SSH key-based logon and password-disabled logon practices

SSH key-based logon and password-disabled logon practices

 

Preface

Whether it's a personal VPS or a server that enterprises allow access to the public network, if the SSH password authentication method for port 22 is enabled, it may also happen frequently when it is cracked by many hackers. Enterprises can use firewalls for restrictions. Common users may also use ports 22, weak passwords, and other protection methods, however, the current relatively safe and simple solution is to enable SSH to log on with a key and disable Password Logon.

This is the most secure login management method.

 

Generate PublicKey

We recommend that you set and keep in mind the passphrase phrase. Take Linux as an example.

Linux: ssh-keygen-t rsa

[Private key (id_rsa) and Public Key (id_Rsa. pub)]

Windows: SecurCRT/Xshell/PuTTY

[SSH-2 RSA 2048]

1. # Generate an SSH key pair
2. ssh-keygen -t rsa
3. Generatingpublic/private rsa key pair.
4. # We recommend that you press enter to use the default path.
5. Enter file in which to save the key (/root/.ssh/id_rsa):
6. # Enter the password phrase (if left blank, press Enter)
7. Enter passphrase (empty forno passphrase):
8. # Repeated password phrase
9. Enter same passphrase again:
10. Your identification has been saved in/root/.ssh/id_rsa.
11. Yourpublic key has been saved in/root/.ssh/id_rsa.pub.
12. The key fingerprint is:
13. aa:8b:61:13:38:ad:b5:49:ca:51:45:b9:77:e1:97:e1 root@localhost.localdomain
14. The key's randomart image is:
15. +--[ RSA 2048]----+
16. | .o. |
17. | .. . . |
18. | . . . o o |
19. | o. . . o E |
20. |o.= . S . |
21. |.*.+ . |
22. |o.* . |
23. | . + . |
24. | . o. |
25. +-----------------+

 

Copy key pair

You can also manually create a directory and authorized_keys on the client.

1. # Copy the public key to the server without a password. If port 22 is changed, run the following command:
2. #ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 10022 user@server"
3. ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.15.241

 

Modify the SSH configuration file

1. # Edit the sshd_config file
2. vi /etc/ssh/sshd_config
3. # Disable password verification
4. PasswordAuthenticationno
5. # Enable key verification
6. RSAAuthentication yes
7. PubkeyAuthentication yes
8. # Specify the public key database file
9. AuthorsizedKeysFile.ssh/authorized_keys

We recommend that you keep one more session before restarting the SSH service.

1. # RHEL/CentOS System
2. service sshd restart
3. # Ubuntu System
4. service ssh restart
5. # Debian system
6. /etc/init.d/ssh restart

 

Manually add management users

You can add the user annotation mark after = to facilitate management.

1. echo 'ssh-rsa XXXX'>>/root/.ssh/authorized_keys
2. # Review
3. cat /root/.ssh/authorized_keys

SSH service remote access to Linux Server login is slow

How to Improve the SSH login authentication speed of Ubuntu

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

How to add dual authentication for SSH in Linux

Configure the SFTP environment for non-SSH users in Linux

Configure and manage the SSH service on Linux

Basic SSH tutorial

SSH password-free logon details

This article permanently updates the link address: