Linux SSH publickey Login

first, the basic idea of public key authentication:

Encryption and decryption of information using different keys, the key is called private key and public key, where public key is stored on the target server, and private key is held by a specific client.

When the client makes a request to establish a secure connection to the server, first sends its own public key, if the public key is allowed by the server, the server sends a public key encrypted random data to the client, this data only through the private Key decryption, the client sends the decrypted information back to the server, the server verifies that the client is trustworthy, and thus establishes a secure information channel.

In this way, the client does not need to send its own identity flag "private key" to achieve the purpose of verification, and private key can not be inferred from the public key backwards. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its own private key to avoid being stolen by others, and once that happens, the server will need to replace the trusted public key list.

Two, no password login implementation mode (Server1 PublicKey connection server2 password-free login)

1. Create a public key with Ssh-keygen (SERVER1)

[Email protected] ~]# Ssh-keygen
Generating public/private RSA key pair.
Enter file in which to save the key(/ROOT/.SSH/ID_RSA):
Created directory '/root/.ssh '.
Enter Passphrase (empty for no passphrase): (here the password determines the private key password used when the terminal is connected)
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
7b:aa:08:a0:99:fc:d9:cc:d8:2e:4b:1a:c0:6b:da:[email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| |
| |
| |
|. |
|o. S |
|++. . |
|+=o ... |
|o+=ob. o |
|.. E==* ... |
+-----------------+

Supplemental Note ssh-keygen: Generate secret Key, where:
-T Specify algorithm
-f Specifies the path to generate the secret key
-N Specify password

2. View the Build Certificate:

[[Email protected]]$ ll/root/.ssh/
Total 16
-RW-------1 yida yida 1675 Mar 11:42 Id_rsa
-rw-r--r--1 Yida yida 399 Mar 11:42 id_rsa.pub

3, the Server1 publickey copy to Server2 Authorized_keys, you need to enter the Server2 root user password

[email protected]. ssh]$ ssh-copy-id-i id_rsa.pub [email protected]
The authenticity of host ' 10.207.0.179 (10.207.0.179) ' can ' t be established.
RSA key fingerprint is 94:5f:47:a8:ae:0b:b0:31:0f:ce:6b:86:08:51:98:a7.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 10.207.0.179 ' (RSA) to the list of known hosts.
Address 10.207.0.179 maps to localhost, it does not map back to the address-possible break-in attempt!
Password:
Now try logging to the machine, with "ssh" [email protected] ' ", and check in:

. Ssh/authorized_keys

To make sure we haven ' t added extra keys so you weren ' t expecting.

[Email protected]_d10075798. ssh]$

4. Server2 View Public key file

[Email protected]]$ ll
Total 16
-RW-------1 root root 408 Mar 15:43 Authorized_keys

5, implement SERVER1 login server2 password-free login

Third, SECURECRT client uses PublicKey to log on to Linux

method One: The server side generates a public key private key file, retains the public key file as Authorized_keys, and downloads the public key private file to the client locally, which is provided to the SECURECRT connection for use.

1. Create a public key with Ssh-keygen (SERVER1)

[Email protected] ~]# Ssh-keygen
Generating public/private RSA key pair.
Enter file in which to save the key(/ROOT/.SSH/ID_RSA):
Created directory '/root/.ssh '.
Enter Passphrase (empty for no passphrase): (here the password determines the private key password used when the terminal is connected)
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
7b:aa:08:a0:99:fc:d9:cc:d8:2e:4b:1a:c0:6b:da:[email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| |
| |
| |
|. |
|o. S |
|++. . |
|+=o ... |
|o+=ob. o |
|.. E==* ... |
+-----------------+

[[Email protected]]$ ll/root/.ssh/
Total 16
-RW-------1 yida yida 1675 Mar 11:42 Id_rsa
-rw-r--r--1 Yida yida 399 Mar 11:42 id_rsa.pub

2. Send the public key to local, modify the public key as the authorization certificate file

[Email protected]~]#sz Id_rsa id_rsa.pub

[[Email protected]~]#mv Id_rsa.pub Authorized_keys

3. Set SECURECRT connection

Note the passphrase setting is generated when the Server1 generates the certificate, and the public key private key file must be placed in the same directory locally, or the following error will occur.

4. Successful Landing

Method Two: Generate the Universal OPENSSH key format public key file in the SECURECRT client and copy the public key file to the server-side Authorized_keys file.

Linux SSH publickey Login