服务器端配置
OS: Debian-6.0.5
#apt-get install ssh 安装ssh服务
编辑/etc/ssh/sshd_config配置文件
Port 3322 #修改端口为3322(自定义) PermitRootLogin no #禁止root用户远程登录 PubkeyAuthertication yes #允许用key登录 PasswordAuthertication no #禁止远程ssh客户端用密码登录
iptables设置 开启3322端口允许访问
iptables -I INPUT -p tcp --dport 3220 -j ACCEPT
方法一:管理员在服务器端为普通用户生成key
(若无用户,先新建用户。debian用adduser)
如为用户名为fengzhige生成ssh key,
adduser fengzhige #添加用户 su - fengzhige #用fengzhige用户登录
用ssh-keygen生成key
ssh-keygen -t rsa #生成RSA类型的key
root@debian-2:~# su - fengzhigefengzhige@debian-2:~$ pwd/home/fengzhigefengzhige@debian-2:~$ ssh-keygen -t rsaGenerating public/private rsa key pair. Enter file in which to save the key (/home/fengzhige/.ssh/id_rsa): fengzhige-keyEnter passphrase (empty for no passphrase):Enter same passphrase again: Your identification has been saved in fengzhige-key.Your public key has been saved in fengzhige-key.pub. The key fingerprint is: f1:f5:5c:59:aa:4d:7d:b2:9a:56:c8:bc:50:8b:87:80fengzhige@debian-2 The key's randomart p_w_picpath is:+--[ RSA 2048]----+| .|| . oo|| E o o +.+|| + B O +.|| S = B * || o = || = || . || |+-----------------+fengzhige@debian-2:~$
对公钥设置一下
debian 下的ssh-keygen生成的key会在当前目录下:(fengzhige-key 私 fengzhige-key.pub 公) cd /home/fengzhige cd .ssh #可新建.ssh目录,公钥放在这里cat id_key.pub >> authorized_keys #改为指定的文件名authorized_keys
注意:用户目录权限为 755 或者 700就是不能是77x
.ssh目录权限必须为755
rsa_id.pub 及authorized_keys权限必须为644
rsa_id 权限必须为600
有一次出现了这样的情况,“not registered in the remote host”
查看登录日志/var/log/secure
Jul 21 22:42:10 s1 sshd[1452]: Connection closed by 192.168.179.128 Jul 21 22:42:49 s1 sshd[1453]: Authentication refused: bad ownership or modes for directory /home/test/.ssh Jul 21 22:44:04 s1 sshd[1453]: Authentication refused: bad ownership or modes for directory /home/test/.ssh
明白了,.ssh目录权限没给好。刚开始mkdir .ssh的时候权限是775。因为普通用户的umask是0002,root用户的umask是0022.。最后把.ssh的权限改为755就可以连接了。
私钥保存到有SecureCRT的客户端上。
连接:
