参考URL:http://www.server-memo.net/server-setting/ssh/ssh-key.html
詳しくは参考URLを参照してもらうとして、以下メモ。
秘密鍵と公開鍵を作成
ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/hogehoge/.ssh/id_rsa): Created directory '/home/hogehoge/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/hogehoge/.ssh/id_rsa. Your public key has been saved in /home/hogehoge/.ssh/id_rsa.pub. The key fingerprint is: 75:28:f4:77:3f:68:93:d2:c5:7d:2a:5c:96:c9:2f:17 hogehoge@TestServer
authorized_keysが無い場合
cd ~/.ssh mv id_rsa.pub authorized_keys chmod 600 authorized_keys
既にauthorized_keysがある場合
cat id_dsa.pub >> authorized_keys
WinSCP等でid_rsaをローカルに持ってきてPuTTYgenに喰わせる。
(略)
sshdの設定変更
sudo cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config_yyymmdd sudo nano /etc/ssh/sshd_config
--- sshd_config_20110218 2011-02-17 23:07:29.804689290 +0900 +++ sshd_config 2011-02-18 00:34:08.837514406 +0900 @@ -23,12 +23,12 @@ # Authentication: LoginGraceTime 120 -PermitRootLogin yes +PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys +AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes @@ -47,7 +47,7 @@ ChallengeResponseAuthentication no # Change to no to disable tunnelled clear text passwords -#PasswordAuthentication yes +PasswordAuthentication no # Kerberos options #KerberosAuthentication no
sudo /etc/init.d/sshd restart