Set SSH to password-free login to Linux server via key

Every time you log in to Linux need to enter a large number of passwords (sometimes wait a long time to enter the password, the article finally has a solution), password set too short, security is not high, long hard to remember and input trouble.
Using a key to log in can not only eliminate the steps of password entry, but also improve the security of the server.

1. Generate the key

Execute ssh-keygen-t RSA

[[email protected] ~]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): <== Set key name, enter directly with default name
Enter passphrase (empty for no passphrase): <== set the password for the key, empty for not set
Enter same passphrase again: <== Enter the password for the key again
Your identification has been saved in/root/.ssh/id_rsa.<== private key
Your public key have been saved in/root/.ssh/id_rsa.pub.<== key
The key fingerprint is:
27:d9:f9:a1:c2:d0:c7:39:86:0f:58:53:ae:64:c7:f5 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| .    . |
| + .   . |
| = + E |
| * o O |
|    o S X. |
|   o B +. |
|    o O. |
|       . |
| |
+-----------------+

2. Copy the key to the remote host

1) copy using the Ssh-copy-id command

Execute ssh-copy-id-i. ssh/id_rsa.pub [email protected] remote host name or IP

[Email protected] ~]# ssh-copy-id-i ssh/id_rsa.pub [email protected]
The authenticity of host ' 192.168.1.2 (192.168.1.2) ' can ' t be established.
RSA key fingerprint is 68:94:ee:45:f8:58:6f:1c:e9:c6:4c:5b:11:bc:50:e6.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 192.168.1.2 ' (RSA) to the list of known hosts.
[email protected] ' s password:
Now try logging to the machine, with "ssh" [email protected] ' ", and check in:

. Ssh/authorized_keys

To make sure we haven ' t added extra keys so you weren ' t expecting.

Ssh-copy-id will automatically set the appropriate permissions for. SSH, and. Ssh/authorized_keys in the remote host user home directory.

2) copy using SCP command

You can also use the SCP command to copy the file id_rsa.pub to the remote host, you need to set the appropriate file and directory permissions

Executing on the remote host
CD ~
mkdir. SSH
chmod. SSH
CD. SSH
SCP [Email protected]:~/.ssh/id_rsa.pub authorized_keys
chmod Authorized_keys

3. Log in to the remote host

1) Log in directly to the remote host

Execute SSH 192.168.1.2
[[email protected] ~]# ssh 192.168.1.2
Last Login:sun Apr 17:03:39 from 192.168.1.1
[Email protected] ~]#

2) Log in to the remote host using putty

Run Puttygen

650) this.width=650; "title=" 1.png "alt=" wkiol1j-tpnysiovaac_rn-ahjs798.png-wh_50 "src=" https://s5.51cto.com/ Wyfs02/m02/92/56/wkiol1j-tpnysiovaac_rn-ahjs798.png-wh_500x0-wm_3-wmp_4-s_890857596.png "/>

Click [Load] to open the private key file Id_rsa

Click [Save private key] to save

Run putty, enter the remote host IP

650) this.width=650; "title=" 2.png "alt=" wkiom1j-tgfqlkldaacsixpbvaq025.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m02/92/57/wkiom1j-tgfqlkldaacsixpbvaq025.png-wh_500x0-wm_3-wmp_4-s_1672185769.png "/>

Click [Ssh->auth] in the left tree menu to enter the private key file you just saved

650) this.width=650; "title=" 3.png "alt=" wkiol1j-tvjhscj7aac7ilqwtqq202.png-wh_50 "src=" https://s3.51cto.com/ Wyfs02/m00/92/57/wkiol1j-tvjhscj7aac7ilqwtqq202.png-wh_500x0-wm_3-wmp_4-s_2230177962.png "/>

Click [Connection->data] in the tree menu to enter the username root of the remote host

650) this.width=650; "title=" 4.png "alt=" wkiom1j-t5arwlcgaacrujsn5fg245.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m02/92/57/wkiom1j-t5arwlcgaacrujsn5fg245.png-wh_500x0-wm_3-wmp_4-s_3292294740.png "/>

Click [Session] in the tree menu and fill in the space below the host Name (or IP address) with the IP and port number of the remote host,

In saved sessions to give a name to the remote host, click [Save] to save, convenient next use.

650) this.width=650; "title=" 5.png "alt=" wkiom1j-uczqqdagaaclbhewygg271.png-wh_50 "src=" https://s4.51cto.com/ Wyfs02/m02/92/58/wkiom1j-uczqqdagaaclbhewygg271.png-wh_500x0-wm_3-wmp_4-s_1748397488.png "/>

The last point [Open] can be landed.

4. Turn off password verification login

After you turn off password verification, you will not be able to login with a password, which greatly improves the security of the server

To operate on a remote server:
Vi/etc/ssh/sshd_config

Locate passwordauthentication to change its value to No
Passwordauthentication No

Restart SSH service after saving
Service sshd Restart

SSH Landing is a slow solution:

Just modify the two parameters in the Sshd_config

Vi/etc/ssh/sshd_config

1. Disabling DNS reverse resolution
Found it
Usedns
Change into
Usedns No

2. Disable user authentication for GSSAPI
GSSAPI is enabled on the server side. When landing the client needs to the server side of the IP address of the anti-resolution, if the server's IP address is not configured PTR record, then it is easy to get stuck here.

Find Gssapiauthentication
Change into
Gssapiauthentication No

Restart SSH service after saving
Service sshd Restart

Set SSH to password-free login to Linux server via key