Putty's public key SSH authentication Primer

Source: Internet
Author: User
Tags auth chmod

Careless works:

1. Work Platform
Client: Win2ken sp3,putty Beta 0.53
Server: REDHAT72,OPENSSH_3.4P1

2.Putty Introduction
A free and compact Win32 platform under the SSH client. Its main program is only 348k,
But the function silk is not inferior to the commercial securecrt, more importantly it is free.
Official homepage: http://www.chiark.greenend.org.uk/~sgtatham/putty/

3.Publick Key Certification Introduction
The main attraction of Publick key authentication is that when the certification is committed, it is not necessary to provide a password
Establish a connection with the remote system. Publick key authentication is based on a pair of keys, public key
and private Key,public key for data encryption and can only be used for encryption, private key
Only data that is encrypted with the matching public key can be decrypted. We put the public key in the
The appropriate location for the remote system, and then start the SSH connection locally. At this point, the remote sshd will produce
A random number is encrypted with the public key we generated and sent to the local area, which is used with private
Key to decrypt and send this random number back to the remote system. Finally, the sshd of the remote system will come to the conclusion
We have a matching private key that allows us to log in.

4. Manufacturing Key
Use the Puttygen of the putty suit to generate the key. The type of key is recommended to select SSH2 RSA because the
Most extensive, most server supported. The number of bits selected for the key is sufficient for most users, except for the 1024
It's not safe for you to think. Then click on "Generator", at which point the key generation of course also has several options
Appear. If you have more than one key, you can annotate "key comment" to distinguish the other key.
"Key passphrase" and "Confirm passphrase" are used to encrypt key on the hard disk, as
You're on your own. You can make them empty by using a machine to feel safe and secure. Then save two key.
Don't turn off the Puttygen, it still works.

5. Transport public key to remote system
Create a directory ". SSH" in the remote system's own directory, and then enter the directory to create a new file Authorized_keys
, and then paste the "public key for pasting into Authorized_keys file" in Puttygen
In this file of Authorized_keys. Then execute the following command:
chmod $HOME/.ssh
chmod $HOME/.ssh/authorized_keys
chmod g-w $HOME $HOME/.ssh $HOME/.ssh/authorized_keys

6. Test
Execute Putty, establish a session named SSH, set IP, protocol set to ssh,connection set SSH
In Auth, the private key file is selected as the key generated by the Puttygen.

After the connection begins, require input username, the remote system starts public key authentication, if the key has passphrase
You need to enter, or you will be logged in directly.

7. Notes
If the server side is using an older version of OpenSSH or www.ssh.com products, then Authorized_keys
The setting is different, the specific look at the manual, I will not elaborate here.

The first time to write such things, mistakes are unavoidable, please correct me.

---------------------------------------------------------------------------------------------

Dennis2 works (added to the above):

1. If private key is passphrase with a secret, it can run Pageant.exe. After running, a hat icon will appear inside the system tray. Double-click the icon to have a dialog box appear. But click Add Key, then select the secret Private key, after clicking Open, there will be another dialog box asking you to passphrase this private key. When you enter passphrase and click OK, the key message appears in the first dialog box, indicating that the key has been added.

It's not finished yet. Open Putty,load to use this key session, then in the left-hand menu, select Connection, and then on the right side of the Auto-login username fill in your username, in connection->ssh-> Auth->private key file for authentication, fill in the Private key files above (this step is the same as the 6th step of Careless). Then go back to the session and save the changes. Thereafter, this session will not prompt for password or passphrase, including psftp.

2. If you still want to SSH from this machine (careless post RedHat72) to other sshd machines (for example, you ssh to the firewall and then SSH to the machine behind the firewall), the connection->ssh-> mentioned above Auth inside will Allow agent forwarding (don't forget to save session), so that from the RedHat ssh to other machines also do not need to enter password or passphrase. Of course, the public key also needs to be copied to the $HOME/.ssh/authorized_keys of other machines. After making the above changes, it seems that you want to restart pageant.

This article stems from I want to download the original link: http://www.ayxz.com/info/314.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.