配置SSH密钥证书服务器
目前有一台服务器LINUX系统,采用SSH登陆,没有启动密钥证书服务,为了安全,现在想在服务器上启用密钥证书服务
问题可能在SSH配置文件中有问题?
配置如下,
一、生成密钥
#ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
(密钥对将要存的路径,括号内为默认)
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
(输入口令)
Enter same passphrase again:
(再次输入口令)
执行命令后生成下面两人文件,一个是私钥、一个是公钥。
/root/.ssh/id_dsa.
(你的私钥)
/root/.ssh/id_dsa.pub.
(你的公钥)
二、配置SSH的配置文件,
----------------------
/etc/ssh/ssh_config
#配置ssh_config
#vi /etc/ssh/ssh_config
Host *
ForwardAgent no
ForwardX11 no
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Cipher blowfish
EscapeChar ~
------------------
/etc/ssh/sshd_config
#vi /etc/ssh/sshd_config
Port 22
ListenAddress 192.168.1.1
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 1024
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
PrintMotd yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
AllowUsers admin
三、将一个是私钥、一个是公钥。复制到客户端,用SecureCRT-v5.0软件到建立SSH链接一服务器。
阅读(1729) | 评论(0) | 转发(0) |