Operating System:centos 6.5 64bit
SSH Clients:putty/puttygen
1) Installing the SSH service
#yum install-y openssh-server//install SSH service #/etc/init.d/sshd start//start SSH Service #netstat-anpt | grep sshd//To see if it started successfully
2) generate the key on the server
#ssh-keygen-b 1024-t RSA uses the Ssh-keygen command on Linux to generate the key (-B bits-t type/more parameters to know for yourself)//enter file in which to save key (store key path, default //enter Passphrase (key password)
3) public and private keys
The default generated key is in the user host directory ~/.ssh/
Generates a public key (Id_rsa.pub) and a private key (ID_RSA)
Write public key content to the ~/.ssh/authorized_keys file (create this file)
#cat id_rsa.pub > Authorized_keys
4) Configure/etc/ssh/sshd_config file
Backup is recommended before configuration
Save the file and restart the SSH service after the change is completed
When you are not sure that the certificate login must be successful, do not disable password authentication to log in, so as not to cause unnecessary trouble to change or add content
#cp-P/etc/ssh/sshd_config/etc/ssh/sshd_config.bak#vim/etc/ssh/sshd_configport//ssh Service listening Port Protocol 2//SSH protocol version per Mitrootlogin Yes//allows the root user to log in with SSH serverkeybits 1024//Key bits, depending on the number of digits specified when generating the key passwordauthentication no//Whether the password authentication method is used ( You can disable the password authentication method after ensuring success login Permitemptypasswords no//disable blank password login rsaauthtication Yes//enable RSA Authentication Pubkeyauthentication Yes//enable public key authentication Authorzedkeysfile. Ssh/authorized_keys//Public key file Strictmodes Yes//public key file host directory name must be the same as the login user name #/etc/init.d/sshd restart
5) Log on with the key
i> Download the Id_rsa private key to the client that needs to log on to the SSH service
Ii> using Puttygen to convert the private key to PPK format
The Putty Login tool does not recognize id_rsa, so use the Puttygen tool to convert to a putty recognized key
Change bits to be the same as when Ssh-keygen is generated (1024)
Iii> Putty Settings
Session-> host address and Port
Connection-> Ssh-> certified-> Certified private key File->ID_RSA.PPK (select your saved private key file after conversion)
& Error
Puttygen.exe when loading files if not supported, please download the latest version Puttygen.exe
This article is from the "Whang" blog, make sure to keep this source http://whangh.blog.51cto.com/10054339/1708593
Linux uses keys to log on to SSH