How to configure and manage SSH key pairs in Linux SysOps

Configuration and management method of SSH key pair in Linux SysOps

In Linux system operation and maintenance (SysOps), SSH (Secure Shell) is a commonly used Remote login and management tools. The configuration and management of SSH key pairs is an important part of ensuring connection security and simplifying the login process. This article will introduce how to configure and manage SSH key pairs and provide specific code examples.

SSH key pair usually consists of public key and private key. The public key is used to encrypt data, and the private key is used to decrypt it. The generation and configuration of the key pair is divided into the following steps:

1. Generate the key pair
   First, execute the following command in the Linux terminal to generate the key pair:

   $ ssh-keygen -t rsa -b 4096

This command will generate a 4096-bit RSA key pair and save the public key and private key in ~/.ssh/id_rsa.pub and # respectively. ##~/.ssh/id_rsa file.

2. Configuring the key pair

   Next, copy the generated public key content to the
   ~/.ssh/authorized_keys file of the target server to achieve Public key authentication. The public key can be copied to the target server using the following command:

   $ ssh-copy-id user@host

where

user is the username of the target server and host is the target The IP address or domain name of the server.

3. Modify SSH configuration

   In order to ensure the security of the SSH key pair, you need to modify the configuration of the SSH server. Edit the
   /etc/ssh/sshd_config file on the target server and set the following parameters to the corresponding values:

   PubkeyAuthentication yes
   PasswordAuthentication no
   PermitRootLogin no

Set

PubkeyAuthentication To yes, enable public key authentication; set PasswordAuthentication to no, disable password authentication; set PermitRootLogin to no , prohibit logging in as root user.

4. Reload SSH service

   Execute the following command on the target server to reload the SSH service and make the configuration take effect:
   

   $ systemctl reload sshd

Now , the configuration and management of SSH key pairs have been completed. You can test it with the following command:

$ ssh user@host

where

user is the user name of the target server, and host is the IP address or domain name of the target server.

Summary:

Through the above steps, we successfully configured the SSH key pair and achieved a more secure and convenient remote connection. The management of SSH key pairs also includes regular replacement and backup, as well as using a password library to encrypt and protect the private key. We hope that the content of this article provides useful guidance and reference for Linux SysOps personnel.

(Note: The code examples in this article are based on the Linux system. They may be different for other operating systems or different versions of Linux. Please adjust according to the actual situation.)

The above is the detailed content of How to configure and manage SSH key pairs in Linux SysOps. For more information, please follow other related articles on the PHP Chinese website!