I've been using passwords to log on to Linux servers through the SSH protocol, and recently the company has asked for a public key to log in. Say it's safe, okay. Let's do the whole. What are the benefits of using a public key to log on to a server? In fact, I understand that:
When we create the public and private keys (this is a pair, to use the private key to decrypt the public key when logging in), the public key to any server, log on to the Linux server, as long as our private key is not changed, login to any server does not require a password. Instead, the public key is used for authentication. Safe and much more! There is also a small detail here, just don't lose your private key. Otherwise, you think, hundreds of of the server on the very hard to configure your public key, and your private key is lost, what to do? The private key cannot be generated alone!
In fact, there are many documents online. Vary It is estimated that I understand that others look more laborious. I'll tidy up here for my own reference:
The configuration process is divided into two parts, the SECURECRT section and the Linux Server section.
SECURECRT Partial configuration
1. Generate the public key first.
Open SecureCRT (my version is 7.0, estimated other versions are basically the same) program, click on the menu bar "Tools"-"Create Public key". Follow the steps. One of the more important steps is to choose the format of the public key. It is recommended to select "OpenSSH", otherwise you need to convert to OpenSSH when using the server side. Why do you do it many times? So you have to choose "OpenSSH" here. If you choose the wrong. Regenerate it once.
Then select where the public key private key resides. The default Identity is the private key, and Identity.pub is the public key.
2. Upload the Identity.pub file to the Linux server you want to log on to. There are many methods, such as SSH (not configured as public key login), FTP, etc. The specific operation to take care of themselves. Select the ASCII mode when uploading.
3. Create a server connection in SECURECRT. The protocol uses SSH. In the "Authentication" method, uncheck "Password". Select "Public Key" and then click on the Properties button on the right, in the dialog box.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/54/12/wKiom1R28FuAHyyVAAEsd-009-s342.jpg "title=" capture. PNG "alt=" Wkiom1r28fuahyyvaaesd-009-s342.jpg "/>
Use global public key setting: Indicates that all connections use the public key to connect to the server.
Use session public Key settings: You can specify a different public key for each connection, respectively.
The following path is the specific path that indicates the private key. Note that the path to the private key is indicated here.
You can save the connection.
Linux Server-side configuration
1. sshd_conf Configuration
There are several main changes:
Permitrootlogin No # default is a comment, first configured to prohibit the root user login, allowing root login is too dangerous. Several times almost made mistakes. Remember, remember!
rsaauthentication Yes # default is comment, enable RSA authentication
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " > enable public key authentication
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " > after keeping , restart the SSH service. On different Linux servers, the method of restarting is different.
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >& nbsp redhat,centos: service sshd restart //redhat 7 method has been changed.
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >& nbsp &NBSP;OPENBSD,FREEBSD: /etc/rc.d/sshd restart
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >< br>
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >2 , Focus Section: Configure the issue where the public key is stored.
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >& nbsp to put the first part of the uploaded public key into the user home directory of the. ssh/directory. Here's a little bit of information. If you want to log in using the test account, you will need to put the public key in the. SSH directory of the test account. You can change the identity.pub directly to Authorized_keys. Of course, there are other ways to do it.
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >& nbsp such as: Cat identity.pub >> authorized_keys
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >& nbsp Description: SSH directory permissions are 700,authorized_keys file permissions are 644.
< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " >< Span style= "Color:rgb (51,51,51); font-family: ' The song Body '; Font-size:14px;line-height:28px;background-color:rgb ( 255,255,255); " > Key To add, if there are other people also want to use their own public key to log on to the server, how to do it? Normal operation should create an account for the user on the server, re-execute this time (Linux server-side configuration, 2nd) operation. Of course, you can also lazy, put his public key to test account of authorized_keys file. However, the contents of the two public keys are separated by a newline character. Such a method is still undesirable.
Finally, log in to the Linux server using securecrt .
It is important to note that even if you use the public key to log on to the server, when you connect, you still need to enter the user name. Why is it? It's not about public key authentication? In fact, the server should know to decrypt the contents of the Authorized_keys file with your private key and which user's. SSH directory. It is not possible to match tests with your private key and all user Authorized_keys files.
There are exceptions, however, if you use the public key to log on to a Linux server on a Linux system, you do not need to specify the user. Here's how:
# SSH 172.16.24.222
Why is it? At this point the system defaults to the remote account you logged in is your current login account.
If you set a public key password, such as input when connected. In order to be safe, this password is necessary. In securecrt , the password is translated as a pass phrase. Oh.
To add, how do you create a public and private key on a Linux system?
The method is simple, execute the ssh-keygen command, follow the prompts to complete. When finished, the. SSH folder is created automatically in the current user's home directory.
The server-side configuration is the same as the method above.
How do I log on to a Linux server with a public key on securectr?