In the previous article“ Xshell Set Key Login to Ensure More Security of Linux VPS and Server "The article has shared that XSHELL uses the key to log in to our VPS server to ensure the security of the machine, but many students do not use XSHELL like Lao Zuo, but many use PUTTY to log in to SSH, so start a new article and share the method of using PUTTY to set the key to log in to the Linux VPS host.
PS: If we need to use PUTTY, we must go to the official download site, preferably the official website. The so-called cracked version, green version, Chinese simplified version, etc. may be implanted into the trojan, which will affect the security of our account.
Step 1: Generate the key
Many tutorials mention that the puttygen.exe file can generate a key, but there may be login errors such as Server refreshed our key. So we use VPS to set the key remotely, and then download it locally.
According to the demonstration in the figure above, after logging into SSH, we first enter ssh keygen - t rsa, and then ask us to determine the path. We directly press Enter, and the/root/. ssh folder directory will be automatically created. Then press Enter, and the access key password will be entered. Enter the key again twice, and you can see it in the directory.
We download the id_rsa and id_rsa.pub in the root/. ssh directory to the local backup for use.
Step 2: Modify the sshd configuration file
A - Change the id_rsa.pub in root/. ssh to authorized_keys and set permissions with chmod 600 authorized_keys.
B - Find/etc/ssh/sshd_config and remove the # comment in front of the RSAAuthentication and PubkeyAuthentication lines.
C - Restart the SSHD service.
Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart
Step 3. Client Configuration Key
We open the puttygen.exe file and load the key.
Enter the key password set in SSH.
Save the private key.
The saved file name can be set to id_rsa.ppk, or it can be customized, but the suffix must be PPK, which we need later.
Step 4: Set the PUTTY authentication link
For normal login, we may need to enter the key and password at the beginning.
Step 5: Modify the SSHD configuration file again
Change the yes after PasswordAuthentication found in the/etc/ssh/sshd_config file to no
Then restart sshd
Debian/Ubuntu execution:/etc/init.d/ssh restart CentOS execution:/etc/init.d/sshd restart
In this way, our putty login key is also configured. Even if they know our ROOT password, it is difficult for them to login. Therefore, the security of several local files needs to be ensured. As long as your local computer is secure, your VPS is relatively secure.
