Configuration method:
1. Use Puttygen to generate public and private keys under putty
2. Create the. SSH directory under the/root/directory
3. Create a Authorized_keys file in the. ssh directory and copy the generated public key into the file;
4. Change file permissions
. SSH (Authorized_keys) (600)
5. Turn off the firewall (SELinux and NetFilter (iptables))
Temporary shutdown:
SELinux-Setenforce 0
NetFilter-Iptables-f
Permanently closed:
SELinux--Edit configuration file/etc/selinux/config
Iptables---perform service iptables save after executing iptables-f (writes the temporary purge rule to/etc/sysconfig/iptables Save)
6. Client Configuration
Ssh->auth-> Select private key path, save Sessions->open
--------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------
Step 2-5:
[[email protected] ~]# ls
Anaconda-ks.cfg Install.log Install.log.syslog
[[email protected] ~]# mkdir. SSH //create. SSH directory
[Email protected] ~]# ls-a
. .. Anaconda-ks.cfg. bash_history. Bash_logout bash_profile bashrc. CSHRC install.log install.log.syslog. SSH tcsh Rc
[[Email protected] ~]# CD. SSH
[email protected]. ssh]# VI authorized_keys //Create and edit the Authorized_keys file and save the public key to the file
[email protected]. ssh]# chmod 700.. /.ssh //Change directory Permissions
[email protected]. ssh]# chmod authorized_keys //Change file permissions
[email protected]. ssh]# Setenforce 0 //Temporarily turn off SELinux firewall
[[email protected]. ssh]# iptables-f //temporarily close iptables firewall
[[email protected]. ssh]# Service Iptables Save //Permanently close iptables Firewall (combined with temporary shutdown command)
Iptables: Save firewall Rules to/etc/sysconfig/iptables: [OK]
[email protected]. ssh]# vi/etc/selinux/config //Permanently shut down SELinux firewall
# This file controls the state of the SELinux on the system.
# selinux= can take one of these three values:
# Enforcing-selinux security policy is enforced.
# Permissive-selinux Prints warnings instead of enforcing.
# disabled-no SELinux policy is loaded.
#SELINUX =enforcing //change SELINUX from enforcing to disabled
Selinux=disabled
# selinuxtype= can take one of these the values:
# targeted-targeted processes is protected,
# Mls-multi level Security protection.
selinuxtype=targeted
[email protected]. ssh]#
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Login for Key verification:
Login As:root
Authenticating The prompt that is entered when the private key is generated with the public Key "study"//
Passphrase for Key "study": //Enter the password set when generating the private key
Last Login:sun Oct 05:01:30 from 192.168.2.1
--------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------
Knowledge Points:
1. Create directory: mkdir
2. Change directory/file permissions: chmod
3, Inux with SELinux and netfilter two kinds of firewalls
Temporary/permanent closure of SELinux and Iptables methods :
Temporary shutdown:
SELinux-Setenforce 0
NetFilter-Iptables-f
Permanently closed:
SELinux--Edit configuration file/etc/selinux/config
Iptables---perform service iptables save after executing iptables-f (writes the temporary purge rule to/etc/sysconfig/iptables Save)
Other methods:
chkconfig iptables off setting iptables boot does not start
Service iptables stop shutdown iptables Services
4,/root/.ssh/authorized_keys can be placed in multiple public keys, if necessary, you can add a line to the upstream of the public key explanation
5. The public key is saved in the Authorized_keys file by default, but you can customize the file path in the/etc/sshd/sshd_config file
6, the key authentication is only used when the remote sshd login.
7, Enforcing-selinux security policy is enforced. (open state, default is this state)
Permissive-selinux prints warnings instead of enforcing. (also open, but no effect, just warning, Setenforce 0 is the state)
Disabled-no SELinux policy is loaded. (Off state)
Need to expand:
Check the data to understand the features of the two types of firewalls?
How do I turn on key verification without shutting down the firewall?
This article is from the "Quit Pride Quit" blog, please be sure to keep this source http://lijunjiang.blog.51cto.com/6905358/1706054
Putty Key Verification Login