Linux Default login mode is the account and password login, if you change to use a key to log in will be relatively safe, but the key to landing a good and bad, want to login VPS must carry a key file, if modified the default root username also need to modify the corresponding corresponding relationship is more cumbersome.
Okay, here's how to log in with a key.
Preparatory work:
mkdir. SSH
Touch/root/.ssh/authorized_keys
1. Create a lock and a key
Running: ssh-keygen-t RSA three times enter
Generates public key id_rsa.pub and private key Id_rsa, which are stored by default in the/root/.ssh/directory
(PS:id_rsa.pub equivalent to a lock, id_rsa equivalent to a key)
2. Put the lock on the door.
Cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#赋予相应权限
chmod ~/.ssh/
chmod ~/.ssh/authorized_keys
OK now the door lock and key have been built. Let's configure the login mode again.
Vi/etc/ssh/sshd_config
#root用户不能从没有密匙的计算机上登录
Permitrootlogin Without-password
#关闭密码方式意思就是只能用密匙登陆
Passwordauthentication No
Parameter detailed:
Permitrootlogin without-password #这样 "root" users cannot log on from a computer that does not have a key. Setting this option to "no" will prevent the "root" user from logging in, and can only use the "su" command to convert from ordinary users to "root".
Passwordauthentication no #是否启用口令验证, setting this option to "No" only allows users to log on using a key based method. This, of course, brings trouble to users who often need to log on from different hosts, but this can improve the security of the system to a large extent. Password based logon is a big weakness.
OK server configuration is good, the following is how to log local operations, the following methods.
1. First the key Id_rsa download to the local computer, open Puttygen This software click Conversions->import Key Import Key. Select Save Private key in Puttygen to generate a PPK file locally.
2. Enter the IP address port in the putty. Then in the SSH authorization method to select the key, select the generated PPK file finally click Open to login to the VPS.