SSH is much safer than telnet, and it is more perfect if RSA verification is added.
A key pair is generated and encrypted by passphrase. The public key is placed on the server to be logged on (in the home directory of an account. SSH). The private key is held by a remote hacker. The private key is distributed to authorized users and passphrase is informed.
Once the private key is leaked, passphrase makes the final delay. At this time, the public key of the server is quickly deleted, and the private key in the illegal hands will be voided. They still cannot log on to the server, ensuring security.
Here we use the best remote terminal securecrt in Windows for instance description.
Open the connection window and create a new session. RSA is used to replace the traditional password verification.
Create a session and use the SSH2 protocol.
Register the IP address and User Name of a remote Linux host
Name a session
Enable session option settings
We use publickey for verification. Cancel the password. Otherwise, password verification is preferred!
Select publickey, and enter properties on the right:
The default value is use global public key setting. Here we select the key for a single session. Put the public key and private key on the C drive. Of course, you can also put the public key anywhere. We recommend that you do not have a Chinese path. The last create key.
Select RSA
Passphrase: a password is used to encrypt an RSA key. You can leave it blank so that the key will not be encrypted. during login, it is completely "password-free login" (without any prompt for entering the password, it is very good! But not recommended .)
The longer the key length, the safer it is! The test is performed here. The default value is enough.
Move the mouse over this window until the key is fully generated. Here, the mouse is shaken to obtain a random number (coordinate) to generate a key.
We strongly recommend that you choose OpenSSH, because OpenSSH is free of charge and most Linux systems use OpenSSH, which avoids compatibility and legal issues!
Figure identity is the private key, and identity. Pub is the Public Key
Click "no" to transfer the data to the server in other ways.
Click OK to complete the configuration.
Upload the public key to the Linux Server
Upload via zmodem, which is convenient and convenient! You no longer need to create samba or FTP ~
User directory (I .e ~) Create the. Ssh directory, and change the permission: 700, only allow me to read and write and run. This step is very important. Otherwise, an error will occur in subsequent verification.
Run the RZ command to upload the file. After Entering RZ, a dialog box is displayed. Find the created public key (C: \ identity. Pub) and upload it to the Linux server. The results are shown in the following figure:
Rename identity. Pub to authorized_keys2. 2 indicates that we use SSH2. If SSH is used, it is authorized_keys.
To change the permission, we recommend that you set the code to 600. No one except yourself can read or write the code.
OK. Now you can use RSA verification to log on.
Successfully logged on! To ensure higher security, we should set passwordauthentication of/etc/ssh/sshd_config to no to disable normal password verification. In this way, only RSA Authentication is supported.