I have been logging on to ssh through password and keyboard interaction on SecureCRT, but I have never tried it successfully. today I was inspired by an article, and I tried it on the virtual machine installed the other day. SecureCRT5.5.1 used by the client, and OpenSSH_4.6p1 installed by default on openSUSE10.3. First configure SecureCR
I have been logging on to ssh through password and keyboard interaction on SecureCRT, but I have never tried it successfully. today I was inspired by an article, and I tried it on the virtual machine installed the other day. SecureCRT5.5.1 used by the client, and OpenSSH_4.6p1 installed by default on openSUSE10.3.
First, configure the RSA Key on SecureCRT, open SecureCRT → Quick Connect → Authentiation → PublicKey → Properties → Create Identity File, and select RSA as the Key; Passphrase can be different from the password and any string; key length in is the encrypted length, which can be 512 to 2048 bits. in linux, you can configure 4096 bits. in the next step, you need to shake the mouse around the progress bar and select x: \ % USERPROFILE % Application DataVanDyke generates two files in the format of Openssh Key format. if the default Standard Public Key and VanDyke Private Key are selected, format conversion or compatibility problems may be required, public key Identity. pub and private key Identity.
Then, create a secret in the user directory that you want to use to log on to opensuse. ssh Directory. here I am lazy and run the ssh-keygen tool to create the local key. ssh directory and set appropriate directory permissions.
Lxuser @ suse10:/etc/ssh> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lxuser/. ssh/id_rsa ):
Created directory/home/lxuser/. ssh.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/lxuser/. ssh/id_rsa.
Your public key has been saved in/home/lxuser/. ssh/id_rsa.pub.
The key fingerprint is:
D8: 07: b9: d6: f9: 4d: 0c: e3: c7: 8c: 82: f4: a3: 20: 71: f4 lxuser @ suse10
Use sftp or other methods to set the public key Identity. pub upload to the created one. in the ssh Directory, change the file name to authorized_keys2, because the file authorized_keys is used, and the ssh version used is 2 (openSUSE only uses Protocol 2 by default ).
Lxuser @ suse10 :~ /. Ssh> mv Identity. pub authorized_keys2
To ensure security, modify the access permission of the file to ensure that no one except the owner can modify the file.
Lxuser @ suse10 :~ /. Ssh> chmod 600 authorized_keys2
>
Total? 16
-Rw ------- 1 lxuser users 234 11-02 authorized_keys2
-Rw ------- 1 lxuser users 1743 11-02 id_rsa
-Rw-r -- 1 lxuser users 395 11-02 19:23 id_rsa.pub
Return to SecureCRT, select only PublicKey at Quick Connect → Authentiation, set Properties, specify Use identity or certificate file as private key Identity, and Connect after confirmation, normally, you will be prompted to enter the previously set Passphrase. if it is successful, you will be logged on directly.
Last login: Fri Nov 2 20:38:21 2007 from printer.mshome.net
Have a lot of fun...
Now the task is basically successful. Now that the RSA feature of ssh has been successfully used, simply enable openssh to only support RSA authentication. Otherwise, it is meaningless to support both common passwords and RSA, and security is not improved at all. Modify the ssh_config configuration file
Lxuser @ suse10:/etc/ssh> vi ssh_config
Cancel password login verification
PasswordAuthentication no
Then restart the sshd service and try to use the keyboard and password for interactive login again, and the system prompts that the logon is unsuccessful. using PublicKey is much more convenient, saving the trouble of repeatedly entering the password, high security (but if the client host machine is not secure, the consequences will be ......).
Suse10:/etc/ssh # vi ssh_config
Suse10:/etc/ssh # rcsshd restart
Shutting down SSH daemon done
Starting SSH daemon done