// first few steps of the experiment is done, the Friends of the basin can skip watch later
First, the first open policy SSH log of digital certificates
Modify the configuration file / etc / ssh / sshd_config, look for the following three figures, uncommented to enable the configuration, turn on the digital certificate login
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Second, set the public and private key
The process is relatively simple and is done before the experiment wrote a blog (https://www.cnblogs.com/hai-long/p/10417046.html), it is simple to write here. Open puttygen.exe, click Generate, then the mouse on top of the red box Canoeing, generate the key pair, the progress bar full of success.
The above frame is the public key which requires storage server, the buttons below the private key can be generated, which is stored in its own local server is connected with this, in the middle of the private key Key passphrase can set a password.
The private key is stored locally
Save public key server
1, first create mkdir /root/.ssh
2, modify the directory permissions to 700, the command chmod 700 /root/.ssh/
3, New File anthorized_keys, command vim /root/.ssh/authorized_keys, paste the public key into it (all the required text box and paste)
Third, the digital certificate log
First, enter the virtual machine IP
Then click on the left side of the SSH-Auth, loading the private key, click Open
Enter the name of the user interface appears, enter the root
Loaded into a certificate, then enter the private key password to log into the server
But this time using a username / password login server are also possible, so much in fact, set this protective effect did not play
Fourth, set a limit remote root login password
Modify / etc / ssh / sshd_config file PermitRootLogin without-password (this field is yes is the root remote login, remote login is no prohibition), restart the server
再次使用用户名/密码登录试一下,发现失败了
使用数字证书方式登录成功
