How to Use RSA Key for SSH Authentication

最新推荐文章于 2024-03-22 13:56:47 发布
转载 最新推荐文章于 2024-03-22 13:56:47 发布 · 2.2k 阅读 · 0
文章标签:

#authentication #ssh #permissions #file #command #passwords

本文指导您如何通过生成SSH密钥并将其部署到Linux系统,从而简化SSH远程登录、文件传输和命令执行过程,避免频繁输入密码。

If your daily activity requires loging in a lot of Linux systems through SSH, you will be happy to know (if you don't already) that there's a way to allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.

The $HOME/.ssh/authorized_keys file contains the RSA keys allowed for RSA authentication. Each line contains one key, which consists of the following fields: options, bits, exponent, modulus and comment . The first field is optional, bits, exponent and modulus fields give the RSA key and the last field isn't used at all in the authentication process, but it will be somewhat convenient to the user, for instance to know which key is for which machine.

Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).

First, you will need to generate the local RSA key:

# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
(It's safe to press enter here, as the /root/.ssh is the default and recommended directory to hold the RSA file.)

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
(The password you enter here will need to be entered every time you use the RSA key but fortunately, you can set NO passphrase by pressing Enter. However, the upside is that you only have to remember this one passphrase for all the systems you access via RSA authentication and you can change the passhrase later with "ssh-keygen -p".)

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Once the public key has been generated, it's time to upload it on any Linux systems you usually log into. It's recommended you use scp as the file transfer utility:

# scp .ssh/id_rsa.pub username@hostname.com:~

This command will copy the id_rsa.pub file in the $HOME directory. For instance, if you used root as the username, the file will be found in the /root directory and if you used a normal user, the file will be in the /home/that.user/ directory.

Next, connect to the remote host through SSH, with the username you used in the step above. RSA authentication won't be available just yet, so you'll have to use the old method to login. Once you are connected, add the new hostkey to the file /root/.ssh/authorized_keys or /home/user/.ssh/authorized_keys. If the .ssh directory doesn't exist, create it.

# cd $HOME
# cat id_rsa.pub >> .ssh/authorized_keys

The two right-angles will add the contents of id_rsa.pub file to the authorized_keys file, so in case the file already exists, you won't have to worry about the existing content being modified.

You are all set. To test the RSA authentication, initiate a ssh connection from your PC to one of the Linux systems:

# ssh username@remote.hostname.com

If everything worked out well, you should be either asked for the passpharase (if you entered one), or get directly logged in. If you are prompted for the ssh password or get an error message, retry the above command using -v in order to turn verbose mode on and to be able to track down and correct the problem.

 

----------------------------------------------------------------------------------------------------------------------

ssh-copy-id -i ~/.ssh/id_rsa.pub jdoe@somehost.org

This takes card of copying the public key to the remote host and adding it to the authorized_keys file and setting the appropriate permissions.

 

"ssh-copy-id" is simply there for laziness. Ultimately, what you have to achieve is ...

(1) Generate the key-file.
(2) Somehow get the key-file over to the right user-id on the right host.
(3) If that user doesn't already have an ".ssh" directory, create one AND set its permissions to "700." ("rwx------")
(4) If that user doesn't already have an ".ssh/authorized_keys" file, create one AND set its permissions to "600." ("rw-------")
(5) Append ... don't overwrite(!) ... the new key to that file.

As you can see, "ssh-copy-id" sure is easier.

