We have introduced the ssh remote logon protocol for linux and the ssh password-less logon method. Here, we log on to linux using secureCRT and putty in windows to see how to create, configure, and log on to linux, make a memorandum.
1. Create a key pair in linux
Remember how to create a key pair:
[sshtest@localhost ~]$ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/sshtest/.ssh/id_rsa): Created directory '/home/sshtest/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sshtest/.ssh/id_rsa.Your public key has been saved in /home/sshtest/.ssh/id_rsa.pub.The key fingerprint is:22:e4:e8:60:24:b5:ac:bd:53:52:4a:b1:08:a0:e9:7b sshtest@localhost.localdomainThe key's randomart image is:+--[ RSA 2048]----+|+ o ||o= + ||=.= o ||++ * ||oo= + . S ||.o.+ . . || .+E || .. || |+-----------------+
If you do not need to enter the password for creating the key during login, press enter directly. After this process is completed, our key pair is successfully created in the hidden directory. ssh. Check that there are two files, one private key id_rsa and the other public key id_rsa.pub. Then we output the public key content to a file named authorized_keys:
[sshtest@localhost ~]$ cd .ssh/[sshtest@localhost .ssh]$ lsid_rsa id_rsa.pub[sshtest@localhost .ssh]$ cat id_rsa.pub >> authorized_keys[sshtest@localhost .ssh]$ lsauthorized_keys id_rsa id_rsa.pub
Why should I output the data to the authorized_keys file? As mentioned earlier, the default value is the authorized_keys file configured in the/etc/ssh/sshd_config file. If there are many public keys, output to this file. Then we copied the private key id_rsa and put it in a directory in our windows system. This is required when the key is logged on, and finally restarted the sshd service,/etc/init. after d/sshd restart is successful, we can log on to a linux user through secureCRT or putty on windows. This user is the user of the authorized_keys file.
1). secureCRT Login
Run secureCRT and enter the IP address and port of the host to be logged on. If the default value is 22 and the user name to log on to is not set, in the authentication option, select only PublicKey or the PublicKey option as the preferred choice, and then click Properties:
In the pop-up dialog box, click this button to select the private key you copied and click OK. Then, click the connect button of the current form:
Finally, you will be prompted to enter the password when creating the key. If you have set it:
In this way, we can log on to the specified user in linux:
In this process, you must remember to set the. ssh directory permission to 700 and set the authorized_keys File Permission to 600. Otherwise, an error will be reported:
2). putty Login
Putty is a little troublesome. You need to download a puttygen file to convert the private key format. The previous operations are the same. Create a key pair and modify the permissions, copy the private key to a directory in windows. Putty Private Key format is different, so puttygen is required for conversion. Run the puttygen software and click Load to select the copied private key:
If you cannot find your private key file, click the file type in the lower right corner and select show all files, because the private key file generated in linux has no extension:
After the private key is selected, the system prompts you to enter the password set when creating the key. If you have set the password:
After the conversion is successful, you need to Save the private key file generated after the conversion format, and click Save private key to Save:
The private key extension of putty is. ppk. In this case, you find that the private key file has been saved successfully. Next, use the putty key to log on:
Run the putty software, choose Connection> SSH> Auth on the left, and click the Browse button to select the private key file generated after the above conversion format. ppk:
Select Session on the left and enter the IP address and port number of the host to log on to linux. Click open:
Finally, enter the username of the user you want to log on to and the password you set when creating the private key. If you have set it:
2. secureCRT and putty create key pairs in windows
As mentioned above, the key pair created in linux is used. Now, you can use secureCRT and putty to create the key pair, upload the public key to the host, and then log on with the key. Assume that the public key has been uploaded to the host as the key. pub. It cannot be directly output to authorized_keys as above. It must be converted to a format that can be recognized by openssh. ssh-keygen-I-f key is required here. pub> authorized_keys: The authorized_keys file must have the 600 permission and must exist in. in the ssh hidden file, if not, create the file with the permission of 700, and then restart the sshd service/etc/init. d/sshd restart. The following describes two key pair creation methods and key logon methods.
1). secureCRT creation and login
Run secureCRT, select PublicKey as above, click Properties, and select Create Identity File in the pop-up dialog box to Create the key pair:
Next, select the algorithm DSA or RSA, and then click Next. Then, set the key and password, and then click Next. Then, set the default length of the key to 1024. Next, click Next, and select the location where the key pair is saved, by default, my documents are completed again-> whether to upload, select No. In this way, the key pair is generated. The private key is Identity, and the Public Key is Identity. pub:
Copy the public key to the linux host and perform the above red operations in the user directory we want to log on to. Then, use PublicKey to specify the Identity private key file we generated for logon, which is the same as above.
2). putty creation and login
Putty depends on the puttygen software to create a key pair. Run the puttygen software and click Generate to automatically create a key pair. You can also set the length of the key. The default value is 2048,1024, which is faster than 2048. After the creation, you can see the contents of the public key, set the key password, save the public key and the private key respectively, and then upload the public key to the host for the above red operations, you can also save the private key and copy the public key content to the authorized_keys file of the linux host:
Run putty to specify the private key for logon.