SSH is based on Key verification and accelerates SSH connection, and key verification ssh connection speed
Authentication Method for SSh service logon:
Password-based security verification
1. When the client initiates an ssh request, the server will send its own public key to the user.
2. the user encrypts the password based on the public key sent from the server.
3. The encrypted information is sent back to the server. The server uses its own private key for decryption. If the password is correct, the login is successful.
Note: The server you are connecting to cannot be the server you want to connect. Other servers may pretend to be real servers, that is, being attacked by man-in-the-middle.
Key-based security verification
1. First generate a key pair (ssh-keygen) on the client, and copy the Public Key ssh-copy-id of the client to the server.
2. When the client sends a connection request again, including ip address and User Name
3. After the server receives a request from the client, it will go to authorized_keys to find the request. If there is a response IP address and a user, a random string will be generated, for example, acdf.
4. The server encrypts the public key copied from the client and sends it to the client.
5. After receiving a message from the server, the client uses the private key for decryption and then sends the decrypted string to the server.
6. After receiving the string sent from the client, the server compares it with the previous string. If the string is the same, password-free logon is allowed.
Centos 6 is the client 192.168.40.130
Centos 7 is the server 192.168.40.129
1. Generate a key pair on the client
The default value is rsa.
Ssh-keygen-t dsa generate a key pair using the dsa Algorithm
2. Transfer the public key file to the server. log on to the user's home directory.
Iii. connection test
After the Key is verified, scp will be password-free for ssh Channels
Private Key must be saved
Accelerate SHH connection
Modify the/etc/ssh/sshd_config configuration file on the server.
Change UseDNS and GSSAPIAuthentication to no.
Then restart the ssh service.