SSH logins using keys
ljchlx的专栏
03-25 1674
Key-based login allows for a more secure way of connecting between different machines than password-based authentication. The key is much stronger than the password is (so there is less chance of it b
ssh key login
老发的记录本
12-22 1324
ssh-keygen -t rsa
ssh中的密码登录和密钥登录
m0_52165864的博客
07-30 2万+
这种加密方式是大家都知道的,发送方和接收方都是一样的。加解密的钥匙都是同一把,怎么样安全的保存这个密钥,这个密钥在需要加密的机器之前都是共享?很难保证这个密钥不被泄漏。
ssh不能使用key登录的解决心得
weixin_34290631的博客
09-13 1146
配置sshd_config,打开sshkey登录RSAAuthenticationyes PubkeyAuthenticationyes AuthorizedKeysFile.ssh/authorized_keys上传pubkey到.ssh或者把pubkey的内容copy到.ssh/authorized_keys[root@redhat69~]#...
使用ssh-keygen和ssh-copy-id三步实现SSH无密码登录
Welcome to Feng.Chang's Blog
03-25 1万+
本文转自:http://blog.chinaunix.net/uid-26284395-id-2949145.html ssh-keygen  产生公钥与私钥对. ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利 第
How to use SFTP
08-01
How to use SFTP (with client validation - public key authentication) The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client ...
使用xshell利用ssh远程连接交换机,显示Connecting to 152.4.19.140:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. Connection closed by foreign host. Disconnected from remote host (152.4.19.140:22) at 18:12:23. Type "help' to learn how to use xshell prompt.
09-15
rsa local-key-pair create //创建密钥对 enter //回车默认 user-interface vty 0 4 //设置远程登入的用户数,此处设为5个 authentication-mode aaa //远程登入的用户使用 aaa 协议 protocol inbound ssh //远程登入...
CentOS Stream9设置SSH免密登录003篇-非交互式批量分发
老韩的Linux云计算架构师进阶之路
03-22 470
【代码】CentOS Stream9设置SSH免密登录003篇-非交互式批量分发。
when I use command "repo init", get the error "git@github.com: Permission denied (publickey).",how can i solve this error
03-30
This error message typically indicates that there is an issue with your SSH key authentication. Here are some steps you can take to solve this error: 1. Check that your SSH key is correctly ...
How to Manage and Import Keys in SecureCRT
This chapter will introduce the process of managing and importing keys in SecureCRT, including a brief overview of SecureCRT and the reasons why key management and importing are necessary. ## 1. ...
使用RSA Key代替密码进行ssh远程登录
hawkdowen的专栏
08-16 1万+
使用RSAKey替代密码进行ssh远程登录
SSH 中使用 RSA 和 DSA 认证(详解)
热门推荐
萧少聪 [Scott Siu] 的技术博客
09-23 2万+
[原贴]http://weblog.kreny.com/archives/2005/10/rsadsa_authenti.html  [作者]:kreny一直想把自己的服务器的 SSH 认证的模式从用户名密码模式转换成 RSA 和 DSA 认证协议,借着OpenSSH 4.2的发布,今天写了一下配置过程并收集了一些关于 RSA 和 DSA 的参考文章。思路整理:一直没有理解公匙模式下的认证
SSH Man-in-the-Middle Attack and Public-Key Authentication Method
cnbird's blog
10-19 1185
http://www.signedness.org/tools/ SSH is a protocol for secure remote login and other secure network services over insecure networks. To detect man-in-the-middle attacks SSH clients are supposed t
