SecureCRT key登录linux ssh设置方法
<p><strong style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>一、首先用secureCrt创建密钥</strong><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 1.使用SecureCRT创建私钥和公钥. </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> SecureCRT quick Connect-> Authentiation -> Public Key -> Properties ->Create Identity File -> DSA/RSA -> Set Passphrase -> Done </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 这个时候在指定目录会生成两个文件,例如,私钥my_rsa和公钥my_rsa.pub </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 2.linux服务器上建立.ssh目录,一般情况下,已经有这个目录 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> # mkdir /root/.ssh </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> # chmod 700 /root/.ssh </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 3.将公钥my_rsa.pub传到linux服务器,将SSH2兼容格式的公钥转换成为Openssh兼容格式 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> # ssh-keygen -i -f Identity.pub >> /root/.ssh/authorized_keys2 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> # chmod 600 /root/.ssh/authorized_keys2 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 4.在SecureCRT里面设置登录模式为PublicKey,并选择刚刚创建的my_rsa文件作为私钥 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 5.重启Linux服务器上SSH服务器 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> #service sshd restart或者/etc/init.d/ssh restart </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 6.由于已经设置了密钥登录,原来的密码登录就完全可以去掉 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> $ sudo vim /etc/ssh/sshd_config </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> Protocol 2 /仅允许使用SSH2 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> PubkeyAuthentication yes /*启用PublicKey认证 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> AuthorizedKeysFile .ssh/authorized_keys2 /*PublicKey文件路径 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> PasswordAuthentication no /*禁止密码验证登录 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> PS:以上步骤是使用SecureCRT生成的密钥对来进行登录验证的,其实也可以在服务器上使用ssh-keygen命令生成的密钥,同样在生成密钥对之后,将格式转换成SecureCRT使用的SSH2格式 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 注意:步骤3中的转换key格式易于为大家忽略,请多注意此点。 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><strong style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>二、把创建的私钥共享</strong><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 由于securecrt创建的私钥不同于winscp使用的私钥格式,需要转换 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> securecrt>>tools>>Convert Private Key to OpenSSH Format ... </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 保存成openssh格式的密钥对,然后运行winscp包里的puttygen>>Conversions>>Import key选择刚才转换的私钥,输入key passphrase后,选择Save private key,保存成ppk格式的文件 </span><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><br style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'><strong style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'>三、解决winscp的中文乱码问题 </strong><br><br><span style='font-family: tahoma, arial, "Microsoft YaHei"; font-size: 14px;'> 在WinSCP启动画面上先把进阶选项勾选起来,然后在SFTP设定上将伺服器不使用UTF-8编码选项关闭。</span></p>
頁:
[1]