May 24, 2021 That's what Linux should learn
Encryption is a technique of encoding and decoding information, which converts clear text information that could otherwise be read directly into a secret form through a certain algorithm (key). A key is the key to a secret, divided between a private key and a public key. W hen transferring data, if you are concerned about being monitored or intercepted by someone else, you can encrypt the data with the public key before transferring it, and then transfer it in a row. This allows only users with private keys to decrypt the data, and others, even if they intercept it, generally have difficulty deciphering it into clear text.
In short, password verification in a production environment is ultimately at risk of being brute forced or sniffed. I f key authentication is configured correctly, the sshd service program will be more secure. Let's do the specific configuration below, as follows.
Step 1: Generate a "key pair" in the client host.
[root@linuxprobe ~]# ssh-keygen Generating public/private rsa key pair. E nter file in which save the key (/root/.ssh/id_rsa): Press the enter key or set the storage path of the key created directory'/root/create.ssh'. E nter for no passphrase: Press the enter key directly or set the key's password Enter same passphrase again: Press the enter key again or set the key's password Your has been saved /root/.ssh/id_rsa. Y our public key has been saved in /root/.ssh/id_rsa.pub. Y our identification has been saved in /root/.ssh/id_rsa. Y our public key has been saved in /root/.ssh/id_rsa.pub. T he key fingerprint is: 40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 [email protected] The key's randomart image is: +--[ RSA 2048]----+ |+ .. O . | | . o + | |o* . | |+ . . | |o.. S | |.. + | |. = | | E + . | |+.o | Step ----------------- 2: Transfer the public key files generated in the client host to the remote host:
[root@linuxprobe ~]# ssh-copy-id 192.168.10.10 The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established. E CDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f. A re you sure you want to continue connecting (yes/no)? y es/usr/bin/ssh-copy-id: INFO: attempting to log in with new key (s), to filter out any that are installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are nowed it is to the new keys [email protected]'s password: Enter remote server password Number of key(s) added here: 1 Now try logging into the machine, with: "ssh'192.168.10.10'" and check to make sure that o nly the key(s) you wanted were added. S tep 3: Set up the server so that it allows only key authentication and rejects traditional password authentication methods. Remember to save and restart the sshd service program after you modify the profile.
[root@linuxprobe ~]# vim /etc/ssh/sshd_config .................. O mit some of the output information... 7 4 75 # To disable tunneled clear text passwords, change to no here! 7 6 #PasswordAuthentication yes 77 #PermitEmptyPasswords no 78 PasswordAuthentication no 79 .................. O mit some of the output information... Step root@linuxprobe 4: Try to log on to the server on the client without entering a password.
[root@linuxprobe ~]# ssh 192.168.10.10 Last login: Mon Apr 13 19:34:13 2017