使用ssh 登陆机器的时候,强制使用RSA 算法生成key
changqing1234的专栏
07-17 897
[root@access-applianc ~]# ansible-playbook /opt/IMAppliance/ansible/gateway.yml ---------------------------------------------------------------- Log Path:       /log/ansible/PLAYBOOK/2018-07-17T12:20:...
使用ssh公钥实现面密码登录:RSA公钥
loveprogram_1的专栏
08-19 4819
ssh 无密码登录要使用公钥与私钥。linux下可以用用ssh-keygen生成公钥/私钥对。 有机器A,B(192.168.0.32)。现想A通过ssh免密码登录到B。 1.在A机下生成公钥/私钥对。 ➜  ~  ssh-keygen -t rsa -P '' -P表示密码,-P '' 就表示空密码,也可以不用-P参数,这样就要三车回车,用-P就一次回车。 该
基于遗传算法的新的异构分布式系统任务调度算法研究(Matlab代码实现)
11-26
基于遗传算法的新的异构分布式系统任务调度算法研究(Matlab代码实现)内容概要:本文档围绕基于遗传算法的异构分布式系统任务调度算法展开研究,重点介绍了一种结合遗传算法的新颖优化方法,并通过Matlab代码实现验证其在复杂调度问题中的有效性。文中还涵盖了多种智能优化算法在生产调度、经济调度、车间调度、无人机路径规划、微电网优化等领域的应用案例,展示了从理论建模到仿真实现的完整流程。此外,文档系统梳理了智能优化、机器学习、路径规划、电力系统管理等多个科研方向的技术体系与实际应用场景,强调“借力”工具与创新思维在科研中的重要性。; 适合人群:具备一定Matlab编程基础,从事智能优化、自动化、电力系统、控制工程等相关领域研究的研究生及科研人员,尤其适合正在开展调度优化、路径规划或算法改进类课题的研究者; 使用场景及目标:①学习遗传算法及其他智能优化算法(如粒子群、蜣螂优化、NSGA等)在任务调度中的设计与实现;②掌握Matlab/Simulink在科研仿真中的综合应用;③获取多领域(如微电网、无人机、车间调度)的算法复现与创新思路; 阅读建议:建议按目录顺序系统浏览,重点关注算法原理与代码实现的对应关系,结合提供的网盘资源下载完整代码进行调试与复现,同时注重从已有案例中提炼可迁移的科研方法与创新路径。
25页PPT-特权访问安全解决方案(奇安信).pptx
11-26
25页PPT-特权访问安全解决方案(奇安信)
微电网创新点基于非支配排序的蜣螂优化算法NSDBO求解微电网多目标优化调度研究(Matlab代码实现)
最新发布
11-26
【微电网】【创新点】基于非支配排序的蜣螂优化算法NSDBO求解微电网多目标优化调度研究(Matlab代码实现)内容概要:本文提出了一种基于非支配排序的蜣螂优化算法(NSDBO),用于求解微电网多目标优化调度问题。该方法结合非支配排序机制,提升了传统蜣螂优化算法在处理多目标问题时的收敛性和分布性,有效解决了微电网调度中经济成本、碳排放、能源利用率等多个相互冲突目标的优化难题。研究构建了包含风、光、储能等多种分布式能源的微电网模型,并通过Matlab代码实现算法仿真,验证了NSDBO在寻找帕累托最优解集方面的优越性能,相较于其他多目标优化算法表现出更强的搜索能力和稳定性。; 适合人群:具备一定电力系统或优化算法基础,从事新能源、微电网、智能优化等相关领域研究的研究生、科研人员及工程技术人员。; 使用场景及目标:①应用于微电网能量管理系统的多目标优化调度设计;②作为新型智能优化算法的研究与改进基础,用于解决复杂的多目标工程优化问题;③帮助理解非支配排序机制在进化算法中的集成方法及其在实际系统中的仿真实现。; 阅读建议:建议读者结合Matlab代码深入理解算法实现细节,重点关注非支配排序、拥挤度计算和蜣螂行为模拟的结合方式,并可通过替换目标函数或系统参数进行扩展实验,以掌握算法的适应性与调参技巧。
物联网基于ESP32与MQTT的温湿度监控系统设计:小程序端实时数据显示与历史趋势分析
11-26
内容概要:本文介绍了一个基于ESP32、MQTT协议和微信小程序的温湿度远程监控系统,涵盖硬件端(ESP32与DHT系列传感器)、云端(MQTT消息 broker)以及小程序前端的完整实现方案。系统通过ESP32采集温湿度数据,利用WiFi连接将数据经由MQTT协议发布至服务器;小程序订阅相应主题,实现实时数据显示、历史趋势绘图、设备状态监测等功能,并支持手动刷新与断线自动重连机制。代码示例包括ESP32的WiFi与MQTT连接、传感器数据读取与上传,以及小程序的页面结构、逻辑控制和图表绘制。系统具备良好的可扩展性和实用性,适用于物联网远程监控场景。; 适合人群:具备嵌入式开发基础和前端开发经验,熟悉C++和JavaScript语言,从事物联网项目开发1-3年的工程师或爱好者; 使用场景及目标:①实现对环境温湿度的远程实时监控;②学习MQTT协议在物联网通信中的应用;③掌握ESP32与微信小程序的联动开发方法;④构建完整的前后端一体化物联网解决方案; 阅读建议:建议读者结合硬件实际操作,部署MQTT服务器并调试通信流程,重点关注数据格式一致性、网络稳定性处理及小程序图表性能优化,同时注意启用TLS加密以提升系统安全性。
ssh-keygen -t rsa -f sshkey
07-11
`ssh-keygen` 是用于生成SSH密钥对的命令, `-t rsa` 指定要生成的是RSA类型的加密密钥,`-f sshkey` 表示将密钥保存到 `sshkey` 文件中。以下是这个命令的基本用法: ```shell # 使用ssh-keygen生成RSA私钥和公钥 ...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值