Linux SSH root login configuration/No password and certificate login

Source: Internet
Author: User
Tags chmod scp file ssh iptables

First, password-free login method

Environment: This machine: Ubuntu 9.04, Server centos5.x series.
Recently, in order to work, power-on startup will mount the server's files to its own workspace.
At the beginning, the Smbmount is used to mount the project and develop it. Mount the inside of the file, each time you save will prompt you the file has been modified need you refresh the whole project, too troublesome. are afraid to keep them at random. It is conceivable that the problems that are not stored in real time can be easily seen.
Samba is tailored for file sharing in Windows and Linux. But it's disappointments for Linux.

Smbmount mount allows you to enter a username and password directly above the parameters. Of course the boot mount is easy, the command is as follows:

    1. sudo/etc/rc.local;
      Smbmount//ip:/xxx/mnt/-O user%pwd;
The above method is not recommended for use.
So what is the way to mount between Linux-there are two kinds of NFS,SSHFS. I use the SSHFS again.
The specific mount commands are as follows.
    1. Installation: sudo apt-get install SSHFS;
    2. sudosshfs user@ip-address:/remote/directory /www/ Workspaces
    3. Automatic mount on Boot
    4. Before exit 0, add:
      su martin -c 'sshfs user@ip-address:
      /remote/directory /www/ workspaces; ' #martin拥有私钥的用户
    5. But you need to enter a password in the middle. Below is the following SSH password-less login.
Applicable scenario:
    • Feel the input password irritable time.
    • Had to be from another server to the SCP file time.
The following m represents the native, S represents the server (or destination IP)
    1. First run ssh-keygen-t RSA in M; #dsa表示加密类型, Exp:dsa,rsa
      Then enter the carriage to know the end.
    2. CD ~/.ssh/;ls-l; you'll see a few files below.
      SSH use public key
      Where Id_rsa is the private key. is the public key.
      Copy the public key from the SSH generated in M.
    3. Next go into the s machine like SSH link.
      Copy the public key content to the S machine.
      VI ~/.ssh/authorized_keys;
    4. In the S machine, the file Authorized_keys is given 600 permissions.
      chmod ~/.ssh/authorized_keys;
      Multiple users can copy the generated public key within their own machine under Authorized_keys.
So it's done.
Vi/var/log/secure; You can see the login record.
SSH use public key
Uninstall, the method uses umount/xxx on the line.
An error occurred

The Agent admitted failure to sign using the key.
You need to add the private key to the M machine
Ssh-add. Ssh/id_rsa;

Second, Linux use certificate SSH login

After the key path is specified and the password is entered, the public and private key is generated in/home/msa/.ssh/: Id_rsa (under the root account in/root/.ssh/)
Password is required to log in to the CRT after entering the password

As in the following example
[root@kangta-01. ssh]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):
Enter passphrase (empty for no passphrase):
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/
The key fingerprint is:
06:25:cd:e3:b6:e7:13:76:3e:59:81:4f:77:43:bd:0a root@kangta-01
[Root@kangta-01. ssh]# ll
Total 12
-RW-------1 root root 1743 11-28 23:47 Id_rsa
-rw-r--r--1 root root 396 11-28 23:47
-rw-r--r--1 root root 395 11-17 00:38 known_hosts

Cat >> Authorized_keys
As for why to generate this file, Sshd_config is written in this.
Then chmod Authorized_keys, a little protection.

The terminal on the CRT can be pulled back to the local by SZ Id_rsa, and then the Id_rsa and on the server are killed

6) Configure/etc/ssh/sshd_config
Protocol 2
Serverkeybits 1024
Permitrootlogin no #禁止root登录而已, nothing to do with this article, plus safety

#以下三行没什么要改的, remove the default # annotation.
Rsaauthentication Yes
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys

Passwordauthentication No
Permitemptypasswords No

7) Restart sshd
/sbin/service sshd Restart

8) Conversion Certificate format
Run CRT, convert private key to OpenSSH format conversion id_rsa to CRT PPK certificate file under Tools

9) Configure CRT Login
In Connection--ssh--publickey, click Browse to select the certificate you just converted.

Third,SSH remote login failed, prompted the "Password Authentication failed"

Log in with SECURECRT, hint "Password authentication failed"

Using Linux under SSH login, prompt "Permission denied, please try again."

Online collection of relevant information:

Method One:

1. VI Server-side/etc/ssh/sshd_config

2. Set Passwordauthentication to Yes

3. Restart SSH Service

Method Two:

1.VI Server-Side/etc/ssh/sshd_config

2. Find #permitrootlogin No to modify it to permitrootlogin Yes

Method Three:

1. See if the sshd is running correctly

NETSTAT-ANP | grep sshd

2. If you are not running service sshd restart Restart services

Method Four:

1. Clients use ssh-v root@ to view login information

2. Hint "Permission denied, please try again."

3. View the Firewall

#/etc/init.d/iptables status

If the 22 port is restricted, it cannot be logged in.

Release Port 22

#/sbin/iptables-i input-p tcp–dport 22-j ACCEPT

#/etc/rc.d/init.d/iptables Save

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.