Ideas:
The private key is stored on the client, id_rsa
Store the client's public key on the server to be remotely controlled: append the content of the client's public key id_rsa.pub to /root/.ssh/authorized_keys
Use key authentication in 3 steps:
1. Generate a key
2. Place keys, configure ssh
3. Configure the ssh client to use the key to log in
a generated key
1. Use Xshell to generate the key
The key can be generated by any of the above methods;
After completion, save the generated key as a file
Save as id_rsa.pub (public key)
2. Use git to generate keys
Run the command ssh-keygen -t -rsa
2. Put the public key to the server and set up ssh
Use Xshell to log in to the server and go to the "/root/.ssh/" directory
Send id_rsa.pub to the server, and then run the following command to import the public key (Public Key) into the "authorized_keys" file:
[root@linuxidc ~]# cd /root/.ssh/
[root@linuxidc .ssh]# cat id_rsa.pub >> authorized_keys
[root@linuxidc .ssh]# chmod 600 authorized_keys
[root@linuxidc .ssh]# chown linuxidc:yearnfar authorized_keys # Change the user and user group to your own
To verify whether the login is correct, configure the login method on the ssh client from password to publickey, and use the generated public key file for the file.
If the login fails, please check whether the PubkeyAuthentication in the ssh configuration file (/etc/ssh/sshd_config) is yes.
If the verification is successful, you can close the password login method, edit /etc/ssh/sshd_config, change PasswordAuthentication to no, and ChallengeResponseAuthentication to no
Restart sshd (service sshd restart)
PS:
1. Make sure the directory .ssh belongs to the current user and the permissions are 700
2. Make sure the file authorized_keys belongs to the current user and the permissions are 600
The /home/user directory must also be 700! ! ! If you use root to change its permissions, it will also cause you to be unable to log in.
Three set up ssh client login
Four suggestions on safety
Use key authentication to log in, do not set root key authentication, you can use su or sudo to obtain super administrator privileges through other users