As an OPS person, we must first ensure the security of the server. While the user login system has two ways, passwords and keys, there is no doubt that using the key to login more secure. The following settings root user can only use the key to log in, cannot log in with a password.
Test tool: Rhel6.6,xshell
Step one: Generate the key
Open Xshell and click the Tools button in the menu bar to select the new User key Wizard.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D2/wKioL1T9s1exWO7lAAIonoIUotk013.jpg "title=" Qq20150309224540.png "width=" 471 "height=" 233 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" WIDTH:471PX;HEIGHT:233PX; "alt = "Wkiol1t9s1exwo7laaionoiuotk013.jpg"/>
You can see the key generation interface, choose the RSA encryption algorithm, the key length is set to 2048 here.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9tACCLOo4AAGaYZSY94I813.jpg "title=" Qq20150309225011.png "alt=" Wkiom1t9taccloo4aagayzsy94i813.jpg "/>
Key has been generated, select Next.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D2/wKioL1T9tjnCmhH1AAHJo8w2Cyo188.jpg "title=" Qq20150309225816.png "alt=" Wkiol1t9tjncmhh1aahjo8w2cyo188.jpg "/>
Enter the key name, and the password to encrypt the key, and proceed to the next step.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9teHyZlDdAAFiqZ9bXCc380.jpg "style=" float: none; "title=" Qq20150309230043.png "alt=" Wkiom1t9tehyzlddaafiqz9bxcc380.jpg "/>
Now you can see the public key information and save the public key copy.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D2/wKioL1T9tv2BNHlOAAI9JosOeZg207.jpg "style=" float: none; "title=" Qq20150309230115.png "alt=" Wkiol1t9tv2bnhloaai9josoezg207.jpg "/>
Step two: Upload the public key
1> create a hidden directory in the root user home directory. SSH, and create a Authorized_key file in this directory, and put the pre-generated public key into Authorized_key.
Mkdir-v ~/.ssh
Vim ~/.ssh/authorized_keys
......
2> Modify Permissions
chmod ~/.ssh/authorized_keys
chmod. ssh/
3> empty firewall rules and turn off SELinux
Iptables-f
/etc/init.d/iptables Save
Setenforce 0
Modify the/etc/selinux/config configuration file in Selinux=permissive
4> Modify the SSH configuration file and remove the comment to enable it to support key authentication.
Rsaauthentication Yes
Pubkeyauthentication Yes
5> Restart sshd Service
/etc/init.d/sshd restart
Step Three: Configure Xshell to log on with a key
Fill in the name and host, and then click Authentication.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D7/wKiom1T9u-rD13jGAAJYiaXYc4M053.jpg "style=" float: none; "title=" Qq20150309232706.png "alt=" Wkiom1t9u-rd13jgaajyiaxyc4m053.jpg "/>
Method Select public key,username fill Root,user key to select the previously generated key, and fill in the Passphrase column with the password to encrypt the key.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D2/wKioL1T9vQejSs8DAAIvtsa8-jo822.jpg "style=" float: none; "title=" Qq20150309232615.png "alt=" Wkiol1t9vqejss8daaivtsa8-jo822.jpg "/>
Step four: Test whether the public key password for the setting is available for logon
You can see that you can log in with the root user password, or use public key to log in, first test the ability to log in with public key, you can log in to step five.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/5A/D3/wKioL1T9wbShDIPpAAF666vSV_8914.jpg "style=" float: none; "title=" Qq20150309234646.png "alt=" Wkiol1t9wbshdippaaf666vsv_8914.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/5A/D3/wKioL1T9wbXTaDeEAAGJXJPhHJk874.jpg "style=" float: none; "title=" Qq20150309234719.png "alt=" Wkiol1t9wbxtadeeaagjxjphhjk874.jpg "/>
Step Five: Configure disable root password login
Note: This step can be done after the previous step has been successfully tested.
1> find Passwordauthentication Yes in the/etc/ssh/sshd_config file and modify it to Passwordauth Entication No.
2> Restart sshd Service
/etc/init.d/sshd restart
You can see the option to log in only with public key.
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/5A/D3/wKioL1T9wxnRb6zZAAGEu03beTQ004.jpg "title=" Qq20150309235318.png "alt=" Wkiol1t9wxnrb6zzaageu03betq004.jpg "/>
Through the above settings, even if someone else gets the root password can not log in, no public key is also unable to log in, remember to keep the public key file. This further guarantees the security of the server.
This article is from the "Linux" blog, so be sure to keep this source http://yaoyaoquqi.blog.51cto.com/8124243/1618850
Xshell Set key login, disable Administrator password login