参考URL:http://www.server-memo.net/server-setting/ssh/ssh-key.html
詳しくは参考URLを参照してもらうとして、以下メモ。
秘密鍵と公開鍵を作成
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hogehoge/.ssh/id_rsa):
Created directory '/home/hogehoge/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hogehoge/.ssh/id_rsa.
Your public key has been saved in /home/hogehoge/.ssh/id_rsa.pub.
The key fingerprint is:
75:28:f4:77:3f:68:93:d2:c5:7d:2a:5c:96:c9:2f:17 hogehoge@TestServer
authorized_keysが無い場合
cd ~/.ssh
mv id_rsa.pub authorized_keys
chmod 600 authorized_keys
既にauthorized_keysがある場合
cat id_dsa.pub >> authorized_keys
WinSCP等でid_rsaをローカルに持ってきてPuTTYgenに喰わせる。
(略)
sshdの設定変更
sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_yyymmdd
sudo nano /etc/ssh/sshd_config
--- sshd_config_20110218 2011-02-17 23:07:29.804689290 +0900
+++ sshd_config 2011-02-18 00:34:08.837514406 +0900
@@ -23,12 +23,12 @@
# Authentication:
LoginGraceTime 120
-PermitRootLogin yes
+PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
-#AuthorizedKeysFile %h/.ssh/authorized_keys
+AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
@@ -47,7 +47,7 @@
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
+PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
sudo /etc/init.d/sshd restart