Use SSH key to authenticate and resolve automatic disconnection problem when connecting Linux server

Source: Internet
Author: User
Tags chmod time interval ssh password protection

A machine (SSH connection initiator, i.e. client):
Add a test user AAA

The code is as follows:

[Root@a ~]# Useradd AAA

Su becomes AAA

The code is as follows:

[Root@a ~]# SU-AAA
[Aaa@a ~]$

Ssh-keygen Create an RSA key pair

The code is as follows:

[Aaa@a ~]$ ssh-keygen-t RSA

Generating public/private RSA key pair.
Enter file in which to save the key (/home/aaa/.ssh/id_rsa): Where to save the keys file
Created directory '/home/aaa/.ssh '. Default key file storage directory
Enter passphrase (empty for no passphrase): password protection for key files
Enter same Passphrase again:
Your identification has been saved In/home/aaa/.ssh/id_rsa. The generated private key
Your public key has been saved in/home/aaa/.ssh/id_rsa.pub. The generated public key
The key fingerprint is:
81:d7:de:e7:cb:7c:4e:16:d6:76:da:9d:30:25:76:09 aaa@A.test.com

The code is as follows:

[Aaa@a ~]$ LL

Total 32K
DRWX------3 AAA 4.0K SEP 17 16:09.
Drwxr-xr-x 4 root 4.0K Sep 17 16:09.
-rw-r--r--1 AAA 304 Sep 16:09. bash_logout
-rw-r--r--1 AAA 191 Sep 16:09. Bash_profile
-rw-r--r--1 AAA 124 Sep 16:09. BASHRC
-rw-r--r--1 AAA 383 Sep 16:09. Emacs
DRWX------2 AAA AAA 4.0K Sep 16:09. SSH directory default permissions are 700

Note The default permission for the generated private key file is the RW-------, which is 600 (make sure others cannot view it)

The code is as follows:

[Aaa@a ~]$ LL. ssh/

Total 16K
DRWX------2 AAA 4.0K SEP 17 16:09.
DRWX------3 AAA 4.0K SEP 17 16:09.
-RW-------1 AAA 951 Sep 16:09 id_rsa private key file
-rw-r--r--1 AAA 231 SEP 16:09 id_rsa.pub Public key file

b Machine (SSH connected side, that is, the service side):

Add BBB User

The code is as follows:

[Root@b ~]# useradd BBB

Su into BBB

The code is as follows:
[Root@b ~]# SU-BBB

Create an. SSH directory manually in the home directory (if you don't use the Ssh-keygen tool)

The code is as follows:
[Bbb@b ~]$ mkdir. SSH
[Bbb@b ~]$ Ls-al

Total 28
DRWX------3 bbb bbb 4096 Sep 17 16:52.
Drwxr-xr-x 4 root 4096 Sep 17 16:52.
-rw-r--r--1 BBB BBB 304 Sep 16:52. bash_logout
-rw-r--r--1 BBB BBB 191 Sep 16:52. Bash_profile
-rw-r--r--1 bbb BBB 124 Sep 16:52. BASHRC
Drwxrwxr-x 2 bbb bbb 4096 Sep 16:52. SSH
Permission to modify. SSH Directory is 700 (very important!) )

The code is as follows:
[Bbb@b ~]$ chmod-SSH
[Bbb@b ~]$ Ls-al

Total 28
DRWX------3 bbb bbb 4096 Sep 17 16:52.
Drwxr-xr-x 4 root 4096 Sep 17 16:52.
-rw-r--r--1 BBB BBB 304 Sep 16:52. bash_logout
-rw-r--r--1 BBB BBB 191 Sep 16:52. Bash_profile
-rw-r--r--1 bbb BBB 124 Sep 16:52. BASHRC
DRWX------2 bbb bbb 4096 Sep 16:52. SSH Confirmation permission is 700
Create the Authorized_keys file in the. SSH directory and write the public key (id_rsa.pub) content of the AAA user on a machine to this file (Critical action!). )

The code is as follows:
[Bbb@b ~]$ CD. ssh/
[Bbb@b. ssh]$ VI Authorized_keys

Paste AAA id_rsa.pub content in
The right to modify Authorized_keys is 400 (very important!) )

The code is as follows:
[Bbb@b. ssh]$ chmod Authorized_keys
[Bbb@b. ssh]$ ls-l Authorized_keys
-R--------1 bbb BBB 231 Sep 16:53 Authorized_keys confirm permission is 400

Configuration ended.

Test: From a machine, under AAA user, use BBB account to log into B machine.

The code is as follows:
[Aaa@a ~]$ ssh-l BBB xxx.xxx.xxx.xxx
Enter passphrase for key '/home/aaa/.ssh/id_rsa ': Prompts for the private key protection password (the password that was lost when the key pair was created, entered correctly and entered the system)
[Bbb@b ~]$

The key point of security is how to securely deliver id_rsa.pub content to the server
Test complete, clean system (delete test user account and home directory)
On a machine, exit to root

The code is as follows:
[Root@a ~]# Userdel-r AAA

On the B machine, exit to root.

The code is as follows:
[Root@b ~]# userdel-r BBB

Solution of PS:SSH Connection automatic disconnection problem
With PUTTY/SECURECRT for 3 minutes or so without input, automatically disconnect, and then have to land again, very troublesome.
A lot of information on the Internet, found that there are a variety of reasons, environmental variables tmout caused, Clientalivecountmax and clientaliveinterval set up problems or even firewall settings. So you can try this:
1, Echo $TMOUT
If blank is displayed, it means no setting, equal to the default value of 0, which should normally not be timed out. If greater than 0, you can set it to 0 in a file such as/etc/profile.
Definition:TMOUT:If set to a value greater than zero, the ' value is interpreted as the ' number of seconds to wait for Inpu T after issuing the primary prompt. Bash terminates after waiting for this number of seconds if input does not arrive.

2. Clientaliveinterval 60
Add Clientaliveinterval in/etc/ssh/sshd_config, clientaliveinterval specifies the server-side time interval for requesting messages from the client, which defaults to 0. Do not send. and clientaliveinterval 60 means to send every minute, then the client responds, so that the long connection is maintained. Here is the strange place is: not the client initiates to maintain the connection request (like Fterm, cterm, etc.), but needs the server first initiative.
In addition, as for Clientalivecountmax, the default value of 3 can be used. Clientalivecountmax indicates that the number of times the client does not respond after a request has reached a certain value and is automatically disconnected. Under normal circumstances, the client will not be unresponsive.
3. Enable Putty KeepAlive

The code is as follows:
Putty-> Connection-> Seconds between keepalives (0 to turn off), defaults to 0, and 60.

4.SecureCRT Set Anti Idle

The code is as follows:
Option->session Option->terminal->anti-idle->send Protocol No-op every__seconds

Send an empty string every few seconds keep the link open

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.