Article Title: Perfect Use of SSH keys with SecureCRT. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
SSH, especially OpenSSH, is similar to telnet or rsh. The ssh client program can also be used to log on to a remote machine. All that is required is that the remote machine is running sshd, that is, the ssh server process. However, unlike telnet, the ssh protocol is very secure. Data streams are encrypted to ensure the integrity of the data streams, and even secure and reliable authentication uses specialized algorithms.
However, although ssh is really great, there is still an ssh function component that is often ignored. This component is the RSA/DSA Key Authentication System of OpenSSH, it can replace the standard security password authentication system used by OpenSSH by default.
The RSA and DSA authentication protocols of OpenSSH are based on a pair of specially generated keys called private keys and public keys respectively. The advantage of using these key-based authentication systems is that in many cases, secure connections may be established without the need to manually enter a password.
Now, I know what is going on with RSA and DSA. I will not talk about the principles in it. If you are interested, just check out the principles of the public key. In fact, not only does SecureCRT support RSA/DSA, but other ssh client software support RSA/DSA, but it seems that the public keys generated by different software are not universal. Here I just use the most typical SecureCRT to illustrate how RSA works with the ssh service in linux.
My environment: Redhat9.0 openssh-3.5p1-6 SecureCRT 4.0
We cannot set openssh for the server. After the client is set up, we will go back and set ssh.
Create a new link and click Properties:
The default authentication method is password. If you change it to RSA, a pop-up box will pop up.
Confirm whether to use the RSA public key creation wizard. Of course, select "yes"
Next:
In this step, enter your password to protect the key. Remember this password. You will need this password later, and Comment will fill it out.
Next step:
Let you choose the number of encrypted digits. The default value is 1024.
Next step:
In this step, when you move the mouse, the system will automatically generate the public key and secret key based on the frequency of the mouse movement.
Next step:
After the RSA public key is created, you will be saved. The name can be changed by default. You only need to find the secret key path in SecureCRT, you can ensure that SecureCRT can find your key.
The client is finished. The following is the configuration of the linux server.
Upload the RSA public key we just created to your server. The default name is identity. pub.
Then, in linux, if your key is created for linux User frank, we will first create a. ssh directory in frank's home directory.
Mkdir/home/frank/. ssh
Chmod o + x/home/frank
Chmod 700/home/frank/. ssh
Then export the public key to the authorized_keys file, because we use ssh1. If it is ssh2, It is authorized_keys2.
Permission settings are very important because insecure security settings make you unable to use the RSA function. If you find that the public key cannot be found during debugging, check whether the permission is set correctly!
OK. Now the server has been set up. Now you can use the RSA Authentication Method of SecureCRT to connect to the ssh server. If the connection is normal, a dialog box will pop up asking you to enter the password.
Enter the password to protect the key. When it's done, you can proceed smoothly.
Another step is to set up. Since everyone has successfully used the RSA feature of ssh, we must allow openssh to only support RSA verification. Otherwise, it is meaningless to support both common passwords and RSA, security is not improved at all, so it is necessary to enable openssh to only support RSA verification. If you have not successfully used the RSA function, you do not need to check it. You should first implement the above.
To implement openssh, only the RSA Authentication Method is supported.
Vi/etc/ssh/sshd_config
Set
PasswordAuthentication no
Now, try the common password verification method again. The following error message will pop up.
Generally, the server only supports RSA Authentication. OK.
In the future, you can use the RSA public key to access the ssh server. However, you can save your keys. Anyway, I saved them on my USB flash drive and carried them with me, once your user loses the key, it must be deleted on the server side, so that even if the person gets the key, it cannot be uploaded :)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.