Approximate step: Generate a pair of keys on the server side, then the public key is saved in the server user directory. Authorized_keys2 under SSH, is a hidden directory. The private key must download the ID_DSA to the client and then generate the. ppk file through Puttygen.exe. When a user logs on, the server compares the private key according to the public key and, if so, allows the login to be refused. The private key is only guaranteed to exist in the client, and someone knows the root password in time, without the private key or telnet to the server.
Centos 5.4 ssh Key configuration:
1. Server:
1). shell# Vi/etc/ssh/sshd_config Modify the following configuration:
Port 20000
Protocol 2
Passwordauthentication No
2). #为了安全起见, SSH key way to log in with ordinary users, such as Smallfish
[Smallfish@tingso ~]$ ssh-keygen-t DSA
Generating Public/private DSA key pair.
Enter file in which to save the key (/HOME/SMALLFISH/.SSH/ID_DSA):
Created directory '/home/smallfish/.ssh '.
Enter passphrase (empty for no passphrase):
Enter same Passphrase again:
Your identification has been saved IN/HOME/SMALLFISH/.SSH/ID_DSA.
Your public key has been saved in/home/smallfish/.ssh/id_dsa.pub.
The key fingerprint is:
68:E2:BE:31:5A:D0:3C:0F:6D:48:31:69:13:9C:58:F3 smallfish@tingso.com
3). shell$ Chmmod O+x/home/smallfish
[SMALLFISH@TINGSO. ssh]$ ls
ID_DSA id_dsa.pub
4). MV Id_dsa.pub Authorized_keys2
5. Download ID_DSA to Windows #一般为了方便下载到putty目录下 for generating PPK files
6). shell# Service sshd Restart
2. Client:
#生成ppk文件
1). Open Puttygen.exe--conversions--import Key--id_dsa--enter passpharase for Key--save private key--Save As *.PPK ( For example SERVER.PPK)
#启动客户端测试
2). Open Putty.exe--category-ssh-auth-private key file for authentication #导入ppk文件
#输入之前在server上设定的passphrase登录
3). Login As:smallfish
Authenticating with public key "Imported-openssh-key"
Passphrase for Key "Imported-openssh-key":
Ok, configuration complete.
Problem:
1. When the client uses key to log in prompt:
Disconnected:no Supported authentication Methods available
Resolution: is due to the client Puttygen generated PPK files when the Generate command, directly import ID_DSA file and then save private key can.