现在公司进行技术流程的文档化
我也写了点文章,这是其中一篇,不难,献丑了.
SSH Accounts Management
20080124 created by yahoon
Because the SSH and SFTP use the same protocol, so the account managent for both is same.That means, once you have a SSH account , you can aslo use this accont to access server via SFTP.
Follow the steps: (the red words is the shell commands on linux)
1. CREAT A SSH ACCOUNT
Login the linux box as root,issue the command:
useradd user1
we suppose user1 is the name of the client account
2 SET PASSWORD FOR THE ACCOUNT
use the command:
passwd user1
then you will see the following strings on the console
Changing password for user user1.
New UNIX password:
Input the password twice ,at least 6 characters.
3. MAKE SSH KEY DIR FOR THE ACCOUNT
issue the following command:
cd /home/user1
mkdir .ssh
NOTICE, THERE IS A DOT (.) AHEAD OF SSH !!! It means the dir is hidden.
4. CHANGE PERMITIONS ON THE DIR
change the owner of the .ssh dir to be user1
chown user1:user1 .ssh
5. CREATE THE KEYS
switch to user1
su user1
Generate the keys
ssh-keygen –d
You will see serveral questions need to input,just keep blank,press ‘Enter’, Something like this:
Enter file in which to save the key (/home/user1/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_dsa.
Your public key has been saved in /home/user1/.ssh/id_dsa.pub.
The key fingerprint is:
f1:f7:e2:b9:f6:c1:33:76:94:36:5b:80:7c:1f:f2:e0 user1@centos1
the file /home/user1/.ssh/id_dsa is the private key which the clients should keep.
the file /home/user1/.ssh/id_dsa.pub is the public key which should be kept on the server.
6 RENAME THE PUBLIC KEY FILE TO TAKE EFFECT
issue the command :
cd /home/user1/.ssh
mv id_dsa.pub authorized_keys
ALSO,the client can generate the keys locally, for example use openssh to get keys on windows box, then upload the public key file to the directory /home/user1/.ssh/ on the server. Never forget to rename the file as authorized_keys on server.
