配置ssh public key 论证登陆

本文介绍如何配置SSH实现无密码登录,包括远程服务器设置与本地密钥生成步骤,并提供ssh-copy-id工具使用说明。此外,还介绍了如何通过禁用密码认证来提高SSH安全性。

http://linux-tips.org/article/33/passwordless-ssh-setup

 

Passwordless ssh setup

If you want to use passwordless ssh login feature, you should use public key authentication mechanism. To do this, remote server must be configured to enable public key authentication (enabled by default) and you should have an ssh public/private key and store your public key at the remote side's special file: ~remote-user/.ssh/authorized_keys

Remote server setup: Check the following lines exists and uncommented in the /etc/ssh/sshd_config, if not you must add it and restart ssh server at the remote side:

RSAAuthentication yes
PubkeyAuthentication yes

Local setup: You must generate an public/private key pair for your own if it's not generated before:

ssh-keygen -t rsa

You can select defaults just hitting enter a few times. After that your public key will be in the ~/.ssh/id_rsa.pub file, you must add this file content's to ~remote-user/.ssh/authorized_keys file. You can scp to copy id_rsa.pub at the remote side and after that you can append id_rsa.pub contents into authorized_keys file at the remote side.

This is a trivial process and there is a special script utility which basically makes this copy and append task called ssh-copy-id:

ssh-copy-id remote-user@remote-host

Now, you can login without entering password.

 

http://linux-tips.org/article/60/disabling-ssh-password-authentication

Disabling ssh password authentication

Brute force password guess attacks generally runs against ssh server. You can allow only known ip addresses to connect ssh port with iptables but sometimes it is not the best way; you may want to login from everywhere.

 

In order to keep connected from everywhere while protecting system itself against brute force attacks, you can disable password based authentication in ssh and still continue to connect with public key authentication (See also: Passwordless ssh setup). To do this, change or add following line in /etc/ssh/sshd_config and restart ssh server:

PasswordAuthentication no

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值