Log on to Linux server using public key on SECURECRT

SECURECRT Partial configuration

1. Generate the public key first.

Open SecureCRT (my version is 7.0, estimated other versions are basically the same) program, click on the menu bar "Tools"-"Create Public key". Follow the steps. One of the more important steps is to choose the format of the public key. It is recommended to select "OpenSSH", otherwise you need to convert to OpenSSH when using the server side. Why do you do it many times? So you have to choose "OpenSSH" here. If you choose the wrong. Regenerate it once.

Then select where the public key private key resides. The default Identity is the private key, and Identity.pub is the public key.

2. Upload the Identity.pub file to the Linux server you want to log on to. There are many methods, such as SSH (not configured as public key login), FTP, etc. The specific operation to take care of themselves. Select the ASCII mode when uploading.

3. Create a server connection in SECURECRT. The protocol uses SSH. In the "Authentication" method, uncheck "Password". Select "Public Key" and then click on the Properties button on the right, in the dialog box.

Use global public key setting: Indicates that all connections use the public key to connect to the server.

Use session public Key settings: You can specify a different public key for each connection, respectively.

The following path is the specific path that indicates the private key. Note that the path to the private key is indicated here.

You can save the connection.

Linux Server-side configuration

1. sshd_conf Configuration

Vi/etc/ssh/ssh_config

There are several main changes:

Permitrootlogin No # default is a comment, first configured to prohibit the root user login, allowing root login is too dangerous. Several times almost made mistakes. Remember, remember!

Rsaauthentication Yes #默认为注释, RSA authentication enabled

Authorizedkeysfile. Ssh/authorized_keys # Verifying the storage path of the public key

Pubkeyauthentication Yes # default is comment, enable public key authentication

Passwordauthentication No # Disables password authentication, which is turned on by default.

After holding, restart the SSH service. On different Linux servers, the method of restarting is different.

The method of Redhat,centos:service sshd restart//redhat 7 has been changed.

OPENBSD,FREEBSD:/etc/rc.d/sshd Restart

2, the key part: Configure the public key to store which problem.

To put the first part of the uploaded public key into the user home directory of the. ssh/directory. Here's a little bit of information. If you want to log in using the test account, you will need to put the public key in the. SSH directory of the test account. You can change the identity.pub directly to Authorized_keys. Of course, there are other ways to do it.

For example:cat identity.pub >> ~/.ssh/authorized_keys

Another explanation: The SSH directory permission is the 700,authorized_keys file permission of 644.

It is important to add that if other people want to use their public key to log on to the server, how to do it? Normal operation should create an account for the user on the server, re-execute this time (Linux server-side configuration, 2nd) operation. Of course, you can also be lazy and put his public key in the test account's Authorized_keys file. However, the contents of the two public keys are separated by a newline character. Such a method is still undesirable.

Then restart the Linux server's SSH Services service sshd Restart

Finally, log in to the Linux server using SECURECRT.

It is important to note that even if you use the public key to log on to the server, when you connect, you still need to enter the user name. Why is it? It's not about public key authentication? In fact, the server should know to decrypt the contents of the Authorized_keys file with your private key and which user's. SSH directory. It is not possible to match tests with your private key and all user Authorized_keys files.

There are exceptions, however, if you use the public key to log on to a Linux server on a Linux system, you do not need to specify the user. Here's how:

# SSH 172.16.24.222

Why is it? At this point the system defaults to the remote account you logged in is your current login account.

If you set a public key password, such as input when connected. In order to be safe, this password is necessary. In SecureCRT, the password is translated as a pass phrase. Oh.

To add, how do you create a public and private key on a Linux system?

The method is simple, execute the ssh-keygen command, follow the prompts to complete. When finished, the. SSH folder is created automatically in the current user's home directory.

The server-side configuration is the same as the method above.

Ext.: http://www.linuxidc.com/Linux/2014-11/109973.htm

Log on to Linux server using public key on SECURECRT