Linux has 2 login methods:
- Login method using username and password;
- key login;
Key login:
- SSH login is encrypted using RSA asymmetric encryption. When logging in with an SSH key, you can use the RSA key to log in. SSH has a tool ssh-keygen for creating SSH keys.
The general password way to log in is prone to the problem of password being cracked by brute force.
- Set the SSH port to a port other than the default 22;
- Disable root account login.
- Log in with a key.
SSH key login principle:
Make a pair of keys (one public key, one private key) using a key generator.
Add the public key to an account on the server, and then use the private key on the client side to complete authentication and log in.
Without the private key, no one can remotely log into the system by brute-forcing your password via SSH. - - If you copy the public key to other accounts or even hosts, you can also log in with the private key.
cd to the .ssh directory under the Linux user directory, the root user is /root/.ssh, and the common user is /home/username/.ssh; Execute:
cd /home/普通用户名/.sshorcd /root/.sshExecute the ssh-keygen command to create a key pair:
ssh-keygen -t rsa
Note: To execute the key generation command, basically press Enter all the way, but it should be noted that there will be a prompt during the execution of the command. Enter the password of the key (as shown in the figure below, enter the same twice, that is, confirm the password again), just press Enter without the password.
Enter file in which to save the key (/root/.ssh/id_rsa):
#Enter the location where the key is saved and press Enter.
Enter passphrase (empty for no passphrase):
#Private key password, press Enter directly if you don't need it.
- After the key is generated, there will be two more files in the current directory, id_rsa and id_rsa.pub;
- id_rsa: private key (generally not leaked);
- id_rsa.pub: public key;
ordinary users also need to pay attention to permission issues:
chmod 700 /home/ordinary users/.ssh
chmod 600 /home/ordinary users/.ssh/new or existing files used to save public keys
Copy the public key to the remote server that needs to log in, here you can use ssh-copy-id to complete it automatically. For example:
for i in {1..3}; do ssh-copy-id ceph$i; done
Set up SSH, open the key login function, and operate as root user,
vi /etc/ssh/sshd_configRSAAuthentication yes PubkeyAuthentication yes PermitRootLogin yes ##root 用户能否通过 SSHAfter you have completed all the settings and successfully logged in with the key, disable the password login:
PasswordAuthentication no
Restart the SSH service:
systemctl restart sshdor
service sshd restart