Xshell Set key login, disable Administrator password login

Last Update:2015-03-10 Source: Internet

Author: User

Tags administrator password

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

As an OPS person, we must first ensure the security of the server. While the user login system has two ways, passwords and keys, there is no doubt that using the key to login more secure. The following settings root user can only use the key to log in, cannot log in with a password.

Test tool: Rhel6.6,xshell

Step one: Generate the key

Open Xshell and click the Tools button in the menu bar to select the new User key Wizard.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D2/wKioL1T9s1exWO7lAAIonoIUotk013.jpg "title=" Qq20150309224540.png "width=" 471 "height=" 233 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:471PX;HEIGHT:233PX; "alt = "Wkiol1t9s1exwo7laaionoiuotk013.jpg"/>

You can see the key generation interface, choose the RSA encryption algorithm, the key length is set to 2048 here.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9tACCLOo4AAGaYZSY94I813.jpg "title=" Qq20150309225011.png "alt=" Wkiom1t9taccloo4aagayzsy94i813.jpg "/>

Key has been generated, select Next.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D2/wKioL1T9tjnCmhH1AAHJo8w2Cyo188.jpg "title=" Qq20150309225816.png "alt=" Wkiol1t9tjncmhh1aahjo8w2cyo188.jpg "/>

Enter the key name, and the password to encrypt the key, and proceed to the next step.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9teHyZlDdAAFiqZ9bXCc380.jpg "style=" float: none; "title=" Qq20150309230043.png "alt=" Wkiom1t9tehyzlddaafiqz9bxcc380.jpg "/>

Now you can see the public key information and save the public key copy.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D2/wKioL1T9tv2BNHlOAAI9JosOeZg207.jpg "style=" float: none; "title=" Qq20150309230115.png "alt=" Wkiol1t9tv2bnhloaai9josoezg207.jpg "/>

Step two: Upload the public key

1> create a hidden directory in the root user home directory. SSH, and create a Authorized_key file in this directory, and put the pre-generated public key into Authorized_key.

Mkdir-v ~/.ssh

Vim ~/.ssh/authorized_keys

......

2> Modify Permissions

chmod ~/.ssh/authorized_keys

chmod. ssh/

3> empty firewall rules and turn off SELinux

Iptables-f

/etc/init.d/iptables Save

Setenforce 0

Modify the/etc/selinux/config configuration file in Selinux=permissive

4> Modify the SSH configuration file and remove the comment to enable it to support key authentication.

Rsaauthentication Yes

Pubkeyauthentication Yes

5> Restart sshd Service

/etc/init.d/sshd restart

Step Three: Configure Xshell to log on with a key

Fill in the name and host, and then click Authentication.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9u-rD13jGAAJYiaXYc4M053.jpg "style=" float: none; "title=" Qq20150309232706.png "alt=" Wkiom1t9u-rd13jgaajyiaxyc4m053.jpg "/>

Method Select public key,username fill Root,user key to select the previously generated key, and fill in the Passphrase column with the password to encrypt the key.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D2/wKioL1T9vQejSs8DAAIvtsa8-jo822.jpg "style=" float: none; "title=" Qq20150309232615.png "alt=" Wkiol1t9vqejss8daaivtsa8-jo822.jpg "/>

Step four: Test whether the public key password for the setting is available for logon

You can see that you can log in with the root user password, or use public key to log in, first test the ability to log in with public key, you can log in to step five.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D3/wKioL1T9wbShDIPpAAF666vSV_8914.jpg "style=" float: none; "title=" Qq20150309234646.png "alt=" Wkiol1t9wbshdippaaf666vsv_8914.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D3/wKioL1T9wbXTaDeEAAGJXJPhHJk874.jpg "style=" float: none; "title=" Qq20150309234719.png "alt=" Wkiol1t9wbxtadeeaagjxjphhjk874.jpg "/>

Step Five: Configure disable root password login

Note: This step can be done after the previous step has been successfully tested.

1> find Passwordauthentication Yes in the/etc/ssh/sshd_config file and modify it to Passwordauth Entication No.

2> Restart sshd Service

/etc/init.d/sshd restart

You can see the option to log in only with public key.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D3/wKioL1T9wxnRb6zZAAGEu03beTQ004.jpg "title=" Qq20150309235318.png "alt=" Wkiol1t9wxnrb6zzaageu03betq004.jpg "/>

Through the above settings, even if someone else gets the root password can not log in, no public key is also unable to log in, remember to keep the public key file. This further guarantees the security of the server.

This article is from the "Linux" blog, so be sure to keep this source http://yaoyaoquqi.blog.51cto.com/8124243/1618850

Xshell Set key login, disable Administrator password login

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More