssh/authorized_keys, the name is arbitrary, and sshd_config in the same configuration file.

mkdir. SSH #在需要开启ssh连接的用户目录下建立. SSH directory, if it does not exist, create it yourself.

chmod. SSH

There are many ways to upload

1) If it is a virtual machine, pull directly into or through share folder.

2) FTP, in advance to build a good FTP server such as VSFTPD. You can use the command line method + third-party tools.

3) Samba, as described in the previous article.

4) sftp (Secure FTP), SFTP is based on SSH protocol, SECURECRT comes with, connect after use and FTP, command line + Third Party tool (FILEZILLA/WINSCP)

Ps1:ftp and SFTP are file transfer protocols, the FTP default port is 23,sftp based on SSH, and the default port is the same as SSH 22. SFTP is encrypted file transfer, which is more secure than FTP.

Given that the SSH certificate login is not completed, you can temporarily allow SSH to log in with a password to establish a session, and then upload the public key.

LS list server current directory, CD switch directory

LLS list local current directory, LCD switch local current directory

Put is uploaded to the server, get is downloaded locally, so we can use put identity.pub.
PS2: Since our ssh is using OpenSSH, the low-version CRT does not support the local export of the OpenSSH format, which can be uploaded to the server and then converted using Ssh-keygen.

#ssh-keygen-i-F identity.pub >>~/.ssh/authorized_keys #这个地方用 >> append symbol because there may be two different public keys in this file, For example, I use the putty generated by the pair key.

#chmod 644. Ssh/authorized_keys

4. Change the SSH configuration file
Vim/etc/ssh/sshd_config #修改ssh配置文件, requires root access
Permitrootlogin No #禁止root登录
Pubkeyauthentication Yes #启用公告密钥配对认证方式
Authorizedkeysfile . Ssh/authorized_keys #这个地方名字保持一致即可
rsaauthentication Yes #允许RSA密钥
Passwordauthentication no #禁止密码验证登录, if enabled, OpenSSH's RSA Authentication login is meaningless.

Restart SSH service after saving

# Service SSH Restart

5. Verify Login

The user name is the user who holds the public key, and the local password for authentication is not selected.

The connection process if you fill in 1 password, will let you enter the password, without a password, it should be automatically connected quickly.

Putty part is mainly key pair this part of the generation of steps slightly different, the others are the same, no longer repeat.

Reference Links:

Http://www.ssc.wisc.edu/sscc/pubs/linstat_public_key.htm

Http://blog.chinaunix.net/uid-20639775-id-3207171.html

http://blog.csdn.net/zhaohaifan/article/details/8051694

Configure key authentication to login Ubuntu (next)