SSH security in Linux, using key pair authentication

Others 2022-04-22 17:17:22 views: 0

 

Login authentication object: local user account in the server

Login verification method:

  Password verification: check whether the username and password match

  Key pair verification: check whether the client's private key and the server's public key match

# vim /etc/ssh/sshd_config

PasswordAuthentication yes // password authentication

PubkeyAuthentication yes //Key pair verification

AuthorizedKeysFile .ssh/authorized_keys // key storage place

# systemctl restart ssh.service

 

Build an SSH system for key pair authentication:

Step 1: Create a key pair (created on the client side, after creation, it contains the private key and public key to form a key pair)

  Private key file: id_rsa

  Public key file: id_rsa.pub

# ssh-keygen -t rsa

// set key storage location

// set key password

[private key permission is: 600

The public key permissions are: 644

This encryption method is asymmetric encryption, and the private key file must not be disclosed]

Step 2: Upload the public key file to the server

Step 3: Import the public key file

The following command combines the second and third steps to upload and import:

# ssh-copy-id remote_user_name@remote_ip_address

 

example:

Before importing the public key file, use the guest user to switch to the user001 user:
guest@debian:~$ ssh [email protected]
[email protected]'s password:

Start uploading and importing the public key file:

    Use the guest user to upload and import the public key file to the user001 user. After the upload and import is successful, use the guest user to switch to the user001 user. You can log in to user001 without the password of user001 (if the guest user creates a password when creating a key pair, then Key password is required):

guest@debian:~$ ssh-copy-id [email protected]

// Enter the password of user01

// Upload and import successfully, there is a file authorized_keys in the ~/.ssh directory of user001, that is, the uploaded and imported public key file

// Use the guest user to switch to user001 and log in without the password of user001

guest@debian:~$ ssh [email protected]
Enter passphrase for key '/home/guest/.ssh/id_rsa':

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325158495&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com