banner
李大仁博客

李大仁博客

天地虽大,但有一念向善,心存良知,虽凡夫俗子,皆可为圣贤。

[Linux] Use SSH-KEY to login to SSH

Managing multiple Linux hosts can be troublesome when dealing with a large number of login passwords. Using SSH-KEY for logging into servers can effectively solve this problem. The following are the steps to achieve passwordless login to SSH using SSH-KEY. One set of SSH-KEY can be used for all servers.

  1. Use ssh-keygen to create the public and private keys for logging into remote SSH servers.

ssh-keygen -t [rsa|dsa] -C "comments"

-t can be used to choose between RSA and DSA keys#

-C is optional for adding comments#

After pressing enter, two files will be created in the ~/.ssh directory: id_dsa (private key) and id_dsa.pub (public key). Make sure to securely store the private key.

  1. Copy the public key to the corresponding user's ~/.ssh/ directory on the server.

  2. Execute the following command in the ~/.ssh/ directory of the server user:

cat id_dsa.pub >> authorized_keys

For the first time, use:#

chmod 600 authorized_keys

Note that for security reasons, authorized_keys must have 600 permissions.

  1. Modify /etc/ssh/sshd_config to confirm if the public key authentication mode of SSHD is enabled:

# Allow public key authentication. Only applicable for SSH-2.
PubkeyAuthentication yes|no # Enable for SSH-2

Allow pure RSA public key authentication. Only applicable for SSH-1.#

RSAAuthentication yes|no # Enable for SSH-1

  1. Exit the remote server and try logging in again:

ssh xxx.xxx.xxx.xxx

  1. Modify /etc/ssh/sshd_config to disable password authentication for SSHD if needed:

Allow password-based authentication.#

PasswordAuthentication yes|no

Allow challenge-response authentication.#

ChallengeResponseAuthentication yes|no

  1. For MACOS systems, configure SSH connections locally by opening ~/.ssh/Config and editing the file. If it doesn't exist, create a new file.

Host XXX.XXX.XXX.XXX
HostName XXXX.com
Port 22
User root

Set preferred authentication method to public key#

PreferredAuthentications publickey

Set the location of the private key file#

IdentityFile ~/.ssh/id_dsa

Reference: http://www.2cto.com/os/201401/272738.html

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.