Ssh connection to linux server without authentication

SecureCRT key remote login to Linux

Benefits of key-based logon in Linux

The SSH public key encryption method prevents the other party from remotely logging on to the system through ssh even if the other party intercepts the account and password. This greatly enhances the security of remote logon.

OS: Centos 6.4

SSH tool: SecureCRT 5.1.3

Step 1: Open the SecureCRT connection,

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q24963-0.png "title =" 1.png" alt = "113125132.png"/>

Step 2: select the third icon from the Left to create a new session.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q24540-1.png "style =" float: none; "title =" 2.png" alt = "113144952.png"/>

Step 3: The default SSH2 option. Now we are using the second version of the SSH service. Then add our ip address to the host name. Here, our ip address is 10.0.0.122 and the port is the port of the ssh service. Here we select the default 22, and the firewall is generally unavailable, users who want to log on to linux with the user name are added. Generally, the system is optimized by default and the root user is not allowed to log on remotely.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q2IB-2.png "style =" float: none; "title =" 3.png" alt = "113146233.png"/>

Step 4: After completing the preceding operations, an interface will pop up. If you do not want to fill in the description here, click Finish. In this way, a new session is created to log on to the Linux system using the CRT tool.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q24549-3.png "style =" float: none; "title =" 4.png" alt = "113148265.png"/>

Step 5: after the session is generated, do not worry about it. On the main interface of the tool, select "tool", select "Create public key" from the drop-down session, and click "Next ".

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q22A0-4.png "style =" float: none; "title =" 5.png" alt = "113150713.png"/>

Step 6: Select "Next" to bring up the next session interface. We select the RSA key encryption mode. Now SSH2 supports RSA and DSA encryption modes. Only RSA is in the form of letter encryption, while DSA is in the form of certificate encryption. Okay. Here we choose RSA. Click Next.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q2IQ-5.png "style =" float: none; "title =" 6.png" alt = "113152997.png"/>

Step 7: Enter the set pass phrase interface, which is similar to our user logon password. Here I set it to csp! @ 123, the following description is a prompt. After entering the information, click Next.

Step 8: select the key length. The key production time is short, and the longer the length, the better the confidentiality, so we can set the maximum 2048. It will not take much time anyway. Select to complete the next step:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q262E-6.png "style =" float: none; "title =" 8.png" alt = "113155595.png"/>

Step 9: This step is to generate a public key. It is worth noting that it is best to hover your mouse over it. Otherwise, the production will be slow and it will be faster. After production, click Next.

Step 10: select the storage location of our public key. Here, we should select a conspicuous location, and we 'd better change its name to facilitate our identification. Okay, select the location, change the location, and click Finish.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q245M-7.png "style =" float: none; "title =" 10.png" alt = "113159207.png"/>

Step 2: A dialog box is displayed to check whether global variables are selected. Here we choose no. If yes, it means that all the machines we CRT need to log on to are key logins, and the default Key address is the place where we create the key. Obviously, for the purpose of our test, we should choose whether or not. If it is a big deal, we will set it again.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q23b1-8.png "style =" float: none; "title =" 11.png" alt = "113201324.png"/>

Step 2: use ftp or other upload tools to upload the CRT_to_linux_for_ila.pub public key we have produced to the system, and convert the public key in SSH2 compatible format to the Public Key format that openssh can recognize, the converted file name is authorized_keys, which is the ssh public key file. Then, put the new public key file in the/etc/. ssh directory. The command is as follows:

[Root @ csp6 ~] # Ssh-keygen-I-f CRT_to_linux_for_ila.pub> authorized_keys

[Root @ csp6 ~] # Mv authorized_keys/root/. ssh/

[Root @ csp6 ~] # Chmod 600/root/. ssh/authorized_keys. This step is also critical, and the file is changed to 600 permissions, which makes it safer. And you need to set it like this. By the way, you must set the directory permission of. ssh to 700. Otherwise, our key logon is estimated to fail.

Step 2: Go to the configuration file area and modify it. Just Insert the following statement.

[Root @ csp6 ~] # Vi/etc/ssh/ssh_config

RSAAuthentication yes

PubkeyAuthentication yesEnable PublicKey Authentication

AuthorizedKeysFile. ssh/authorized_keys Pub file path lickey

PasswordAuthentication no password verification prohibited Login

Step 2: restart the ssh service in linux

[Root @ csp6 ~] # Service sshd restart

Stoppingsshd: [OK]

Startingsshd: [OK]

Step 2: Right-click the newly created session 10.0.0.122 and select the properties page to go to the page we want to configure. Because we didn't select the global variable settings when creating the public key, we need to select the session for key logon here to set it separately .)

Click SSH2 and click "Public Key" in the session on the right of the figure. Then, the attribute on the right of the public key can be clicked. Click properties to enter the page.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q25357-9.png "style =" float: none; "title =" 12.png" alt = "113203535.png"/>

Step 2: Select to use the session public key settings. When using the identity or certificate file, we used the CRT tool to generate a pair of files without the. pub extension in the key pair. Click OK.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q261H-10.png "style =" float: none; "title =" 13.png" alt = "113206101.png"/>

Step 2: Log On again with the CRT. If the key pair is successful, we will enter the phrase set in advance, which is similar to the password. Okay, Let's enter the same phrase csp we set before! @ 123. Click OK. If the logon succeeds, an error is returned.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q231C-11.png "style =" float: none; "title =" 14.png" alt = "113208107.png"/>

Note:

After successfully logging on with the CRT password, for example, if we have opened multiple sessions at the same time, all others are logged on with the password. Our 122 machine logged on with the key and we exited the session, but we didn't exit the CRT tool, so when we re-log on to the 122 system, we will log on successfully by default without entering anything. This poses a security risk, so we 'd better disable the CRT tool when we don't need it, in this way, when we re-open the CRT and re-log on to the 122 PC, we need to re-enter the passage phrase.

We used the CRT public key generation tool to generate two files, one. pub extension files. pub extension file. the file with the pub extension is the public key. the file with the pub extension is the private key. The relationship between the public key and the private key is the relationship between the lock and the key. We sent the lock to the machine 122, that is, the lock to the computer 122. Then we can use the private key file without the. pub extension in our hands, that is, we can use the key in our hands to open the 122 lock on this computer to log on to the system. We can remove it. copy files with the pub extension to our USB flash drive, so that we can access the server through key files on other computers. If you want to ensure security, just put the key on the USB flash drive. Every time you log on to the USB flash drive, you will not be able to access the server on this computer.

If you want to log on both the public key and the account and password, but the priority is the key, you must first disable account and password logon in the operating system configuration file, use the CRT tool to prioritize key logon. Note that there is an obvious up and down arrow on the left of the attribute. we can select the public key, and click the up arrow on the right of the public key to pin it to the top, and then place the password in the second place.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/225Q230V-12.png "style =" float: none; "title =" 15.png" alt = "113210603.png"/>

This article from the "Liu yalei" blog, please be sure to keep this source http://liuyalei.blog.51cto.com/7767729/1303737