The Secure Shell protocol of the US Linux server is an encrypted network protocol, generally abbreviated as SSH, which is specially used for the secure connection between the client and the US Linux server, and supports the use of various authentication mechanisms. At present, the most practical authentication mechanisms under the technology are password-based authentication and public key-based authentication. This article will talk about how to set up SSH key-based authentication for the US Linux server system, and how to remotely connect to the US Linux server without secrets.
1. Set up SSH passwordless login
To set up SSH passwordless login in the US Linux server system, you need to generate a public authentication key and attach it to the /.ssh/authorized_keys file of the remote US Linux server. The following explains the detailed steps for configuring SSH passwordless login.
1. Check existing SSH key pairs
Before generating a new SSH key pair, first check whether there is an existing SSH key on the US Linux server system, in order not to overwrite the existing key. Run the following Is command to see if an existing SSH key exists on a US Linux server system:
Is -al ~/.ssh/id_*.pub
You can use existing keys and skip to the next step if you have them, or back up your old keys and generate new ones. If you see No such file or directory or no matches found, it means that the US Linux server does not have an SSH key, and you can proceed to the next step to generate a new key.
2. Generate a new SSH key pair
The following command will generate a new 4096-bit SSH key pair on a US Linux server system, with the email address as a comment:
ssh-keygen -t rsa -b 4096 -C Email
Press Enter to accept the default file location and file name:
Enter file in which to save the key(/home/yourusername/.ssh/id_rsa)
Next, the ssh-keygen tool will ask you to type in a secure password, whether you want to use a passphrase or not. If you choose to use a passphrase, you can get additional security protection. Most US Linux server developers and sysadmins prefer to use SSH without passwords, as this is useful for fully automated processes. Press Enter if you don't want to use a passphrase:
Enter passphrase(empty for no passphrase)
To confirm that the US Linux server has generated SSH keys, you can use the following command to list the new private and public keys:
ls~/.ssh/id_*/home/yourusername/.ssh/id_rsa/home/yourusername/.ssh/id_rsa.pub
3. Copy the public key
After the SSH key pair has been generated, in order to be able to log in to the US Linux server without a password, the public key needs to be copied to the US Linux server to be managed. The easiest way to copy the public key to the host is to use the command called ssh-copy-id. In the localhost terminal type:
ssh-copy-id remote_username@server_ip_address
You will be prompted for a password for remote_username:
remote_username@server_ip_address's password:
After the user is authenticated, the public key will be appended to the US Linux server remote user authorized_keys file and the connection will be closed. If for some reason the ssh-copy-id utility is not available on your localhost, you can copy the public key with:
cat ~/.ssh/id_rsa.pub |SSHremote_username@server_ip_address "mkdir -p ~/.SSH&& cat >> ~/.ssh/authorized_keys"
4. Use SSH keys to log in to the US Linux server
After completing the above steps, you will be able to log in to the remote US Linux server without being prompted for a password. Test the password:
SSHremote_username@server_ip_address
2. Disable SSH password authentication
To add an extra layer of security for US Linux servers, you can disable password authentication for SSH. Before disabling SSH password authentication, you need to make sure that you can log in to the US Linux server without a password, and that the logged-in user has sudo privileges.
1. Use the user with sudo privileges or the root user to log in to the remote US Linux server through the SSH key:
SSHsudo_user@server_ip_address
2. Open the US Linux server SSH configuration file /etc/ssh/sshd_config, search for the following command and modify it as follows:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Save the file when finished and restart the SSH service. The command to run on the Ubuntu or Debian version of the US Linux server is:
sudo systemctl restartSSH
The command to run on CentOS or Fedor's US Linux server is:
sudo systemctl restartSSHd
At this point, the settings of the SSH secret-free remote connection of the American Linux server system have been completed, and the subsequent American Linux server users can directly log in through SSH secret-free.