SSH = S
ecure SH
ell
An application layer protocol used to encrypt and remotely control networked devices and data.
Communicate using the SSH daemon on the server side and the SSH client on the client side.
SSH has SSH version 1 and SSH version 2. It is said that SSH version 2 is more secure in encryption, and it seems that SSH version 2 is the mainstream.
This time, we will describe a simple remote connection method using SSH version 2 and RSA public key cryptography.
Authenticate with an encrypted and paired key. Set up a "public key" on the server side and log in with the "private key" on the client side. If public key A is installed on the server, a pair of private key A is required to log in. Even if you have another private key B, you cannot log in from the server public key A. If you log in with private key B, you need to have a pair of public key B on the server.
Make a key on the client side. Work in the user's home directory.
mkdir .ssh
chmod 700 .ssh
cd .ssh
Create a key with the ssh-keygen command.
ssh-keygen -t rsa -b 4096 -C "[email protected]"
-t rsa: RSA public key cryptography for SSH2 -b: Number of bytes. 2048 bytes if not specified -C: Comment Can be created without options.
$ ssh-keygen (Created without options)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/guest1/.ssh/id_rsa):⇦ Press Enter (key storage location)
Enter passphrase (empty for no passphrase):⇦ Press Enter(Passphrase setting)
Enter same passphrase again:⇦ Press Enter(Confirm passphrase)
Your identification has been saved in /home/guest1/.ssh/id_rsa.
Your public key has been saved in /home/guest1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:TZ6gO14OKhQW3pjmf7IbZzZ83PPwXbkRG+cwnnKJK/k guest1@Cliant
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| . = . . |
| B . . = . |
| + . . S + oo.|
| o . o . o **|
| . .. X + +.o =+o|
| . oB.B o= = .o|
| .+=. . oE .. |
+----[SHA256]-----+
You now have id_rsa (private key) and id_rsa.pub (public key). Change the authority of the private key.
chmod 600 id_rsa
Now work in the home directory on the server side.
mkdir .ssh
chmod 700 .ssh
cd .ssh
vi authorized_keys
Copy and paste the contents of id_rsa.pub (public key) created on the client side to authorized_keys.
chmod 600 authorized_keys
Change permissions for autorized_keys.
ssh username @ hostname or IP address
Note that you can only connect if .ssh or authorized_keys have the proper permissions. File for detailed settings →/etc/ssh/sshd_config