配置ssh public key 论证登陆

本文介绍如何配置SSH实现无密码登录,包括远程服务器设置与本地密钥生成步骤,并提供ssh-copy-id工具使用说明。此外,还介绍了如何通过禁用密码认证来提高SSH安全性。

http://linux-tips.org/article/33/passwordless-ssh-setup

 

Passwordless ssh setup

If you want to use passwordless ssh login feature, you should use public key authentication mechanism. To do this, remote server must be configured to enable public key authentication (enabled by default) and you should have an ssh public/private key and store your public key at the remote side's special file: ~remote-user/.ssh/authorized_keys

Remote server setup: Check the following lines exists and uncommented in the /etc/ssh/sshd_config, if not you must add it and restart ssh server at the remote side:

RSAAuthentication yes
PubkeyAuthentication yes

Local setup: You must generate an public/private key pair for your own if it's not generated before:

ssh-keygen -t rsa

You can select defaults just hitting enter a few times. After that your public key will be in the ~/.ssh/id_rsa.pub file, you must add this file content's to ~remote-user/.ssh/authorized_keys file. You can scp to copy id_rsa.pub at the remote side and after that you can append id_rsa.pub contents into authorized_keys file at the remote side.

This is a trivial process and there is a special script utility which basically makes this copy and append task called ssh-copy-id:

ssh-copy-id remote-user@remote-host

Now, you can login without entering password.

 

http://linux-tips.org/article/60/disabling-ssh-password-authentication

Disabling ssh password authentication

Brute force password guess attacks generally runs against ssh server. You can allow only known ip addresses to connect ssh port with iptables but sometimes it is not the best way; you may want to login from everywhere.

 

In order to keep connected from everywhere while protecting system itself against brute force attacks, you can disable password based authentication in ssh and still continue to connect with public key authentication (See also: Passwordless ssh setup). To do this, change or add following line in /etc/ssh/sshd_config and restart ssh server:

PasswordAuthentication no

 

SSH public key是通过使用ssh-keygen命令生成的一种加密密钥对中的公钥。在使用ssh-keygen命令时,通过指定选项-t rsa,可以生成一对RSA算法的公钥和私钥。公钥可以被分享给其他人或在服务器上配置,用于进行安全的SSH连接验证。私钥则应该妥善保管,不应该被分享或泄露。 在Jenkins中,使用Publish over SSH插件时,可以将生成的公钥配置到服务器上,用于实现安全的SSH连接管理。服务器上存放的是公钥文件,而Jenkins上存放的是私钥文件,用于进行身份验证。通过这种方式,可以实现无密码连接服务器的操作。 总结来说,SSH public key是通过ssh-keygen命令生成的一种加密密钥对中的公钥,用于进行安全的SSH连接验证。可以将公钥配置到服务器上,实现无密码连接服务器的操作。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *3* [ssh-keygen(linux 命令) 创建 private key(私钥) , public key (公钥),实现ssh,scp,sftp命令无密码...](https://blog.csdn.net/sxzlc/article/details/126356471)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] - *2* [Xshell配置ssh免密码登录-密钥公钥(Public key)](https://blog.csdn.net/lgxzzz/article/details/124409658)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v93^chatsearchT3_2"}}] [.reference_item style="max-width: 50%"] [ .reference_list ]
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值