How to Use RSA Key for SSH Authentication

最新推荐文章于 2020-06-30 10:31:11 发布
最新推荐文章于 2020-06-30 10:31:11 发布
阅读量2.1k 收藏
点赞数
分类专栏: Ubuntu Linux 文章标签: authentication ssh permissions file command passwords

If your daily activity requires loging in a lot of Linux systems through SSH, you will be happy to know (if you don't already) that there's a way to allow secure, authenticated remote access, file transfer, and command execution without having to remember passwords for each individual host you connect.

The $HOME/.ssh/authorized_keys file contains the RSA keys allowed for RSA authentication. Each line contains one key, which consists of the following fields: options, bits, exponent, modulus and comment . The first field is optional, bits, exponent and modulus fields give the RSA key and the last field isn't used at all in the authentication process, but it will be somewhat convenient to the user, for instance to know which key is for which machine.

Before we start, make sure your computer has a ssh client installed and the remote Linux system has ssh installed and sshd running, with RSA authentication enabled (RSAAuthentication yes in /etc/ssh/sshd_config).

First, you will need to generate the local RSA key:

# ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
(It's safe to press enter here, as the /root/.ssh is the default and recommended directory to hold the RSA file.)

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
(The password you enter here will need to be entered every time you use the RSA key but fortunately, you can set NO passphrase by pressing Enter. However, the upside is that you only have to remember this one passphrase for all the systems you access via RSA authentication and you can change the passhrase later with "ssh-keygen -p".)

Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.

Once the public key has been generated, it's time to upload it on any Linux systems you usually log into. It's recommended you use scp as the file transfer utility:

# scp .ssh/id_rsa.pub username@hostname.com:~

This command will copy the id_rsa.pub file in the $HOME directory. For instance, if you used root as the username, the file will be found in the /root directory and if you used a normal user, the file will be in the /home/that.user/ directory.

Next, connect to the remote host through SSH, with the username you used in the step above. RSA authentication won't be available just yet, so you'll have to use the old method to login. Once you are connected, add the new hostkey to the file /root/.ssh/authorized_keys or /home/user/.ssh/authorized_keys. If the .ssh directory doesn't exist, create it.

# cd $HOME
# cat id_rsa.pub >> .ssh/authorized_keys

The two right-angles will add the contents of id_rsa.pub file to the authorized_keys file, so in case the file already exists, you won't have to worry about the existing content being modified.

You are all set. To test the RSA authentication, initiate a ssh connection from your PC to one of the Linux systems:

# ssh username@remote.hostname.com

If everything worked out well, you should be either asked for the passpharase (if you entered one), or get directly logged in. If you are prompted for the ssh password or get an error message, retry the above command using -v in order to turn verbose mode on and to be able to track down and correct the problem.

 

----------------------------------------------------------------------------------------------------------------------

ssh-copy-id -i ~/.ssh/id_rsa.pub jdoe@somehost.org

This takes card of copying the public key to the remote host and adding it to the authorized_keys file and setting the appropriate permissions.

 

"ssh-copy-id" is simply there for laziness. Ultimately, what you have to achieve is ...

(1) Generate the key-file.
(2) Somehow get the key-file over to the right user-id on the right host.
(3) If that user doesn't already have an ".ssh" directory, create one AND set its permissions to "700." ("rwx------")
(4) If that user doesn't already have an ".ssh/authorized_keys" file, create one AND set its permissions to "600." ("rw-------")
(5) Append ... don't overwrite(!) ... the new key to that file.

As you can see, "ssh-copy-id" sure is easier.

