Linux under SSH using RSA Authentication login Macox

Source: Internet
Author: User
Tags ssh access

Due to the needs of the project, my side of Ubuntu often requires SSH access to another MacOS. Each time you enter a password a bit annoying, think of RSA public key and key authentication method. As is said in all tutorials, native execution [email protected]:~$ ssh-keygen-t RSA copies the public key to MacOS's/tmp and gives others read access: [email protected]:~$ SCP. ssh/id_rsa.pub [email protected]:/tmp [email protected] ' s password: id_rsa.pub                                    100%  390     0.4kb/s   00:00 so I landed on MacOS, and there was some preparation to do. There is no. ssh directory under the MacOS User directory. let alone. SSH under Authorized_keys file. dev-mini:~ devone$ mkdir. sshdev-mini:~ devone$ sudo chmod 740/tmp/id_rsa.pubdev-mini:~ devone$ sudo cat/tmp/id_rsa.pub >>/home/devone/.ssh/authorized_keysdev-mini:~ devone$ sudo chmod 740/home/devone/.ssh/authorized_ keysdev-mini:~ devone$ Exit For later SSH access I add a profile in this machine [email protected]:~$ CD. ssh/[email protected]:~/.ssh$ Vim Config Add the following host Dev-minihostname Dev-mini.localuser devoneidentityfile ~/.ssh/id_rsa after SSH access mac OS, I can directly [email  protected]:~/.ssh$ ssh Dev-mini But let's enter the password. I think it should be a sshd_config configuration problem on Mac OS. Not Ssh_config Oh. Enter the password dev-mini:~ devone$ sudo vim/etc/sshd_config modified as follows:# $OpenBSD: sshd_config,v1.89 -/ Geneva/ .xx: -: theDtucker EXP $

# this isThe SSHD server system-wide configuration file. See
# Sshd_config (5) forMore information.

# This sshd is compiled with Path=/usr/bin:/bin:/usr/sbin:/sbin

# The strategy used forOptionsinchThedefaultSshd_config shipped with
# OpenSSH isTo specify options with theirdefaultValuewhere
# possible, but leave them commented. uncommented optionsOverrideThe
#defaultValue.

# See Sshd_config (5) forDetails on setting the Port and Listen values on Mac OS X
Port A
#AddressFamily any
#ListenAddress0.0.0.0
#ListenAddress::

# thedefaultRequiresExplicitActivation of Protocol1
Protocol2

# Hostkey forProtocol version1
#HostKey/etc/ssh/ssh_host_key
# Hostkeys forProtocol version2
Hostkey/etc/ssh_host_rsa_key
Hostkey/etc/ssh_host_dsa_key
Hostkey/etc/ssh_host_ecdsa_key

# Lifetime and size of ephemeral version1Server key
Keyregenerationinterval 1h
Serverkeybits1024x768

# Logging
# obsoletes Quietmode and Fascistlogging
Syslogfacility Authpriv
LogLevel INFO

# Authentication:

Logingracetime 2m
Permitrootlogin Yes
Strictmodes No
#MaxAuthTries6
#MaxSessionsTen

Rsaauthentication Yes
Pubkeyauthentication Yes

# thedefault isTo check both. Ssh/authorized_keys and. Ssh/authorized_keys2
# but This isOverridden so installations would only check. Ssh/authorized_keys
Authorizedkeysfile. Ssh/authorized_keys

#AuthorizedPrincipalsFile None

#AuthorizedKeysCommand None
#AuthorizedKeysCommandUser Nobody

# for ThisTo work you'll also need host keysinch/etc/ssh/ssh_known_hosts
Rhostsrsaauthentication No
# Similar forProtocol version2
Hostbasedauthentication No
# Change to YesifYou don'T Trust ~/.ssh/known_hosts for
# Rhostsrsaauthentication and Hostbasedauthentication
#IgnoreUserKnownHosts No
# Don'T read the user's ~/.rhosts and ~/.shosts files
Ignorerhosts Yes

# To disable tunneled clear text passwords both Passwordauthentication and
# challengeresponseauthentication must beSetTo"No".
Passwordauthentication Yes
Permitemptypasswords No

# Change to No to disable S/key passwords
Challengeresponseauthentication No

# Kerberos Options
#KerberosAuthentication No
#KerberosOrLocalPasswd Yes
#KerberosTicketCleanup Yes

# GSSAPI Options
#GSSAPIAuthentication No
#GSSAPICleanupCredentials Yes
#GSSAPIStrictAcceptorCheck Yes
#GSSAPIKeyExchange No

# Set ThisTo'Yes'To enable PAM authentication, account processing,
# and session processing. If This isEnabled, PAM authentication would
# be allowed through the challengeresponseauthentication and
# passwordauthentication. Depending on your PAM configuration,
# PAM authentication via Challengeresponseauthentication may bypass
# The setting of"Permitrootlogin Without-password".
# If You just want the PAM account and session checks to run without
# PAM authentication, then enable ThisButSetPasswordauthentication
# and Challengeresponseauthentication to'No'.
# Also, PAM would denyNULLPasswords bydefault. If you need to allow
#NULLpasswords, add the"Nullok"option to the end of the
# securityserver.so Lineinch/etc/pam.d/sshd.
Usepam Yes

#AllowAgentForwarding Yes
#AllowTcpForwarding Yes
#GatewayPorts No
x11forwarding Yes
#XauthLocation Xauth # Default isTo search $PATH (Setby Launchd (8)). It isRecommended. A full path is provided.
X11displayoffsetTen
#X11UseLocalhost Yes
PRINTMOTD No
Printlastlog Yes
Tcpkeepalive Yes
#UseLogin No
Useprivilegeseparation Yes # Default forNewinstallations.
#PermitUserEnvironment No
#Compression delayed
#ClientAliveInterval0
#ClientAliveCountMax3
#UseDNS Yes
#PidFile/var/run/sshd.pid
#MaxStartupsTen: -: -
#PermitTunnel No
#ChrootDirectory None
#VersionAddendum None

# Pass Locale Information
Acceptenv LANG lc_*

# nodefaultBanner Path
#Banner None

#Overridedefaultof no subsystems
Subsystem Sftp/usr/libexec/sftp-server

# Example of overriding settings on a per-user basis
#Match User Anoncvs
# x11forwarding No
# allowtcpforwarding No
# forcecommand CVS ServerPay particular attention to these paths hostkey/etc/ssh_host_rsa_keyhostkey/etc/ssh_host_dsa_keyhostkey/etc/ssh_host_ecdsa_key the middle is not/etc/ssh/ ssh_host_rsa_keydev-mini:~ devone$ exit[email protected]:~$ ssh dev-minidev-mini:~ devone$ finally got it done.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.