ArticleDirectory
- Start using puttygen to create a key
- How to log on to the server with a key
Reference: http://dzh001.blog.51cto.com/2767/40624
Use puttygen to generate a key. You can log on to the server without a password later.
Puttygen is a key generator used to generate a pair of public keys and private keys for use by putty, pscp, plink, and pagent.
Run puttygen directly to see the following interface.
Click Generate to generate a public key and private key pair. After the generation is complete, click Save private key below to save the private key. The extension is A. PPK file.
The Load button can re-open the previously saved Private Key and then make some modifications, such as modifying the comment and private key password, or converting the putty private key to OpenSSH.
Start using puttygen to create a key
Click Generate, and then you will see the prompt "Please generate some radomness by moving the mouse over the blank area." On the progress bar, which means you can move the mouse randomly in the blank area. As the mouse moves in the blank area, the progress bar continues. Stop moving the mouse, and the progress bar stops. Move the mouse until the progress bar is full.
After the progress bar is completed, the following interface will appear
The above large read-only text box contains the public key, which is used to save to the authorized_keys file of OpenSSH. Each row in this file is a public key. By default, this file is located in the. Ssh/subdirectory of the Linux user's home directory. If neither file nor directory exists, you can directly create it.
However, the created files, directories, and user home directories ($ home, $ home /. ssh, $ home /. SSH/authorized_keys) has a restriction that all accounts except the current account must be read-only. Otherwise, even if the public key and private key match correctly, you cannot log on to the system. This is a security requirement for the SSH server, because if other accounts can modify your authorized_keys, a public key is maliciously added, then the other party can log on to the system with your account without your account password. For some special requirements, you can use commands in the configuration file sshd_config of the SSH server
Strictmodes No
To cancel this restriction. In the sshd_config help manual, you can see
Strictmodes
Specifies whether sshd shoshould check file modes and ownership
The user's files and home directory before accepting login. This
Is normally desirable because novices sometimes accidentally
Leave their directory or files world-writable. The default is
"Yes ".
TIPS: You can use the following command to modify the authorized_keys file every time to ensure that all file attributes and permissions are correct.
Mkdir-p $ home/. Ssh & touch $ home/. Ssh/authorized_keys \
& Chmod go-W $ home/. Ssh $ home/. Ssh/authorized_keys & Vim $ home/. Ssh/authorized_keys
Another key comment should be emphasized. This is the key comment and must be modified. Because this key is for your own use, you must enter your own name at least. It is easy to confuse the key with other people's key with the default comment. If you are worried that your password has been forgotten, you can add a password prompt. Of course, do not ask others to guess your key password with comments. For example, you can change the comment
Chaifeng [20061120] W. Z.
The next W. Z. Is my password prompt. Can you guess it? Haha
Enter comments and the Public Key will change accordingly.
The most important thing is to enter your own key password. It is the key passphrase and confirm passphrase input boxes.
If you do not enter a password, save the private key and you will see this prompt. For security, enter the password. If you get this private key, you do not need a password to log on to the system.
Click Save private key to save the private key and save it to a safe place, such as a private USB flash drive. When you need to log on, plug in a USB flash drive. After logging on, you can take the USB flash drive down. Haha, this is safer.
We also noticed that there is also a Save Public Key button, which is a public key for saving the SSH2 format. Some SSH servers require a public key file in this format. In general, we do not need it, so it is saved here. You can use puttygen to load the private key and save it later.
How to log on to the server with a key
I 've mentioned a bunch of things about creating keys. Are you confused? I will list this process again:
-
- If you do not have a public key/key pair, use puttygen to create one. If you already have a public key/key pair, ignore this step. A public key/key pair can be used on different servers, so you do not need to create it again. The key must be robust enough for password and secure storage.
-
- Enter the account name and password as before to log on to the host.
- Run the following command to edit the authorized_keys file:
Mkdir-p $ home/. Ssh & touch $ home/. Ssh/authorized_keys \
& Chmod go-W $ home/. Ssh $ home/. Ssh/authorized_keys & Vim $ home/. Ssh/authorized_keys
-
- Set
Paste the public key in this text box to VIM. Note the following: The content in this text box is a line. When you paste it to VIM, do not forget to press the letter O. Otherwise, after it is pasted in, the ssh-RSA at the beginning will become sh-RSA. Why? Haha, think about it.
Why not press the primary key I? Isn't this insert in Vim? The reason is that I am very lazy, press the letter O, I can save one press ENTER key. Even if I press uppercase o, do I have to press shift again?
Don't forget, in putty, the default paste can be right-clicked, then press ESC, and then enter: WQ to save and exit, and so on. Don't worry about entering WQ, since we have to press the Shift key after entering the colon, we can simply press the uppercase letter Z, that is, ZZ. How is it? Save and exit vim. This time, we saved another key and two times of searching for letters, and once again carried forward the tradition of being too lazy.
-
- If the private key already exists and the Public Key in step 1 is forgotten to be saved, use puttygen to load the private key and copy the public key again.
-
- In the configuration connection-> ssh-> auth of putty, specify the private key and save the session. You do not need to repeat this step in the future.
-
- It is best to specify the user name for automatic logon. Do you still remember this?
- Start logging on. This time you will see a logon prompt different from the previous one.
The entered password is not the password of the account on the host, but the password of the previously created key. In the future, no matter what the password for this account is, even if it is complicated, it will be irrelevant to us. As long as the $ home/. Ssh/authorized_keys file of this account contains our public key, we can log on to the account with the matching private key at any time. In combination with the pagent mentioned later, we can skip this step by entering the key password.
-
- Log on successfully. Do not forget to press Ctrl + D to log out.