What is Public Key authentication? This is a authentication method, similar to common user name and password authentication methods. The difference is that a long and long encryption key needs to be retained on the client machine, and the corresponding configuration needs to be made on the server side. When the client wants to access the server, the server checks its configuration and identifies the client based on the user name provided by the client. To put it bluntly, it implements password-free access and provides security measures.
The authentication process briefly indicates that the Public key can only be used to encrypt the data, and the Private key can only decrypt the data encrypted by the matching Public key. We place the Public key in the appropriate location of the remote system, and then start the local ssh connection. In this case, the remote sshd generates a random number and encrypts it with the generated Public key and sends it to the local device. The local device decrypts the random number and sends it back to the remote system. Finally, the remote system's sshd will conclude that we have a matched Private key that allows us to log on.
Client configuration 1. Log On with the client user, and then run the command "ssh-keygen-t dsa" to generate the Public Key and Private Key, for example:
[Root @ someserver ~] # Ssh-keygen-t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/. ssh/id_dsa):/root/. ssh/id_dsa
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/root/. ssh/id_dsa.
Your public key has been saved in/root/. ssh/id_dsa.pub.
The key fingerprint is:
Blah: blah root @ someserver
Ii. Set permissions
Chmod 700 ~ /. Ssh
Chmod 600 ~ /. Ssh/id_rsa
Chmod 644 ~ /. Ssh/id_rsa.pub
Server Configuration 1. Find the sshd_config file in the directory/etc/or/etc/ssh/or/etc/conf. d/and open it in the vi editor.
2. Enable RSAAuthentication and PubkeyAuthentication, and specify the location of the authorized_keys file at the same time. The settings are as follows:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile ~ /. Ssh/authorized_keys
3. Update and save the sshd_config file, run the command "service sshd restart" to restart the service, different versions of Linux service Startup Mode see: http://theos.in/desktop-linux/tip-that-matters/how-do-i-restart-linux-network-service/
4. The above three steps only enable the password-free authentication function. To make this function take effect, you must configure the Public Key generated by the client to the authorized_keys file of the server. Copy the previously generated id_rsa.pub file from the client to authorized_keys. If there are multiple clients, copy the Public Key generated by each client. Note the line feed and one client line.
Test 1. log on to the client, run the command "ssh username @ servername", and run the command "ssh-vvv-o PreferredAuthentications = publickey username @ servername" to force the Public Key verification method.
2. To test SFTP, run the "sftp username @ servername" command"
Note: The owner and group of the ssh directory use the current user and user group.
Keep the. ssh directory 700
The authorized_keys permission is 644.
The id_rsa permission is 600.
The id_rsa.pub permission is 644.
Check that the user's $ HOME directory permission must be 755
Reference http://tutorialgenius.blogspot.hk/2012/02/unixlinux-setting-up-public-key.html
Http://blog.csdn.net/goalking019/article/details/4925696
Http://www.comodo.com/resources/small-business/digital-certificates2.php