SSH use key login and prohibit password login practice

Generate PublicKey

LINUX:SSH-KEYGEN-T RSA
[Private key (ID_RSA) and public Key (Id_rsa.pub)]
Windows:securcrt/xshell/putty
[SSH-2 RSA 2048]

1 #生成SSH密钥对2 Ssh-keygen-t RSA3 4Generating public/private RSA key pair.5 #建议直接回车使用默认路径6Enterfile inch whichTo save the key (/root/.SSH/Id_rsa):7 #输入密码短语 (leave blank then enter directly)8Enter Passphrase (empty forno passphrase):9 #重复密码短语Ten Enter same passphrase again: OneYour identification has been savedinch/root/.SSH/Id_rsa. AYour public key has been savedinch/root/.SSH/id_rsa.pub. - The key fingerprint is: -AA:8B: A: -: -: ad:b5: the: CA:Wuyi: $: B9: the: E1: the: E1 [email protected] theThe key's Randomart image is: -+--[RSA2048]----+ -|          . O. | -|   .. .     . | +|  . . . o O | -| O.. . o E | +|o.=.      S. | A|.         *.+   . | at|o.*. | -| .           + . | -| . O. | -+-----------------+

Copy key pair

| You can also manually set up directories and Authorized_keys on the client, notice the Modify permissions

1 #复制公钥到无密码登录的服务器上, 22 port changes can be used with the following command 2 #ssh-copy-ID -i ~/. SSH " - p 10022 [email protected] " 3 SS H-copy-ID -I. ~/. ssh/id_rsa.pub [email protected]192.168. 15.241

Modify the SSH configuration file

  1   #编辑sshd_config文件   2  vi /etc/ssh /sshd_config   3   4   #禁用密码验证   5  passwordauthentication No   6   #启用密钥验证   rsaauthentication Yes   8  pubkeyauthentication Yes   9  Span style= "color: #000000;" > #指定公钥数据库文件  10  authorsizedkeysfile. ssh /authorized_keys 

| It is recommended to keep one more session before restarting the SSH service safekeeping

1 #RHEL/CentOS system 2service sshd restart3#ubuntu系统 4 SSH Restart 5 #debian系统 6 /etc/init.d/ssh restart

Manually add administrative users

| can be added after = = User Comment Identification easy to manage

1 Echo ' Ssh-rsa XXXX ' >>/root/. ssh/authorized_keys23# review 4cat /root/. ssh/authorized_keys

Reprint http://wsgzao.github.io/post/ssh/

SSH use key login and prohibit password login practice