How to implement SECURECRT remote connection to a Linux server via a key

Let's tell everyone about my Linux environment before configuring:

Here is the version of the CRT:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/82/wKioL1T9g2DBZj3ZAABiVAh8pjA365.bmp "style=" float: none; "title=" CRT version. bmp "alt=" Wkiol1t9g2dbzj3zaabivah8pja365.bmp "/>

Here is the version of Linux:

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/82/wKioL1T9g2CDz_APAAA8-LP9lfg290.bmp "style=" float: none; "Title=" Linux version. bmp "alt=" Wkiol1t9g2cdz_apaaa8-lp9lfg290.bmp "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/8C/wKiom1T9gpiyPIOaAAAs2PWDAWs916.bmp "title=" kernel version. BMP "alt=" Wkiom1t9gpiypioaaaas2pwdaws916.bmp "/>

SSH configuration file is default, no changes made

Well, let's start configuring

There are two ways to implement a CRT to remotely connect Linux using a key:

Method 1 establishes the key pair locally in the CRT, the configuration in the CRT has the following steps

The first step: Open your CRT and click on the tool to create a public key

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/8F/wKiom1T9hCbzs3EdAAZiZGk_OXk718.bmp "title=" First step. bmp "alt=" Wkiom1t9hcbzs3edaazizgk_oxk718.bmp "/>

Step two: There's nothing to say here. Can only point next 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0028.gif "alt=" J_0028.gif "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/90/wKiom1T9hGWgiMd9AAuMTKTeKBs778.bmp "title=" Step two. bmp "alt=" Wkiom1t9hgwgimd9aaumtktekbs778.bmp "/>

The third step: Here is the key type of choice, since the comment says most servers support DSA key, then I chose DSA ...

To provide small partners with the next DSA RSA is what

                RSA: Invented by RSA Corporation, is a support variable length key

DSA (Digitally Signature algorithm): digital signature algorithm, is a standard DSS ( digital Signature Standard );

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/8D/wKioL1T9hnKym4HnAAuMTE8W2W8193.bmp "title=" Step three. bmp "alt=" Wkiol1t9hnkym4hnaaumte8w2w8193.bmp "/>

The fourth step: although we can no longer authenticate with the password, but if you want to be more secure, you can add additional password

If you don't set a phrase you can leave it blank

Note No tube, wood has influence, click Next

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/5A/93/wKiom1T9hq6zK0uNAAuMTHdGc4U667.bmp "title=" Fourth step. bmp "alt=" Wkiom1t9hq6zk0unaaumthdgc4u667.bmp "/>

Fifth step: The key will be generated by itself, click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/9B/wKiom1T9h3CwnbTtAAuMTK13d9s185.bmp "style=" float: none; "Title=" sixth step. bmp "alt=" Wkiom1t9h3cwnbttaaumtk13d9s185.bmp "/>

Sixth step: Here I am using the default standard public and Vandyke private key formats

The OPENSSH key format can also be selected below

(The old version of the CRT does not have this option, recommended later to choose this) as for these two differences I will tell you

The following select the private key storage address, you can choose freely, public key can not be selected

Click Finish when you've chosen.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/5A/96/wKioL1T9iI-wi2ZtAAuMTCOp0zw026.bmp "style=" float: none; "Title=" Seventh step. bmp "alt=" Wkiol1t9ii-wi2ztaaumtcop0zw026.bmp "/>

Seventh Step: Choose your length according to the security requirements, here I choose the default 1024

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/96/wKioL1T9iJLzYQ5BAAuMTPGJVQM051.bmp "style=" float: none; "Title=" fifth step. bmp "alt=" Wkiol1t9ijlzyq5baaumtpgjvqm051.bmp "/>

The eighth step: Select the key length will pop up this choice, because I only configure a connection, so I choose No

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/99/wKioL1T9iofATo8zAAJZ0OTizL0821.bmp "style=" float: none; "Title=" eighth step. bmp "alt=" Wkiol1t9iofato8zaajz0otizl0821.bmp "/>

Next we open the Linux System command terminal to implement the CRT remote connection

Configure the following:

[email protected]:~$ cd ~           Enter Home directory [ email protected]:~$ pwd            View Path/home/ oldman[email protected]:~$ mkdir .ssh     create the. SSH directory [email protected]:~$  ls -la         View list to see. SSH has created drwx------   3  oldman oldman 4096 3 Month    2 13:59 .drwxr-xr-x. 28 root    root   4096 3 month    2 13:52  -rw-r--r--   1 oldman oldman   18 10 month  16 21:56 . Bash_logout-rw-r--r--   1 oldman oldman  176 10 Month  16 21:56  .bash_profile-rw-r--r--   1 oldman oldman  124 10 Month  16  21:56 .BASHRCDRWX------  &NBSp;2 oldman oldman 4096 3 Month    2 13:59 .ssh[email protected]:~ $ chmod 700 .ssh/    modify. SSH directory permissions, permissions must be to the [email protected]:~$ ls -ld  .ssh/       Check drwx------ 2 oldman oldman 4096 3 Month    2 13:59 .ssh/[email protected]:~$ cd .ssh/            access to .ssh[email protected]:~/.ssh$ rz -y          upload the public key file at the end of the previous. Pub to the server [email protected]:~$ ls -ll              Check-rw-r--r-- 1 oldman oldman   725 3 month    9 2015 Identity.pub   just below the public key file is a very important step! This step is to convert the public key file to the OPENSHH format that the server can recognize! By the way, change the name to the server under the sshd configuration file under the fixed public key name  authorized_keys         [email  protected]:~/.ssh$ ssh-keygen -i -f identity.pub >authorized_keys                      [ email protected]:~/.ssh$ ll            Check-RW------- 1 oldman oldman 1200 3 month    2 19:58 authorized_ Keys-rw-r--r-- 1 oldman oldman  725 3 Month    9 2015  Identity.pub

At this point, the server-side configuration is OK!

