Xshell key authentication

Xshell key authentication

The SSH service supports a security authentication mechanism, that is, key authentication. The so-called key authentication, is actually using a pair of cryptographic strings, a public key (PublicKey), anyone can see its content for encryption, and the other is called the key (Privatekey), only the owner can see, for decryption. Ciphertext encrypted with a public key can be easily decrypted using a key, but it is difficult to guess the key based on the public key. SSH's key authentication is the use of this feature. Both the server and the client each have their own public key and key. How do I log on to a Linux server using key authentication?

1. Generate a key pair

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312115_229.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> 650) this.width=650; src=" http://oqjg6c4c1.bkt.clouddn.com/201705312115 _576.png "style=" Border-style:none;background-color:rgb (255,255,255); "/> 650" this.width=650; "src=" http:// Oqjg6c4c1.bkt.clouddn.com/201705312115_211.png "style=" Border-style:none;background-color:rgb (255,255,255); "/ > 650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312117_863.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> 650) this.width=650; src=" http://oqjg6c4c1.bkt.clouddn.com/201705312118 _295.png "style=" Border-style:none;background-color:rgb (255,255,255); "/>

2. Save the public key to server 1. New Folder/.ssh

Mkdir/root/.ssh

2. Modify/.ssh folder permissions

chmod 700/root/.ssh

3. Copy the public key to the Authorized_keys file in the folder

Vi/root/.ssh/authorized_keys

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312125_509.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

4. Turn off the SELinux firewall

If SELinux is not turned off, logging in with the key will prompt "Server refused our key"

Setenforce 0

This is just a temporary command line to turn off SELinux and SELinux will open the next time you restart Linux.

How to permanently turn off the SELinux firewall: Modify "Selinux=enforcing" in the/etc/selinux/config file to "selinux=disabled" and save exit

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705311825_252.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

3. Verify that the success is set to 1. Set the private key for the current session

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312129_981.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

2. Change the method in user authentication to public key

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312130_418.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

3. Select the private key that you just generated and saved automatically

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312131_270.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

4. Enter the password you just generated for the key pair

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312132_345.png "style=" border-style:none; Background-color:rgb (255,255,255); "/>

5. Confirm Login

650) this.width=650; "src=" Http://oqjg6c4c1.bkt.clouddn.com/201705312133_945.png "style=" border-style:none; Background-color:rgb (255,255,255); "/> If you can log in automatically, then the key authentication settings are successful!

This article is from the "Linux Road" blog, make sure to keep this source http://allin28.blog.51cto.com/12931477/1931127

Xshell key authentication