First, login centos, switch users, switch to users who want to log in password-free, and enter the home directory. Here I take root as an example, command:
2. Create keys, command: ssh-keygen-t rsa, follow Y all the way
3. Following the process, you will see id_rsa in ~/. SSH directory (user’s home directory. SSH directory), id_rsa.pub file is the first private key and the second public key.
IV. Modify SSH configuration file, command: vim/etc/ssh/sshd_config
# Disable root account login, open it if you log in with root user
# Is sshd allowed to check the permission data of the user’s home directory or related files?
# This is for fear that users may set the rights of some important files incorrectly, which may lead to some problems.
# For example, when the user’s ~. SSH / permission is set incorrectly, users are not allowed to log in under some special circumstances.
# Whether users are allowed to log in using paired key systems on their own, only for version 2.
# As for the self-made public key data, it is placed in the user’s home directory. ssh/authorized_keys
# If you have a certificate to log in, disable password to log in. Security matters.
5. Since the location of Authorized Keys File is specified in step 4 as. ssh/authorized_keys, the public key data id_rsa.pub must be attached to the authorized_keys file. Command:
cat id_ras.pub >> authorized_keys
Restart SSH service, command: system CTL restart sshd.service
6. Download the private key. Here I use the rz/sz tool (you can use other ways). The system is not installed by default. Install first. The command is: yum-y install lrzsz.
SecureCRT configuration: options session options X/Y/Zmodem, modify upload and download directories.
Now start downloading, command:
Then go to the download directory you configured before and import the private key into SecurtCRT.
Option Session Option SSH2, click on the public key in the authentication column (note that since password login has been disabled before, we have to check out the password column, otherwise we will not be able to login), click on the properties, use session public key settings, and then in the user identity or certificate file below, select the one you just downloaded. To the private key file, just click on it.
7. All the above configurations have been completed. Looking at other online tutorials, we also said that we should pay attention to the issue of file permissions. I did not encounter the process of doing the experiment. Maybe I used the root user’s reason. If you have permission to report errors in the process, we suggest setting permissions:
Ssh/id_rsa* 600 and belongs to the user you are currently adding
8. Make the server safer, open double authentication of password and certificate, first modify SSH configuration file:
Password Authentication changed to yes
Then add one: uthentication methods publickey, password
Restart SSH service: system CTL restart sshd.service
SecureCRT configuration: Because the password was removed in step 6 before, you have to tick it up again, option session option SSH2, just tick up the password column.
Personal Experience: Don’t close the connection window of the current SecurtCRT after the configuration is completed. You can try to login using the new connection to avoid configuration errors and the server can’t login.