Linux Server key Secure login

The advantage of using key login: 1, easy, do not have to knock on the user name and password every time, 2, security, the key length is generally 1024, more than the password we set to much longer;

Here are the steps to sign in for the new user, Jackson, to add an encryption key.

1. Add the user and add to Sudoer.

Useradd Jackson passwd Jackson

Add to sudo group

Visudo

Add Hubery all= (All) all after root all= (all)

2. Build and add public key to server

Ssh-keygen -t rsasshssh-copy-ID -i ~/. ssh/id_rsa.pub-p [port] [email protected]

Add private key locally

Vim ~/. ssh/config

Add the following content

2192.168.0.122~/    .  SSH/id_rsa

Note that there is no space before host, Identifyfile is a tab before

3, modify the SSH configuration file, the path is/etc/ssh/sshd_config, to comment or modify the content

22000 #PermitRootLogin no#rsaauthentication yespubkeyauthentication yesauthorizedkeysfile  . ssh/authorized_keyspermitemptypasswords yespasswordauthentication nousepam nox11forwarding Yes 

The above section modifies the sshd port, disables the root user's remote login, opens the key login, and prohibits password login. For the management of multiple servers, I am a direct replacement of the file, so simple and maintain the persistence.

// Local SCP -P [Port] sshd_config  [email protected]:/your/home///serversudoCP ~/sshd_config/etc/ssh/sshd_config

4. Iptables setting

sudo 1 22000-J ACCEPTsudo service iptables Save

5. Restart the sshd service, test login

sudo service sshd restart

SSH [email protected]-p [Port]

Note: Do not close the previously opened terminal before the test passes, so you can change it back with this terminal, even if it is wrong.

Linux Server key Secure login