Putty SSH Linux without password

In Redhat ES 5.5 installs the OpenSSH without password login (System comes with) 1. Ensure SSHD is enabled normally

See if/etc/rc.conf exists sshd_enable= "YES", if not added and manually starts #/etc/rc.d/sshd start, and then queries whether Port 22 starts: #sockstat -4l

Root sshd 8085 4 tcp4 *:22 *:*

2. Configure OpenSSH

The system-level configuration file for OpenSSH service programs and clients is in the/ETC/SSH directory. The ssh_config is used to configure client settings, while Sshd_config is used to configure the server side.

Now, configure OpenSSH to allow the server to accept public key (Public-key) authentication. Sshd_config some of the default values specified by this file are in effect, although these options are commented out, if you want to change the default values, uncomment the change value or add the same options and values directly to override the default value.

#vi/etc/ssh/sshd_config

#默认 SSH Port is 22 and can be changed if needed

Port 22

#仅接受版本2的密钥, the default value

Protocol 2

#绝对不要允许 root user logs in directly over the network, the default value

Permitrootlogin No

Strictmodes Yes

Maxauthtries 6

#启用公钥认证

Rsaauthentication No #默认值为 Yes

Pubkeyauthentication Yes #默认值

#不使用基于主机的认证 to enhance the safety of OpenSSH

Rhostsrsaauthentication No #默认值

Hostbasedauthentication No #默认值

ignoreuserknownhosts Yes #默认值为 no

Permitemptypassword No #默认值

#禁用 PAM authentication is the password form authentication default value is Yes

Challengeresponseauthentication No

Restart the sshd process after editing: ' #/etc/rc.d/sshd restart '; Linux system is generally '/etc/init.d/ssh restart '

Note: Because the SSH password authentication is connected to the server to operate, the Operation challengeresponseauthentication this option to no after the login, continue the following operation, or you can successfully verify the key and then change this option. The remote SSH logon to the server is not possible because of an error.

3. Generate the public key and private key

Login with SSH password authentication for the user who needs to generate the key

FreeBSD uses Ssh-keygen to generate a DSA or RSA key pair to authenticate the user:

% ssh-keygen-t RSA

Generating Public/private DSA key pair.

#不输入即使用默认

Enter file in which to save the key (/HOME/USER/.SSH/ID_RSA):

Created directory '/home/user/.ssh '.

#密钥的密码, you need to enter and remember

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/home/user/.ssh/id_rsa.

Your public key has been saved in/home/user/.ssh/id_rsa.pub.

The key fingerprint is:

bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 [email protected]

Ssh-keygen generates a public private key pair to authenticate the identity. The private key is saved to ~/.SSH/ID_DSA or ~/.SSH/ID_RSA, and the public key is stored to ~/.ssh/id_dsa.pub or ~/.ssh/id_rsa.pub, and the file name depends on the DSA and RSA key type you choose. The RSA or DSA public key must be stored on the remote machine to enable the system to function correctly, so ' #cp id_rsa.pub Authorized_keys '

Copy the public key to Authorized_keys this file is available. Copy the private key Id_rsa to the Windows client.

4. Convert OpenSSH generated private key id_rsa to putty files that can be used

A tool Puttygen.exe is needed here, which can be downloaded from Putty's website.

After executing the Puttygen.exe, click the Load button to open the Id_rsa downloaded from the remote server, which requires the password key entered when generating the key

650) this.width=650; "Src=" Http://s3.51cto.com/wyfs02/M01/83/19/wKiom1dqqPnxbTftAACNWYEtmsU716.jpg-wh_500x0-wm_3 -wmp_4-s_4039694372.jpg "title=" 111.jpg "alt=" Wkiom1dqqpnxbtftaacnwyetmsu716.jpg-wh_50 "/>

After the verification is successful, the key file is displayed, and then you can save the file as "ID_RSA.PPK" by clicking Save Private Key.

Putty can use the private key file.

5. Configuring and Using Putty

Open the Putty program, click SSH in the sidebar, under "Preferred SSH protocol Version" select "2 Only", table

Use SSH version 2 only;

Click Auth under SSH, then click Browse to open the converted "ID_RSA.PPK" private key.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/83/19/wKiom1dqqSDy8QgjAACsJtDubxQ320.jpg-wh_500x0-wm_3 -wmp_4-s_2275597862.jpg "title=" 222.jpg "alt=" Wkiom1dqqsdy8qgjaacsjtdubxq320.jpg-wh_50 "/>

Finally back to the session, under the Host name to fill in the server's IP address or domain name, Saved Sessions under the session name (any of the names you like), and then click Save to set up.

Then double-click the session name to open the login interface, with the password authentication prompts different, and then enter the password generated when the key password can be logged:

Login As:test

Authenticating with public key "Imported-openssh-key"

Passphrase for Key "Imported-openssh-key":

Last Login:wed-12:35:00 2006 from 192.168.1.10

[Email protected]:~$

Sum up:

1. Use putty to produce ssh2-rsa,1024 public and private keys.

2. Configure the Redhat system with its own OpenSSH

Protocol 2

Syslogfacility Authpriv

Rsaauthentication Yes

Pubkeyauthentication Yes

Passwordauthentication No

Challengeresponseauthentication No

Gssapiauthentication Yes

Gssapicleanupcredentials Yes

Usepam Yes

Acceptenv LANG lc_ctype lc_numeric lc_time lc_collate lc_monetary lc_messages

Acceptenv lc_paper lc_name lc_address lc_telephone lc_measurement

Acceptenv lc_identification Lc_all

x11forwarding Yes

Subsystem Sftp/usr/libexec/openssh/sftp-server

3. Putty has three software, Putty.exe (login) Puttygen.exe (production key) Pageant.exe (add key tool)

First use Puttygen.exe to produce the public key, copy the public key to the/home/zakk/.ssh/authorized_keys private key and keep it.

4. Build a user for Wulu

Cd/home/wulu

ll Wulu

DRWX------4 Wulu wulu 4096 Sep 9 10:50 Wulu

Midr. SSH

Ls-lah

Drwxr-xr-x 2 Wulu wulu 4.0K June 2 10:04. SSH (Rights 755)

CD. SSH

Touch Authorized_keys

Chown Zakk.zakk Authorized_keys

ll Authorized_keys

-rw-r--r--1 Wulu wulu 219 Sep 9 10:57 Authorized_keys (Rights 644)

VI Authorized_keys

Join Public Key

Authorized_keys This file must be 644 permissions.

Attention:

Passwordauthentication No

Need to be aware that in the configuration of the best first modified to Yes, configured after the shutdown, modify this need to restart sshd, the rest of the configuration is in real time, no need to restart sshd.

Rsaauthentication No #默认值为 Yes

Pubkeyauthentication Yes

In fact, you can modify the 3 parameters.

5. No password switch to root privileges via sudo bash

Vi/etc/sudoers

Found it

"Root all= (All) all" line, and enter under this line

%zakk All Nopasswd:all (Zakk is the group required plus%)

Zakk All Nopasswd:all (if the user does not need to add%)

In this way, after logging in via the Putty,zakk account, the root password is not required, and the direct input of Sudu bash will gain root privileges,

More secure for the server.

2010-06-04

This article from the "Five pieces of edges and corners" blog, reproduced please contact the author!

Putty SSH Linux without password