A machine (SSH connection initiator, i.e. client):
Add a test user AAA
The code is as follows:
Su becomes AAA
The code is as follows:
[Root@a ~]# SU-AAA
[Aaa@a ~]$
Ssh-keygen Create an RSA key pair
The code is as follows:
[Aaa@a ~]$ ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/home/aaa/.ssh/id_rsa): Where to save the keys file
Created directory '/home/aaa/.ssh '. Default key file storage directory
Enter passphrase (empty for no passphrase): password protection for key files
Enter same Passphrase again:
Your identification has been saved In/home/aaa/.ssh/id_rsa. The generated private key
Your public key has been saved in/home/aaa/.ssh/id_rsa.pub. The generated public key
The key fingerprint is:
81:d7:de:e7:cb:7c:4e:16:d6:76:da:9d:30:25:76:09 aaa@A.test.com
The code is as follows:
Total 32K
DRWX------3 AAA 4.0K SEP 17 16:09.
Drwxr-xr-x 4 root 4.0K Sep 17 16:09.
-rw-r--r--1 AAA 304 Sep 16:09. bash_logout
-rw-r--r--1 AAA 191 Sep 16:09. Bash_profile
-rw-r--r--1 AAA 124 Sep 16:09. BASHRC
-rw-r--r--1 AAA 383 Sep 16:09. Emacs
DRWX------2 AAA AAA 4.0K Sep 16:09. SSH directory default permissions are 700
Note The default permission for the generated private key file is the RW-------, which is 600 (make sure others cannot view it)
The code is as follows:
Total 16K
DRWX------2 AAA 4.0K SEP 17 16:09.
DRWX------3 AAA 4.0K SEP 17 16:09.
-RW-------1 AAA 951 Sep 16:09 id_rsa private key file
-rw-r--r--1 AAA 231 SEP 16:09 id_rsa.pub Public key file
b Machine (SSH connected side, that is, the service side):
Add BBB User
The code is as follows:
Su into BBB
Create an. SSH directory manually in the home directory (if you don't use the Ssh-keygen tool)
[Bbb@b ~]$ mkdir. SSH
[Bbb@b ~]$ Ls-al
Total 28
DRWX------3 bbb bbb 4096 Sep 17 16:52.
Drwxr-xr-x 4 root 4096 Sep 17 16:52.
-rw-r--r--1 BBB BBB 304 Sep 16:52. bash_logout
-rw-r--r--1 BBB BBB 191 Sep 16:52. Bash_profile
-rw-r--r--1 bbb BBB 124 Sep 16:52. BASHRC
Drwxrwxr-x 2 bbb bbb 4096 Sep 16:52. SSH
Permission to modify. SSH Directory is 700 (very important!) )
[Bbb@b ~]$ chmod-SSH
[Bbb@b ~]$ Ls-al
Total 28
DRWX------3 bbb bbb 4096 Sep 17 16:52.
Drwxr-xr-x 4 root 4096 Sep 17 16:52.
-rw-r--r--1 BBB BBB 304 Sep 16:52. bash_logout
-rw-r--r--1 BBB BBB 191 Sep 16:52. Bash_profile
-rw-r--r--1 bbb BBB 124 Sep 16:52. BASHRC
DRWX------2 bbb bbb 4096 Sep 16:52. SSH Confirmation permission is 700
Create the Authorized_keys file in the. SSH directory and write the public key (id_rsa.pub) content of the AAA user on a machine to this file (Critical action!). )
[Bbb@b ~]$ CD. ssh/
[Bbb@b. ssh]$ VI Authorized_keys
Paste AAA id_rsa.pub content in
The right to modify Authorized_keys is 400 (very important!) )
[Bbb@b. ssh]$ chmod Authorized_keys
[Bbb@b. ssh]$ ls-l Authorized_keys
-R--------1 bbb BBB 231 Sep 16:53 Authorized_keys confirm permission is 400
Configuration ended.
Test: From a machine, under AAA user, use BBB account to log into B machine.
[Aaa@a ~]$ ssh-l BBB xxx.xxx.xxx.xxx
Enter passphrase for key '/home/aaa/.ssh/id_rsa ': Prompts for the private key protection password (the password that was lost when the key pair was created, entered correctly and entered the system)
[Bbb@b ~]$
The key point of security is how to securely deliver id_rsa.pub content to the server
Test complete, clean system (delete test user account and home directory)
On a machine, exit to root
[Root@a ~]# Userdel-r AAA
On the B machine, exit to root.
[Root@b ~]# userdel-r BBB
Solution of PS:SSH Connection automatic disconnection problem
With PUTTY/SECURECRT for 3 minutes or so without input, automatically disconnect, and then have to land again, very troublesome.
A lot of information on the Internet, found that there are a variety of reasons, environmental variables tmout caused, Clientalivecountmax and clientaliveinterval set up problems or even firewall settings. So you can try this:
1, Echo $TMOUT
If blank is displayed, it means no setting, equal to the default value of 0, which should normally not be timed out. If greater than 0, you can set it to 0 in a file such as/etc/profile.
Definition:TMOUT:If set to a value greater than zero, the ' value is interpreted as the ' number of seconds to wait for Inpu T after issuing the primary prompt. Bash terminates after waiting for this number of seconds if input does not arrive.
2. Clientaliveinterval 60
Add Clientaliveinterval in/etc/ssh/sshd_config, clientaliveinterval specifies the server-side time interval for requesting messages from the client, which defaults to 0. Do not send. and clientaliveinterval 60 means to send every minute, then the client responds, so that the long connection is maintained. Here is the strange place is: not the client initiates to maintain the connection request (like Fterm, cterm, etc.), but needs the server first initiative.
In addition, as for Clientalivecountmax, the default value of 3 can be used. Clientalivecountmax indicates that the number of times the client does not respond after a request has reached a certain value and is automatically disconnected. Under normal circumstances, the client will not be unresponsive.
3. Enable Putty KeepAlive
Putty-> Connection-> Seconds between keepalives (0 to turn off), defaults to 0, and 60.
4.SecureCRT Set Anti Idle
Option->session Option->terminal->anti-idle->send Protocol No-op every__seconds
Send an empty string every few seconds keep the link open