evilcode
关注
专栏目录
如何在Ubuntu 20.04上设置SSH密钥
08-16 5891
介绍 (Introduction) SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with an Ubuntu server, chances are you will spend most of your time in a...
如何设置SSH公钥身份验证
culiu9261的博客
07-19 3040
Being familiar with SSH and the command-line is essential to good web development. This article is geared towards people who already have a basic understanding of the command line and using Secure Sh...
SSH logins using keys
ljchlx的专栏
03-25 1601
Key-based login allows for a more secure way of connecting between different machines than password-based authentication. The key is much stronger than the password is (so there is less chance of it b
ssh key login
老发的记录本
12-22 758
ssh-keygen -t rsa
ssh不能使用key登录的解决心得
weixin_34290631的博客
09-13 1078
配置sshd_config,打开sshkey登录RSAAuthenticationyes PubkeyAuthenticationyes AuthorizedKeysFile.ssh/authorized_keys上传pubkey到.ssh或者把pubkey的内容copy到.ssh/authorized_keys[root@redhat69~]#...
使用ssh-keygen和ssh-copy-id三步实现SSH无密码登录
Welcome to Feng.Chang's Blog
03-25 1万+
本文转自:http://blog.chinaunix.net/uid-26284395-id-2949145.html ssh-keygen  产生公钥与私钥对. ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利 第
SSH 中使用 RSA 和 DSA 认证(详解)
热门推荐
萧少聪 [Scott Siu] 的技术博客
09-23 2万+
[原贴]http://weblog.kreny.com/archives/2005/10/rsadsa_authenti.html  [作者]:kreny一直想把自己的服务器的 SSH 认证的模式从用户名密码模式转换成 RSA 和 DSA 认证协议,借着OpenSSH 4.2的发布,今天写了一下配置过程并收集了一些关于 RSA 和 DSA 的参考文章。思路整理:一直没有理解公匙模式下的认证
How to use SFTP
08-01
How to use SFTP (with client validation - public key authentication) The topic How to use SFTP (with client validation - password authentication) discusses the simplest form of client ...
when I use command "repo init", get the error "git@github.com: Permission denied (publickey).",how can i solve this error
03-30
This error message typically indicates that there is an issue with your SSH key authentication. Here are some steps you can take to solve this error: 1. Check that your SSH key is correctly ...
SSH服务渗透测试利用指北
systemino的博客
06-30 1753
0x01 SSH和SFTP是什么 SSH是一种安全的远程shell协议,用于通过不安全的网络安全地运行网络服务。默认的SSH端口是22,通常会在Internet或Intranet上的服务器上看到它的打开状态。 SFTP是SSH文件传输协议,该协议用于通过SSH连接传输文件,大多数SSH实现也支持SFTP。 0x02 SSH服务器/库 最著名和最常见的SSH服务器和客户端是openSSH(OpenBSD安全shell)。它是一个功能强大的实现,维护良好,于1999年首次发布。因此,这是自Windows
使用RSA Key代替密码进行ssh远程登录
hawkdowen的专栏
08-16 1万+
使用RSAKey替代密码进行ssh远程登录
SSH Man-in-the-Middle Attack and Public-Key Authentication Method
cnbird's blog
10-19 1120
http://www.signedness.org/tools/ SSH is a protocol for secure remote login and other secure network services over insecure networks. To detect man-in-the-middle attacks SSH clients are supposed t
使用ssh 登陆机器的时候,强制使用RSA 算法生成key
changqing1234的专栏
07-17 733
[root@access-applianc ~]# ansible-playbook /opt/IMAppliance/ansible/gateway.yml ---------------------------------------------------------------- Log Path:       /log/ansible/PLAYBOOK/2018-07-17T12:20:...
使用ssh公钥实现面密码登录:RSA公钥
loveprogram_1的专栏
08-19 4751
ssh 无密码登录要使用公钥与私钥。linux下可以用用ssh-keygen生成公钥/私钥对。 有机器A,B(192.168.0.32)。现想A通过ssh免密码登录到B。 1.在A机下生成公钥/私钥对。 ➜  ~  ssh-keygen -t rsa -P '' -P表示密码,-P '' 就表示空密码,也可以不用-P参数,这样就要三车回车,用-P就一次回车。 该
电子设计论文鱼缸水循环自动控制器电子设计论文鱼缸水循环自动控制器
09-21
电子设计论文鱼缸水循环自动控制器电子设计论文鱼缸水循环自动控制器
AP9569GH-HF-VB一款P-Channel沟道TO252的MOSFET晶体管参数介绍与应用说明
09-21
-40V;-65A;RDS(ON)=10mΩ@VGS=10V;VGS=20V;Vth=-1.6V
电子设计论文用555电路组成的DC-AC变换器
09-21
电子设计论文用555电路组成的DC-AC变换器
基于深度学习的看图作诗模型.zip
最新发布
09-21
深度学习是机器学习的一个子领域,它基于人工神经网络的研究,特别是利用多层次的神经网络来进行学习和模式识别。深度学习模型能够学习数据的高层次特征,这些特征对于图像和语音识别、自然语言处理、医学图像分析等应用至关重要。以下是深度学习的一些关键概念和组成部分: 1. **神经网络(Neural Networks)**:深度学习的基础是人工神经网络,它是由多个层组成的网络结构,包括输入层、隐藏层和输出层。每个层由多个神经元组成,神经元之间通过权重连接。 2. **前馈神经网络(Feedforward Neural Networks)**:这是最常见的神经网络类型,信息从输入层流向隐藏层,最终到达输出层。 3. **卷积神经网络(Convolutional Neural Networks, CNNs)**:这种网络特别适合处理具有网格结构的数据,如图像。它们使用卷积层来提取图像的特征。 4. **循环神经网络(Recurrent Neural Networks, RNNs)**:这种网络能够处理序列数据,如时间序列或自然语言,因为它们具有记忆功能,能够捕捉数据中的时间依赖性。 5. **长短期记忆网络(Long Short-Term Memory, LSTM)**:LSTM 是一种特殊的 RNN,它能够学习长期依赖关系,非常适合复杂的序列预测任务。 6. **生成对抗网络(Generative Adversarial Networks, GANs)**:由两个网络组成,一个生成器和一个判别器,它们相互竞争,生成器生成数据,判别器评估数据的真实性。 7. **深度学习框架**:如 TensorFlow、Keras、PyTorch 等,这些框架提供了构建、训练和部署深度学习模型的工具和库。 8. **激活函数(Activation Functions)**:如 ReLU、Sigmoid、Tanh 等,它们在神经网络中用于添加非线性,使得网络能够学习复杂的函数。 9. **损失函数(Loss Functions)**:用于评估模型的预测与真实值之间的差异,常见的损失函数包括均方误差(MSE)、交叉熵(Cross-Entropy)等。 10. **优化算法(Optimization Algorithms)**:如梯度下降(Gradient Descent)、随机梯度下降(SGD)、Adam 等,用于更新网络权重,以最小化损失函数。 11. **正则化(Regularization)**:技术如 Dropout、L1/L2 正则化等,用于防止模型过拟合。 12. **迁移学习(Transfer Learning)**:利用在一个任务上训练好的模型来提高另一个相关任务的性能。 深度学习在许多领域都取得了显著的成就,但它也面临着一些挑战,如对大量数据的依赖、模型的解释性差、计算资源消耗大等。研究人员正在不断探索新的方法来解决这些问题。
ssh-keygen -t rsa -f sshkey
07-11
`ssh-keygen` 是用于生成SSH密钥对的命令, `-t rsa` 指定要生成的是RSA类型的加密密钥,`-f sshkey` 表示将密钥保存到 `sshkey` 文件中。以下是这个命令的基本用法: ```shell # 使用ssh-keygen生成RSA私钥和公钥 ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值