SSH uses key verification

   < Span style= "Font-size:14px;line-height:24px;background-color:rgb (255,255,255);" > If you use password Authentication to connect to the server, although Ssh using key verification can effectively solve these security risks, > You have to create a pair of keys for yourself and place the public key on the server you need to access. If you are connecting to an SSH server, the client software makes a request to the server requesting security verification with your key. After the server receives the request, look for your public key in your home directory on the server and compare it to the public key you sent. If the two keys are consistent, the server encrypts the "Challenge" (challenge) with a public key and sends it to the client software. After the client software receives a "challenge", it can decrypt it with your private key and send it to the server

window to connect to the Linux ssh using the Xshell generated key

1. Create a new connection

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/54/6B/wKioL1SBtM7AVvD9AAJOmD5we6o647.jpg "title=" Ss3.png "alt=" Wkiol1sbtm7avvd9aajomd5we6o647.jpg "/>

2. Create a key

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/54/6C/wKiom1SBtD-BfmbvAACMTl0dTzo336.jpg "title=" Ss4.png "alt=" Wkiom1sbtd-bfmbvaacmtl0dtzo336.jpg "/>

3. Encryption algorithm Here I choose RSA Encryption, 1024-bit

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/54/6B/wKioL1SBtM_j9zt0AAGDz_8NiEQ399.jpg "title=" Ss5.png "alt=" Wkiol1sbtm_j9zt0aagdz_8nieq399.jpg "/>

4. To increase security, add the encryption key password

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/54/6B/wKioL1SBtM_AdnCJAAFtAMbHeMk779.jpg "title=" Ss12.png "alt=" Wkiol1sbtm_adncjaaftambhemk779.jpg "/>

5. Save the public key and upload the public key to the SSH server, which can be winscp,ftp or dragged directly into the SSH Xshel interface.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/54/6C/wKiom1SBtD-SAWQdAAI5ImLwUdQ969.jpg "title=" Ss1.png "alt=" Wkiom1sbtd-sawqdaai5imlwudq969.jpg "/>

6. Add the user dragon on the Linux serverand assign the password

[Email protected]~]# useradd Dragon

You have new mail in/var/spool/mail/root

[Email protected] ~]# passwd Dragon

Changing password for user dragon.

New UNIX Password:

Bad Password:it are based on a Dictionaryword

Retype new UNIX Password:

Passwd:all Authentication tokens updatedsuccessfully.

7. Switch to the Dragon user to connect to the local host in order to generate ssh,ssh in the root directory of the Dragon user .

[email protected] ~]# su Dragon

[[email protected] ~]$ ssh localhost

The authenticity of host ' localhost ' (127.0.0.1) ' can ' t is established.

RSA key fingerprint isc5:08:8a:e3:b9:fb:44:f4:0b:e3:9f:c4:d7:e2:11:8a.

Is you sure want to continueconnecting (yes/no)? Yes

warning:permanently added ' localhost ' (RSA) to the list of known hosts.

[email protected] ' s password:

[Email protected] ~]$ ls-a

.  .. . bash_logout. bash_profile. bashrc. SSH

Put the public key in Dragon. SSH and change the permissions to 644

[Email protected] ~]# MV authorized_keys/home/dragon/.ssh/

[Email protected] ~]# chmod 644/home/admin/.ssh/authorized_keys

8. switch back to root to modify the SSH configuration file, note that sshd_config is the SSH server configuration file.

Remove the comments from the following items.

[Email protected] dragon]# Vim/etc/ssh/sshd_config

Rsaauthentication Yes// turn on RSA encryption

Pubkeyauthentication Yes// open Public key

Authorizedkeysfile. Ssh/authorized_keys// Key Path

Permitrootlogin No// no root login

Passwordauthentication No// Turn off password verification

After you finish editing, restart the sshd

9. Connect to server using Xshell in window

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/54/6B/wKioL1SBtM-wVAYIAAJHlGGkl3o186.jpg "title=" Ss15.png "alt=" Wkiol1sbtm-wvayiaajhlggkl3o186.jpg "/>

User Dragon Log on to the server without a password

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/54/6C/wKiom1SBtEDD9Rg4AACYb051beY166.jpg "title=" Verify.png "alt=" Wkiom1sbtedd9rg4aacyb051bey166.jpg "/>

Last Login:fri Dec 5 20:29:09 from 192.168.1.111

[Email protected] ~]$

Password Authentication for root login cannot be passed

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/54/6C/wKiom1SBuiqAvqXZAAFeWiohqVg161.jpg "title=" Qq20141205215829.png "alt=" Wkiom1sbuiqavqxzaafewiohqvg161.jpg "/>

SSH key verification for Linux and Linux

1.ssh-server Add User adminand assign a password.

[[email protected] ~]# Useradd admin

[[email protected] ~]# passwd admin

Changing password for user admin.

New UNIX Password:

Bad Password:it are based on a Dictionaryword

Retype new UNIX Password:

Passwd:all A

Uthentication Tokens updated successfully.

2. switch to admin in the root directory ssh locally, generate . SSH

[[email protected] ~]$ ssh localhost

The authenticity of host ' localhost ' (127.0.0.1) ' can ' t is established.

RSA key fingerprint isc5:08:8a:e3:b9:fb:44:f4:0b:e3:9f:c4:d7:e2:11:8a.

Is you sure want to continueconnecting (yes/no)? Yes

warning:permanently added ' localhost ' (RSA) to the list of known hosts.

[email protected] ' s password:

[Email protected] ~]$ ls-a

.  .. . bash_logout. bash_profile. bashrc. SSH

[Email protected] ~]$

3. switch back to root and modify the configuration file /etc/sshd_config

Rsaauthentication Yes// turn on RSA encryption

Pubkeyauthentication Yes// open Public key

Authorizedkeysfile. Ssh/authorized_keys// Key Path

Permitrootlogin No// no root login

Passwordauthentication No// Turn off password verification

4. generate the public key on the client, and the SCP is uploaded to the Ssh-server

[Root$localhost ~]$ ssh-keygen-t RSA

Generating public/private RSA key pair.

Enter file in which to save the key (/HOME/ADMIN/.SSH/ID_RSA):

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/home/admin/.ssh/id_rsa.

Your public key has been saved in/home/admin/.ssh/id_rsa.pub.

The key fingerprint is:

57:10:42:a9:87:d8:03:1d:f0:b0:f0:4d:5d:08:ea:[email protected]

[Root$localhost ~]$ ls. ssh

Id_rsa id_rsa.pub known_hosts

[Root$localhost. ssh]$ SCP [Email protected]:/root/

The authenticity of host ' 192.168.24.169 (192.168.24.169) ' can ' t be established.

RSA key fingerprint is 01:77:02:41:8b:f3:86:3e:e9:58:b3:f2:91:34:91:90.

Is you sure want to continueconnecting (yes/no)? Yes

warning:permanently added ' 192.168.1.149 ' (RSA) to the list of known hosts.

[email protected] ' s password:

Id_rsa.pub 100% 409 0.4kb/s 00:00

5. in ssh-sever, store the public key in /home/admin/.ssh/, and change the permissions to 644

[Email protected] ~]# MV Id_rsa.pub/home/admin/.ssh/authorized_keys

[Email protected] ~]# chmod 644/home/admin/.ssh/authorized_keys

6. The client is denied access via the key ssh-seve,root .

[Root$localhost. ssh]$ ssh-ladmin192.168.1.149

Last Login:thu Mar 20:28:28 fromlocalhost.localdomain

[Email protected] ~]$

This article from "Dragon Love Xue Qi" blog, declined reprint!

SSH uses key verification