How to use key authentication to achieve more secure SSH login on CentOS server
In server management, ensuring system security is crucial. SSH (Secure Shell) is an encrypted network protocol used for remote login to Linux and UNIX servers. To further strengthen the security of the server, we can use key authentication instead of password login. This article will introduce how to implement a more secure SSH login on a CentOS server and provide corresponding code examples.
Step 1: Generate a key pair
First, generate a key pair on the local machine. Open a terminal window and enter the following command:
ssh-keygen -t rsa
This command will use the RSA algorithm to generate a key pair. Press Enter to confirm the key saving path and file name. You will then be asked to enter the password for your key. You can choose to set a password or leave it blank and press Enter to continue generating the key.
After successful generation, you will find two files under the specified path: id_rsa (private key) and id_rsa.pub (public key).
Step 2: Copy the public key to the server
Next, copy the public key to the CentOS server. Copy the public key to the server using the following command:
ssh-copy-id user@server_ip_address
Replace "user" with your username on the CentOS server and "server_ip_address" with the server's IP address. You will be asked to enter your password to authenticate.
After successfully copying the public key, you will get the following output:
Number of key(s) added: 1
Step 3: Configure SSH service
On the server, open the SSH configuration file to set it up. Open the file with the following command:
sudo vi /etc/ssh/sshd_config
Locate and ensure that the following lines are uncommented and set the values as follows:
PubkeyAuthentication yes PasswordAuthentication no PermitRootLogin no
Uncommenting means allow public key authentication, disable password authentication, and prohibit Log in directly as root user. After making changes, save and close the file.
Next, restart the SSH service to apply the changes:
sudo systemctl restart sshd
Step 4: Test SSH login
Now, you have completed the configuration. You can test whether the SSH login is successful using the following command:
ssh user@server_ip_address
Replace "user" with your username and "server_ip_address" with the server's IP address. The system will attempt to authenticate using your private key.
If everything is set up correctly, you will successfully log in to your CentOS server without entering a password.
Extra Tip:
Summary:
Using key authentication can greatly improve the security of the server and prevent malicious logins and password brute force cracking. This article describes how to implement a more secure SSH login on a CentOS server and provides corresponding code examples. By following these steps, you can easily set up key authentication for your server and keep your system secure.
The above is the detailed content of How to implement more secure SSH login on CentOS server using key authentication. For more information, please follow other related articles on the PHP Chinese website!