2025 latest overseas Chinese free movie website, continuously updating free movies and TV series, no ads, no membership, no lag
SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: '\xAC15\xE9\x9B\x86...' Solution
2025 CloudFlare How to configure preferred IP Free CDN to accelerate your website, monthly preferred IP sharing
Free Office full version download - Use Microsoft Office software forever

SSH public key authentication login

Generally, when we use ssh to remotely log in to a server, we need to enter a username and password. This is very troublesome for people who often maintain the system. How can we log in to a remote Linux/Unix server directly without a password? SSH public key authentication can solve this problem.

Generally, when we use ssh to log in to a server remotely, we need to enter the username and password. This is very troublesome for people who often maintain the system. How can we log in to the remote server directly without a password?/Unix server? SSH public key authentication can solve this problem.
Public key authentication uses a pair of encrypted strings, one is called the public key, which can be seen by anyone and is used for encryption; the other is called the private key, which can only be seen by the owner and is used for decryption. Ciphertext encrypted with the public key can be easily decrypted using the private key, but it is very difficult to guess the private key based on the public key.
Before using public key authentication, check the server's ssh configuration file /etc/ssh/sshd_config

RSAAuthentication yes # Enable RSA authentication, the default is yes PubkeyAuthentication yes # Enable public key authentication, the default is yes

If there are no problems with the configuration, you can proceed to the next step.
Let's take an example. For example, there are two machines, client A and server B. If you want to use ssh public key authentication to log in from machine A as the client user to machine B as the server user, the method is as follows:
1. Generate public key and private key on client A

ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/client/.ssh/id_rsa): #Press Enter hereCreated directory '/home/client/.ssh'. Enter passphrase (empty for no passphrase): #Press Enter hereEnter same passphrase again: #Press Enter hereYour identification has been saved in /home/client/.ssh/id_rsa. Your public key has been saved in /home/client/.ssh/id_rsa.pub. The key fingerprint is: f5:30:ba:10:ee:7a:c6:cf:d8:ec:3f:4c:b3:f1:09:6d client@linuxsong.org

This generates the public key (/home/client/.ssh/id_rsa.pub) and private key (/home/client/.ssh/id_rsa) of the current user client on this machine.

2. Copy the public key file generated in the previous step to server B. Then append the file content to .ssh/authorized_keys in the server user directory:

cat id_rsa.pub >> .ssh/authorized_keys

In this way, the client user does not need to enter a password when logging in to the server user from the client.
In addition, if the server security is relatively high, you can set users to only be allowed to log in through public key authentication and prohibit users from logging in with passwords. Just modify the server configuration file /etc/sshd/sshd_config

PasswordAuthentication no

After modification, restart the sshd service.
In this way, when the user logs in with a password, he will be prompted:

Permission denied (publickey,gssapi-with-mic)

Effectively improve the security of the system.
Notice:
The permissions of the .ssh directory must be 0700
.ssh/authorized_keys file permissions must be 0600
Otherwise, public key authentication will not take effect.

score

Leave a Reply

Your email address will not be published. Required fields are marked *