Configure SECURECRT to log on to a Linux server using SSH public key

recently viewed Linux system logs: /var/log/secure, found that the server has a large number of violent crack login record, and is different IP account in the attempt to crack, so it is not good to write iptables to prohibit IP login (too much), and because of the company budget, there is no fixed network IP login server, So bad write Iptabls only allow certain IP access. Therefore, it is necessary to use the key authentication method to log on to the server and avoid unnecessary troublesome operation.

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/88/9D/wKioL1f9rjHzH72-AAApOdGK8P0071.png-wh_500x0-wm_3 -wmp_4-s_3000200445.png "title=" image 9.png "alt=" Wkiol1f9rjhzh72-aaapodgk8p0071.png-wh_50 "/>

1. Configure sshd to only allow login with public_key

cd/etc/ssh/

① backup first and create a normal user

CP sshd_conf Sshd.conf.bak

Useradd Chengzhi

②sshd_conf Configuration

There are several main changes:

Permitrootlogin No # default is a comment, first configured to prohibit the root user login, allowing root login is too dangerous.

# #RSAAuthentication Yes #启用 RSA authentication (I created a DSA, so this option is not turned on)

Authorizedkeysfile. Ssh/authorized_keys # Verifying the storage path of the public key

Pubkeyauthentication Yes # default is comment, enable public key authentication

Passwordauthentication No # Disables password authentication, which is turned on by default.

after saving, restart the SSH service.

Redhat,centos:service sshd Restart

2. public key generation

Method One (server-generated key pair)

Executing in the server:

Ssh-keygen-t DSA

can get two files,ID_DSA is the private key, Id_dsa.pub is the public key

copy these two files to local windows

Cat. ssh/id_dsa.pub >/home/chengzhi/.ssh/authorized_keys put the public key into the validation file

method Two (by SecureCRT generate a key pair, this method I have not tested)

Click Tools --Create a public key

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M02/88/9D/wKioL1f9rlqDuNoSAAAaY2S10Uo404.png-wh_500x0-wm_3 -wmp_4-s_4290855161.png "style=" Float:none; "title=" Picture 1.png "alt=" Wkiol1f9rlqdunosaaaay2s10uo404.png-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/88/A1/wKiom1f9rl2jySusAAAsQE9w628948.png-wh_500x0-wm_3 -wmp_4-s_890192716.png "style=" Float:none; "title=" Picture 2.png "alt=" Wkiom1f9rl2jysusaaasqe9w628948.png-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/88/9D/wKioL1f9rl2iB5MZAAAlr9P8vS0082.png-wh_500x0-wm_3 -wmp_4-s_2122453722.png "style=" Float:none; "title=" Picture 3.png "alt=" Wkiol1f9rl2ib5mzaaalr9p8vs0082.png-wh_50 "/>

If you do not fill in the encryption key, the fill is the encryption key

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M00/88/9D/wKioL1f9rnzALQ35AAAtsCSrlSM147.png-wh_500x0-wm_3 -wmp_4-s_2129894818.png "title=" image 4.png "alt=" Wkiol1f9rnzalq35aaatscsrlsm147.png-wh_50 "/>

Key length, usually the default is the line

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M02/88/A1/wKiom1f9roiTXeEoAAArOUFux0U787.png-wh_500x0-wm_3 -wmp_4-s_2320272147.png "title=" image 5.png "alt=" Wkiom1f9roitxeeoaaaroufux0u787.png-wh_50 "/>

Start generating the key

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/88/A1/wKiom1f9rq2hvje5AAAkS83D7j8814.png-wh_500x0-wm_3 -wmp_4-s_2433538590.png "title=" image 6.png "alt=" Wkiom1f9rq2hvje5aaaks83d7j8814.png-wh_50 "/>

Copy Identity.pub file to the server, place it in the. SSH subdirectory of the home directory, and execute

Ssh-keygen-x-F identity.pub > Authorized_keys

3. Configure securecrt to use public key authentication

Open Session Options

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/88/9D/wKioL1f9rsfBsCg2AAA0GJGgcrs858.png-wh_500x0-wm_3 -wmp_4-s_966749221.png "style=" Float:none; "title=" Picture 7.png "alt=" Wkiol1f9rsfbscg2aaa0gjggcrs858.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M01/88/A1/wKiom1f9rsiD8s7eAABJj8RWog0524.png-wh_500x0-wm_3 -wmp_4-s_3637302785.png "style=" Float:none; "title=" Picture 8.png "alt=" Wkiom1f9rsid8s7eaabjj8rwog0524.png-wh_50 "/>

4. Testing

re-use SecureCRT Connect to try, can directly login is successful.

This article from "Trojan Rain Heart" blog, declined reprint!

Configure SECURECRT to log on to a Linux server using SSH public key