SECURCECRT logging in to a Linux server by key mode

Here the use of key key method to log on to the Linux server, and the traditional password authentication method There are many aspects of the problem, such as brute force, password leakage, password forgetting and the complexity of the password is a large number of problems will bring a certain burden on operation and maintenance work, Using key authentication method can alleviate or solve the security problem of password authentication to some extent.

Experimental environment: 192.168.2.11 CentOS Release 6.4 (Final)

SECURECRT and Securefx 7.0 x86

1.Create a SSH2 key pair.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/FA/wKioL1SlS4fiW0zdAADU8sC2YW0959.jpg "title=" 1.png " alt= "Wkiol1sls4fiw0zdaadu8sc2yw0959.jpg"/>

2, key Generation Wizard, directly next.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/FA/wKioL1SlS7ShgJZpAAFUXR_DcvY036.jpg "title=" 2.png " alt= "Wkiol1sls7shgjzpaafuxr_dcvy036.jpg"/>

3. Using RSA key Type

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/FD/wKiom1SlSyCzrZTIAAD_ILsSMyE230.jpg "title=" 3.png " alt= "Wkiom1slsyczrztiaad_ilssmye230.jpg"/>

4. Generate a passphrase that protects the encryption key that is set.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/FA/wKioL1SlS_HhFHb5AAGDmuAgJ-s607.jpg "title=" 4.png " alt= "Wkiol1sls_hhfhb5aagdmuagj-s607.jpg"/>

5.Use the default bit encryption.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/FD/wKiom1SlS1-StCTRAAFML_gs8e4380.jpg "title=" 5.png " alt= "Wkiom1sls1-stctraafml_gs8e4380.jpg"/>

6. Generate the key.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/FD/wKiom1SlS4OTJHzXAAEQK99EBxU846.jpg "title=" 6.png " alt= "Wkiom1sls4otjhzxaaeqk99ebxu846.jpg"/>

7. Select the Save directory for the key.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/FD/wKiom1SlS8nwNjweAAGPvLFC88Q030.jpg "title=" 7.png " alt= "Wkiom1sls8nwnjweaagpvlfc88q030.jpg"/>

8, the name of identity.pub The key file is uploaded to the server and then imported into the authentication key file

[Email protected] ~]# ssh-keygen-i-F identity.pub >>/root/.ssh/authorized_keys

9, create a new SSH2 Connection, then select key authentication, and finally select the key file.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/57/FA/wKioL1SlTXbgYtB9AAFVgVUBcqM656.jpg "title=" 8.png " alt= "Wkiol1sltxbgytb9aafvgvubcqm656.jpg"/>

Enter the passphrase for the passphraseyou created earlier, and you can log in to the server.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/57/FA/wKioL1SlTZyxVjDHAAEtNoRoiBU794.jpg "title=" 9png.png "alt=" Wkiol1sltzyxvjdhaaetnoroibu794.jpg "/>

one, for the server more secure, now only allow login through the key authentication, do not accept password authentication.

[Email protected] ~]# vi/etc/ssh/sshd_configpubkeyauthentication Yes #启用Publickey认证AuthorizedKeys File. Ssh/authorized_keys #PubilcKey文件存放路径PasswordAuthentication no #不适用口令认证 [[Email Protect ED] ~]# service sshd restart #重启sshd服务Stopping sshd: [OK]starting sshd: [OK]

If you log in by password authentication, even if your password is correct, the server will also refuse to log in, as follows.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/57/FA/wKioL1SlTkKxPHBVAACTiHv1DO0625.jpg "title=" 10.png "alt=" Wkiol1sltkkxphbvaactihv1do0625.jpg "/>

only through the authentication method of the key will be accepted by the server.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/57/FA/wKioL1SlToaxZQTvAACFQfHJj9M579.jpg "title=" 11.png "alt=" Wkiol1sltoaxzqtvaacfqfhjj9m579.jpg "/>

This article is from the "operations, hello" blog, please be sure to keep this source http://denghaibin.blog.51cto.com/4128215/1598330

SECURCECRT logging in to a Linux server by key mode