发表新帖
发表新帖

Adding a public key to ~/.ssh/authorized_keys does not log me in automatically

前端 未结
关注
30 2496
爱一瞬间的悲伤
爱一瞬间的悲伤 2020-12-02 03:15

I added the public SSH key to the authorized_keys file. ssh localhost should log me in without asking for the password.

I did that and tried t

30条回答
  • 自闭症患者
    自闭症患者 (楼主)
    2020-12-02 03:44

    Setting ssh authorized_keys seem to be simple, but it hides some traps I'm trying to figure.

    -- SERVER --

    In /etc/ssh/sshd_config, set passwordAuthentication yes to let the server temporarily accept password authentication

    -- CLIENT --

    consider Cygwin as Linux emulation and install & run OpenSSH

    1. Generate private and public keys (client side) # ssh-keygen

    Here pressing just Enter, you get default two files, "id_rsa" and "id_rsa.pub", in ~/.ssh/, but if you give a name_for_the_key, the generated files are saved in your current working directory.

    2. Transfer the your_key.pub file to the target machine, ssh-copy-id user_name@host_name

    If you didn't create a default key, this is the first step to go wrong ... you should use:

    ssh-copy-id -i path/to/key_name.pub user_name@host_name

    3. Logging ssh user_name@host_name will work only for the default id_rsa file, so here is the second trap. You need to do ssh -i path/to/key_name user@host

    (Use ssh -v ... option to see what is happening.)

    If the server still asks for a password then you gave something. To Enter passphrase: when you've created keys (so it's normal).

    If ssh is not listening on the default port 22, you must use ssh -p port_nr.

    -- SERVER -----

    4. Modify file /etc/ssh/sshd_config to have

    RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile  %h/.ssh/authorized_keys

    (uncomment if case)

    This tells ssh to accept file authorized_keys and look in the user home directory for the key_name sting written in the .ssh/authorized_keys file.

    5 Set permissions on the target machine

    chmod 755 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

    Also turn off pass authentication,

    passwordAuthentication no

    to close the gate to all ssh root/admin/....@your_domain attempts.

    6. Ensure ownership and group ownership of all non-root home directories are appropriate.

    chown -R ~ usernamehere
chgrp -R ~/.ssh/ user

    ===============================================

    7. Consider the excellent http://www.fail2ban.org

    8. Extra SSH tunnel to access a MySQL (bind = 127.0.0.1) server

    0 讨论(0)
 看不清?
提交回复
热议问题