Linux开启SSL证书登陆方式（测试正常登陆）

5）用psftp把把id_rsa拉回本地，然后把服务器上的id_rsa和id_rsa.pub干掉

6）配置/etc/ssh/sshd_config

Protocol2

#ServerKeyBits1024

#PermitRootLoginno#禁止root登录而已，与本文无关，加上安全些#以下三行没什么要改的，把默认的#注释去掉就行了

RSAAuthenticationyes

PubkeyAuthenticationyes

AuthorizedKeysFile.ssh/authorized_keys

PasswordAuthenticationno

#PermitEmptyPasswordsno

7）重启sshd/sbin/servicesshdrestart

8）用SecureCRTPortable软件publicKey方式登陆

9)配置文件：

#$OpenBSD:sshd_config,v1.802008/07/0202:24:18djmExp$#Thisisthesshdserversystem-wideconfigurationfile.See#sshd_config(5)formoreinformation.#ThissshdwascompiledwithPATH=/usr/local/bin:/bin:/usr/bin#Thestrategyusedforoptionsinthedefaultsshd_configshippedwith#OpenSSHistospecifyoptionswiththeirdefaultvaluewhere#possible,butleavethemcommented.Uncommentedoptionschangea#defaultvalue.#Port22Port220#端口#ListenAddress0.0.0.0#ListenAddress::#Disablelegacy(protocolversion1)supportintheserverfornew#installations.Infuturethedefaultwillchangetorequireexplicit#activationofprotocol1Protocol2#HostKeyforprotocolversion1#HostKey/etc/ssh/ssh_host_key#HostKeysforprotocolversion2#HostKey/etc/ssh/ssh_host_rsa_key#HostKey/etc/ssh/ssh_host_dsa_key#Lifetimeandsizeofephemeralversion1serverkey#KeyRegenerationInterval1h#ServerKeyBits1024#Logging#obsoletesQuietModeandFascistLogging#LogLevelINFO#Authentication:#LoginGraceTime2m#StrictModesyes#MaxAuthTries6#MaxSessions10RSAAuthenticationyes#-----------去掉注释------------------PubkeyAuthenticationyes#-----------去掉注释------------------AuthorizedKeysFile.ssh/authorized_keys#-----------去掉注释------------------#AuthorizedKeysCommandnone#AuthorizedKeysCommandRunAsnobody#Forthistoworkyouwillalsoneedhostkeysin/etc/ssh/ssh_known_hosts#RhostsRSAAuthenticationno#similarforprotocolversion2#HostbasedAuthenticationno#Changetoyesifyoudon'ttrust~/.ssh/known_hostsfor#RhostsRSAAuthenticationandHostbasedAuthentication#IgnoreUserKnownHostsno#Don'treadtheuser's~/.rhostsand~/.shostsfiles#IgnoreRhostsyes#Todisabletunneledcleartextpasswords,changetonohere!#PermitEmptyPasswordsno#Changetonotodisables/keypasswords#ChallengeResponseAuthenticationyesChallengeResponseAuthenticationno#Kerberosoptions#KerberosAuthenticationno#KerberosOrLocalPasswdyes#KerberosTicketCleanupyes#KerberosGetAFSTokenno#KerberosUseKuserokyes#GSSAPIoptions#GSSAPIAuthenticationnoGSSAPIAuthenticationyes#GSSAPICleanupCredentialsyesGSSAPICleanupCredentialsyes#GSSAPIStrictAcceptorCheckyes#GSSAPIKeyExchangeno#Setthisto'yes'toenablePAMauthentication,accountprocessing,#andsessionprocessing.Ifthisisenabled,PAMauthenticationwill#beallowedthroughtheChallengeResponseAuthenticationand#PAMauthenticationviaChallengeResponseAuthenticationmaybypass#IfyoujustwantthePAMaccountandsessioncheckstorunwithout#andChallengeResponseAuthenticationto'no'.#UsePAMnoUsePAMyes#Acceptlocale-relatedenvironmentvariablesAcceptEnvLANGLC_CTYPELC_NUMERICLC_TIMELC_COLLATELC_MONETARYLC_MESSAGESAcceptEnvLC_PAPERLC_NAMELC_ADDRESSLC_TELEPHONELC_MEASUREMENTAcceptEnvLC_IDENTIFICATIONLC_ALLLANGUAGEAcceptEnvXMODIFIERS#AllowAgentForwardingyes#AllowTcpForwardingyes#GatewayPortsno#X11ForwardingnoX11Forwardingyes#X11DisplayOffset10#X11UseLocalhostyes#PrintMotdyes#PrintLastLogyes#TCPKeepAliveyes#UseLoginno#UsePrivilegeSeparationyes#PermitUserEnvironmentno#Compressiondelayed#ClientAliveInterval0#ClientAliveCountMax3#ShowPatchLevelno#PidFile/var/run/sshd.pid#MaxStartups10:30:100#PermitTunnelno#ChrootDirectorynone#nodefaultbannerpath#Bannernone#overridedefaultofnosubsystemsSubsystemsftp/usr/libexec/openssh/sftp-server#Exampleofoverridingsettingsonaper-userbasis#MatchUseranoncvs#X11Forwardingno#AllowTcpForwardingno#ForceCommandcvsserverUseDNSnoAddressFamilyinetPermitRootLoginyesSyslogFacilityAUTHPRIV#PasswordAuthenticationyesPasswordAuthenticationno#-----------禁止账号登陆------------------