Xshell key authentication
The SSH service supports a security authentication mechanism, that is, key authentication. The so-called key authentication, is actually using a pair of cryptographic strings, a public key (PublicKey), anyone can see its content for encryption, and the other is called the key (Privatekey), only the owner can see, for decryption. Ciphertext encrypted with a public key can be easily decrypted using a key, but it is difficult to guess the key based on the public key. SSH's key authentication is the use of this feature. Both the server and the client each have their own public key and key. How do I log on to a Linux server using key authentication?
1. Generate a key pair
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312115_229.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> 650) this.width=650; src=" http://oqjg6c4c1.bkt.clouddn.com/201705312115 _576.png "style=" Border-style:none;background-color:rgb (255,255,255); "/> 650" this.width=650; "src=" http:// Oqjg6c4c1.bkt.clouddn.com/201705312115_211.png "style=" Border-style:none;background-color:rgb (255,255,255); "/ > 650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312117_863.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> 650) this.width=650; src=" http://oqjg6c4c1.bkt.clouddn.com/201705312118 _295.png "style=" Border-style:none;background-color:rgb (255,255,255); "/>
2. Save the public key to server 1. New Folder/.ssh
Mkdir/root/.ssh
2. Modify/.ssh folder permissions
chmod 700/root/.ssh
3. Copy the public key to the Authorized_keys file in the folder
Vi/root/.ssh/authorized_keys
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312125_509.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
4. Turn off the SELinux firewall
If SELinux is not turned off, logging in with the key will prompt "Server refused our key"
Setenforce 0
This is just a temporary command line to turn off SELinux and SELinux will open the next time you restart Linux.
How to permanently turn off the SELinux firewall: Modify "Selinux=enforcing" in the/etc/selinux/config file to "selinux=disabled" and save exit
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705311825_252.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
3. Verify that the success is set to 1. Set the private key for the current session
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312129_981.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
2. Change the method in user authentication to public key
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312130_418.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
3. Select the private key that you just generated and saved automatically
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312131_270.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
4. Enter the password you just generated for the key pair
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312132_345.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>
5. Confirm Login
650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312133_945.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> If you can log in automatically, then the key authentication settings are successful!
This article is from the "Linux Road" blog, make sure to keep this source http://allin28.blog.51cto.com/12931477/1931127
Xshell key authentication