Login authentication object: local user account in the server
Login verification method:
Password verification: check whether the username and password match
Key pair verification: check whether the client's private key and the server's public key match
# vim /etc/ssh/sshd_config
PasswordAuthentication yes // password authentication
PubkeyAuthentication yes //Key pair verification
AuthorizedKeysFile .ssh/authorized_keys // key storage place
# systemctl restart ssh.service
Build an SSH system for key pair authentication:
Step 1: Create a key pair (created on the client side, after creation, it contains the private key and public key to form a key pair)
Private key file: id_rsa
Public key file: id_rsa.pub
# ssh-keygen -t rsa
// set key storage location
// set key password
[private key permission is: 600
The public key permissions are: 644
This encryption method is asymmetric encryption, and the private key file must not be disclosed]
Step 2: Upload the public key file to the server
Step 3: Import the public key file
The following command combines the second and third steps to upload and import:
# ssh-copy-id remote_user_name@remote_ip_address
example:
Before importing the public key file, use the guest user to switch to the user001 user:
guest@debian:~$ ssh [email protected]
[email protected]'s password:
Start uploading and importing the public key file:
Use the guest user to upload and import the public key file to the user001 user. After the upload and import is successful, use the guest user to switch to the user001 user. You can log in to user001 without the password of user001 (if the guest user creates a password when creating a key pair, then Key password is required):
guest@debian:~$ ssh-copy-id [email protected]
// Enter the password of user01
// Upload and import successfully, there is a file authorized_keys in the ~/.ssh directory of user001, that is, the uploaded and imported public key file
// Use the guest user to switch to user001 and log in without the password of user001
guest@debian:~$ ssh [email protected]
Enter passphrase for key '/home/guest/.ssh/id_rsa':