Shulou(Shulou.com)06/01 Report--

What is the perfect use of linux SSH with SecureCRT keys? in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and easy way.

SSH, especially OpenSSH, is a client program similar to telnet or rsh,ssh that can also be used to log in to a remote machine. All that is required is that the remote machine is running the sshd, the ssh server process. However, unlike telnet, the ssh protocol is very secure. It uses special algorithms to encrypt the data stream, ensure the integrity of the data stream, and even authenticate it securely and reliably.

However, while ssh is great, there is one ssh functional component that is often overlooked: OpenSSH's RSA/DSA key authentication system, which can replace the standard secure password authentication system used by OpenSSH by default.

OpenSSH's RSA and DSA authentication protocols are based on a pair of specially generated keys called private keys and public keys, respectively. The advantage of using these key-based authentication systems is that in many cases, it is possible to establish a secure connection without manually entering a password.

All right, you know what's going on with RSA and DSA, but I won't talk about the principle inside. If you are interested, just take a look at the principle of the public key. In fact, not only SecureCRT supports RSA/DSA, other ssh client software supports similar RSA/DSA, but it seems that public keys generated by different software do not seem to be universal. I just use the most typical SecureCRT to illustrate how RSA is used to cooperate with the ssh service under linux.

My environment: Redhat9.0 openssh-3.5p1-6 SecureCRT 4.0

We cannot set the server openssh first, and when the client is set up, we will go back to setting the ssh.

Let's create a new link and click on the properties: (figure 1)

The default verification method is password, change it to RSA, and then a pop-up box will pop up (figure 2)

Let you confirm whether to use the RSA public key creation wizard, and of course select "Yes" (figure 3)

Go on to the next step: (figure 4)

Fill in the password of your protection key in this step. Remember this password. If you want this password in the future, Comment will fill in it casually.

Next step: (figure 5)

Let you choose the number of encrypted digits. The default is 1024.

Next step: (figure 6)

When you move the mouse in this step, the system will automatically generate the public key and key according to the frequency of your mouse movement.

Next step: (figure 7)

After the RSA public key is created, it will be saved by default or renamed. After that, just note that SecureCRT only looks for the path of the key, and you can make sure that SecureCRT can find your key.

All right, the client's work is done. Here is the configuration of the linux server

Transfer the RSA public key we just created to your server. The default name is identity.pub.

Then operate under linux. If your key is created for linux user frank, let's first create a .ssh directory in the host directory of frank.

Mkdir / home/frank/.ssh

Chmod overnx / home/frank

Chmod 700 / home/frank/.ssh

Then import the public key to the authorized_keys file, because we are using ssh2, and if it is ssh3, it is authorized_keys2

Cat identity.pub > / home/frank/.ssh/authorized_keys

Chmod 644 / home/frank/.ssh/authorized_keys

The setting of permissions is very important, because the unsafe setting of security settings will prevent you from using the RSA function. If you find that you can't find the public key in the process of debugging, check to see if the permission settings are correct.

Ok, now that the server side is set up, you can now use SecureCRT's RSA authentication method to connect to the ssh server. If the connection is normal, a dialog box should pop up for you to enter your password (figure 8).

All you have to do here is enter the password for our protection key. After that, you can enter smoothly.

There is another step to set up, since everyone has successfully used the RSA function of ssh, then you must let openssh only support RSA authentication, otherwise it is meaningless to support both ordinary password and RSA, and there is no improvement in security at all, so it is necessary for openssh to support only RSA verification, if you have not successfully used the RSA function, you do not need to see it, or put the above first to achieve it.

To implement that openssh only supports RSA authentication, we just need to modify

Vi / etc/ssh/sshd_config

Set up

PasswordAuthentication no

All right, if you try the previous normal password authentication method again, the following error message should pop up (figure 9)

Generally speaking, the server only supports the authentication method of RSA, ok

In the future, you can use the public key of RSA to access the ssh server, but you should keep your key. Anyway, I keep it on my USB flash drive and carry it with me. Once your user loses the key, be sure to delete its public key on the server, so that even if that person gets the key, it will not be able to go up.)

The answer to the question about the perfect use of the key of linux SSH and SecureCRT is shared here. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.