SecureCRT uses the RSA key to log on to SSH-Linux Enterprise Application-Linux server application information. The following is a detailed description. I have been logging on to ssh Through password and keyboard interaction on SecureCRT, but I have never tried it successfully. Today I was inspired by an article, and I tried it on the virtual machine installed the other day. SecureCRT5.5.1 used by the client, and OpenSSH_4.6p1 installed by default on openSUSE10.3.
First, configure the RSA Key on SecureCRT, open SecureCRT → Quick Connect → Authentiation → PublicKey → Properties → Create Identity File, and select RSA as the Key; Passphrase can be different from the password and any string; key length in is the encrypted length, which can be 512 to 2048 bits. in linux, you can configure 4096 bits. in the next step, you need to shake the mouse around the progress bar and select x: \ % USERPROFILE % \ Application Data \ VanDyke generates two files in the format of Openssh Key format, if the default Standard Public Key and VanDyke Private Key are selected, format conversion or compatibility issues may be required. The Public Key Identity. pub and Private Key Identity.
Then, create a secret in the user directory that you want to use to log on to opensuse. ssh directory. Here I am lazy and run the ssh-keygen tool to create the local key. ssh directory and set appropriate directory permissions.
Lxuser @ suse10:/etc/ssh> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lxuser/. ssh/id_rsa ):
Created directory '/home/lxuser/. ssh '.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/lxuser/. ssh/id_rsa.
Your public key has been saved in/home/lxuser/. ssh/id_rsa.pub.
The key fingerprint is:
D8: 07: b9: d6: f9: 4d: 0c: e3: c7: 8c: 82: f4: a3: 20: 71: f4 lxuser @ suse10
Use sftp or other methods to set the Public Key Identity. pub upload to the created one. in the ssh directory, change the file name to authorized_keys2, because the file authorized_keys is used, and the ssh version used is 2 (openSUSE only uses Protocol 2 by default ).
Lxuser @ suse10 :~ /. Ssh> mv Identity. pub authorized_keys2
To ensure security, modify the access permission of the file to ensure that no one except the owner can modify the file.
Lxuser @ suse10 :~ /. Ssh> chmod 600 authorized_keys2
Lxuser @ suse10 :~ /. Ssh> ll
Total? 16
-Rw ------- 1 lxuser users 234 11-02 authorized_keys2
-Rw ------- 1 lxuser users 1743 11-02 id_rsa
-Rw-r -- 1 lxuser users 395 11-02 :23 id_rsa.pub
Return to SecureCRT, select only PublicKey at Quick Connect → Authentiation, set Properties, specify Use identity or certificate file as private key Identity, and Connect after confirmation, normally, you will be prompted to enter the previously set Passphrase. If it is successful, you will be logged on directly.
Last login: Fri Nov 2 20:38:21 2007 from printer.mshome.net
Have a lot of fun...
Now the task is basically successful. Now that the RSA feature of ssh has been successfully used, simply enable openssh to only support RSA Authentication. Otherwise, it is meaningless to support both common passwords and RSA, and security is not improved at all. Modify the ssh_config configuration file
Lxuser @ suse10:/etc/ssh> vi ssh_config
Cancel password login verification
PasswordAuthentication no
Then restart the sshd service and try to use the keyboard and password for interactive login again, and the system prompts that the logon is unsuccessful. Using PublicKey is much more convenient, saving the trouble of repeatedly entering the password, high Security (but if the client host machine is not secure, the consequences will be ......).
Suse10:/etc/ssh # vi ssh_config
Suse10:/etc/ssh # rcsshd restart
Shutting down SSH daemon done
Starting SSH daemon done
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.