We'll go back to the CRT for the last little configuration.

Go to your corresponding session options, in the authentication area we just need to tick the public key option, then click Properties

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/AC/wKiom1T9jz_gbpXlAAz4OGEcOpY069.bmp "style=" float: none; "title=" nineth step. bmp "alt=" Wkiom1t9jz_gbpxlaaz4ogecopy069.bmp "/>

Enter attribute we need to change two places

1. Check Use session public key setting

2. Select the private key file you created before using the identity or certificate file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/A7/wKioL1T9kF2ybwCyAAZMTJOZoTE319.bmp "style=" float: none; "title=" tenth step. bmp "alt=" Wkiol1t9kf2ybwcyaazmtjozote319.bmp "/>

Finally we can do the connection test 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0071.gif "alt=" J_0071.gif "/>

This window will pop up after the connection, and this is the first pass phrase that was set up earlier, which means you're successful.

If you've set it up before, enter the phrase and click OK and go inside.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/B1/wKioL1T9ku3BmhLaAAJiiPa9hvY092.bmp "title=" Pass phrase. bmp "alt=" Wkiol1t9ku3bmhlaaajiipa9hvy092.bmp "/>

If this is the case, it could mean something wrong with you. 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0004.gif "alt=" J_0004.gif "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/B7/wKiom1T9ksbhojPQAAP2wNse2NE710.bmp "title=" Unsuccessful flag. bmp "alt=" Wkiom1t9ksbhojpqaap2wnse2ne710.bmp "/>

Before Law 2 we were setting up a key pair in the CRT, in other words, we could go to the server to create a key pair (recommended)

Here are the details and results of executing the command:

[Email protected]:~$ ssh-keygen-t DSA executes this command to specify the key format for DSA

Generating Public/private DSA key pair.

Enter file in which to save the key (/HOME/OLDZJJ/.SSH/ID_DSA): Enter here

See, the system will help you build the catalogue.

Created directory '/home/oldzjj/.ssh '.

Enter passphrase (empty for no passphrase): Set passphrase, no carriage return

Enter same passphrase again: Create key pair, enter

Your identification has been saved IN/HOME/OLDZJJ/.SSH/ID_DSA.

Your public key has been saved in/home/oldzjj/.ssh/id_dsa.pub.

The key fingerprint is:

85:D4:9A:71:C9:5E:2F:64:36:71:0F:22:B7:22:05:DD [email protected]

The key ' s Randomart image is:

+--[DSA 1024x768]----+

| O=OO+.O |

| .. O*oe+ O |

| O*O=.O. |

|  Oo.... |

|   S. |

| |

| |

| |

| |

+-----------------+

[Email protected]:~$ ls-ld. SSH 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0057.gif "alt=" J_0057.gif "/& gt; It looks like the system is really built, and the permissions are right.

DRWX------2 OLDZJJ oldzjj 4096 March 2 20:13. SSH

[Email protected]:~/.ssh$ ll

-RW-------1 oldzjj oldzjj 668 March 2 20:13 ID_DSA private key

-rw-r--r--1 oldzjj oldzjj 603 March 2 20:13 id_dsa.pub public key

[Email PROTECTED]:MV id_dsa.pub Authorized_keys renamed to the default public key name under SSH config file

[Email protected]:chmod authorized_keys and Change permissions

[Email protected]:sz-y ID_DSA finally download the private key to the computer

Again, we're going to do some setup in the CRT, click Properties

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D3/wKiom1T9m1DwCOirAAz4OGEcOpY726.bmp "title=" Nineth step. bmp "alt=" Wkiom1t9m1dwcoiraaz4ogecopy726.bmp "/>

Select the path where the private key resides

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/5A/CE/wKioL1T9nI7xWitSAAZMTHfjQAo427.bmp "title=" The second method. bmp "alt=" Wkiol1t9ni7xwitsaazmthfjqao427.bmp "/>

OK 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0036.gif "alt=" J_0036.gif "/>

Precautions:

1 private key Everyone must be saved, in the U disk to do backup, if the work with this mode login once the key is lost can not go home.

2 The passphrase will prompt you for the first remote connection, but you won't need a passphrase when you disconnect, so if your computer is used by more than one person, it is recommended that you turn off the CRT if you are not using a CRT connection.

3 If your version supports OPENSHH key format, it is recommended to choose this create key pair, so that you do not need to transfer the command to the server after the conversion of the format

Finally, I wish you all to set the success! If there is any mistake welcome comment to Ben Rookie! 650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0003.gif "alt=" J_0003.gif "/>

This article is from the "operation and maintenance of life" blog, please make sure to keep this source http://zhujiajun.blog.51cto.com/9968124/1618815

How to implement SECURECRT remote connection to a Linux server via a key