Linux SSH key configuration method

I. Public Key Authentication

1. principle: first, the user generates a pair of keys, and then stores the public key in the user directory of the SSH server. in the authorized_key file in the SSH subdirectory (/root /. SSH/authorized_key ). the private key is stored on the local computer. when a user logs on to the server, the server checks whether the public key of the authorized_key file corresponds to the user's private key. If the public key matches the public key, the server can log on to the server; otherwise, the server rejects the request. because the private key is only stored in the user's local computer, intruders cannot log on to the server even if they get the user password.

2. Enable Public Key Authentication
Modify the configuration file/etc/ssh/sshd_config
Change "passwordauthentication yes" to "passwordauthentication no"
3. Generate a key
[Root @ rain ~] # Ssh-keygen-T RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/root/. Ssh/id_rsa ):
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/root/. Ssh/id_rsa.
Your public key has been saved in/root/. Ssh/id_rsa.pub.
The key fingerprint is:
4d: DD: 48: AF: 76: C2: BA: A8: BC: 20: F3: 28: 1D: 6a: 28: 53 root@rain.fish.com
4. Rename the public key/root/. Ssh/id_rsa.pub to/root/. Ssh/authorized_keys.
MV/root/. Ssh/id_rsa.pub/root/. Ssh/authorized_keys
5. Copy the private key id_rsa to the client/root/. Ssh.

Ii. SSH service configuration
1. Configure the running parameters of the SSH service by modifying the configuration file/etc/ssh/sshd_config.
2. Because the default configuration of the SSH service can work well, you do not need to modify it if you only provide the SSH service. Here we will only introduce some common options.
# Port 22
Defines the SSH service listening line. The default port number of the SSH service is 22.
# Proctocol 2, 1
Defines the sequence in which the SSH protocol is used by the SSH server. By default, we will first use the SSH2 protocol. If it fails, we will use the SSH1 protocol. For security reasons, we can set to only use the SSH2 protocol.
# Listenaddress 0.0.0.0
Defines the IP address set by the SSH server. By default, all available IP addresses of the server are bound.
# Permitrootlogin Yes
Define whether administrator login is allowed
# Permitemptypasswords No
Define whether empty password login is allowed.

# Passwordauthentication No
Determine whether to use password authentication. If you want to use public key authentication, you can set it to No.

How can I use different keys when logging on to different servers? Man SSH shows a-I
Parameters can specify different key files
Method 1:

Ssh-I/root/. Ssh/id_rsa root@192.168.11.117
Ls/root
Method 2: add an SSH configuration file and modify permissions

Touch/root/. Ssh/config

Chmod 600/root/. Ssh/config

Modify the config file
Host 192.168.11.109
Identityfile/root/. Ssh/id_rsb
User Root (or XXX)
Host 192.168.11.117
Identityfile/root/. Ssh/id_rsa
User Root (or YYY)

Run SSH 192.168.11.109 ls/root.