How to Use RSA Key for SSH Authentication
来源:互联网 发布:知乎小米笔记本屏幕 编辑:程序博客网 时间:2024/05/18 03:33
If your daily activity requires loging in a lot of Linux systems through SSH, you will be happy to know (if you don't already) that there's a way to allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.
The $HOME/.ssh/authorized_keys file contains the RSA keys allowed for RSA authentication. Each line contains one key, which consists of the following fields: options, bits, exponent, modulus and comment. The first field is optional, bits, exponent and modulus fields give the RSA key and the last field isn't used at all in the authentication process, but it will be somewhat convenient to the user, for instance to know which key is for which machine.
Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).
First, you will need to generate the local RSA key:
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
(It's safe to press enter here, as the /root/.ssh is the default and recommended directory to hold the RSA file.)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
(The password you enter here will need to be entered every time you use the RSA key but fortunately, you can set NO passphrase by pressing Enter. However, the upside is that you only have to remember this one passphrase for all the systems you access via RSA authentication and you can change the passhrase later with "ssh-keygen -p".)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
Once the public key has been generated, it's time to upload it on any Linux systems you usually log into. It's recommended you use scp as the file transfer utility:
# scp .ssh/id_rsa.pub username@hostname.com:~
This command will copy the id_rsa.pub file in the $HOME directory. For instance, if you used root as the username, the file will be found in the /root directory and if you used a normal user, the file will be in the /home/that.user/ directory.
Next, connect to the remote host through SSH, with the username you used in the step above. RSA authentication won't be available just yet, so you'll have to use the old method to login. Once you are connected, add the new hostkey to the file /root/.ssh/authorized_keys or /home/user/.ssh/authorized_keys. If the .ssh directory doesn't exist, create it.
# cd $HOME
# cat id_rsa.pub >> .ssh/authorized_keys
The two right-angles will add the contents of id_rsa.pub file to the authorized_keys file, so in case the file already exists, you won't have to worry about the existing content being modified.
You are all set. To test the RSA authentication, initiate a ssh connection from your PC to one of the Linux systems:
# ssh username@remote.hostname.com
If everything worked out well, you should be either asked for the passpharase (if you entered one), or get directly logged in. If you are prompted for the ssh password or get an error message, retry the above command using -v in order to turn verbose mode on and to be able to track down and correct the problem.
----------------------------------------------------------------------------------------------------------------------
ssh-copy-id -i ~/.ssh/id_rsa.pub jdoe@somehost.org
This takes card of copying the public key to the remote host and adding it to the authorized_keys file and setting the appropriate permissions.
"ssh-copy-id" is simply there for laziness. Ultimately, what you have to achieve is ...
(1) Generate the key-file.
(2) Somehow get the key-file over to the right user-id on the right host.
(3) If that user doesn't already have an ".ssh" directory, create one AND set its permissions to "700." ("rwx------")
(4) If that user doesn't already have an ".ssh/authorized_keys" file, create one AND set its permissions to "600." ("rw-------")
(5) Append ... don't overwrite(!) ... the new key to that file.
As you can see, "ssh-copy-id" sure is easier.
- How to Use RSA Key for SSH Authentication
- Setup the SSH server to use keys for authentication
- How to use the rsa key generted by .net with php?
- How to run (git/ssh) authentication agent?
- How To Use Putty with an SSH Private Key Generated by OpenSSH
- SSH RSA AUTHENTICATION CONFIGURATION
- How To: Use Windows Authentication in ASP.NET 2.0
- SSH Public Key Authentication
- How to use SSH in Java Programmatically
- 1.How to Generate an SSH Key
- How to use cron for regular tasks
- How to use http-proxy for svn
- How to use a Ramdisk for Linux
- How to Use Excel VBA for Printing
- How to Use Densities for Controls
- How to use struts2 for program development?
- Learn How TO Use SSH To Get Through the GFW
- How to Setup Public Key Use Globally on SecureCRT
- jQuery相关
- 0530
- PPP协议简要分析
- Ruby学习札记(4)-安装dbi(解决deprecate问题)
- Linux 技巧:让进程在后台可靠运行的几种方法
- How to Use RSA Key for SSH Authentication
- linux ar 打包库到另一个库中
- C#编程之经典算法——排序(六)
- 浮点数取模函数
- boost 编译 jam 编译配置
- Spring好处————网友总结
- SQL语句(转载)
- matlab uicontrol中popupmenu用法
- 系统调用(追踪sys_socket)