MENU

使用密钥对验证登陆SSH

October 12, 2018 • Linux阅读设置

配置文件

  • CentOS默认已安装SSH配置文件在 /etc/ssh/目录下有ssh_config和sshd_config
  • ssd_config 是客户端配置文件 sshd_config 是服务端配置文件

禁用 root 登陆

vi /etc/ssh/sshd_config
    PermitRootLogin no  # 禁用 root 用户登录

构建密钥对验证 SSH 登录系统

客户机配置(192.168.1.111)

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):    # 直接回车
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):              # 密码短信 用于保护私钥文件
Enter same passphrase again:
Passphrases do not match.  Try again.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
6d:eb:29:87:e2:f9:be:84:9d:a2:c0:51:e9:66:4c:ea root@localhost.localdomain  # 会生成两个文件
[root@localhost ~]# ll -h ~/.ssh/
总计 8.0K
-rw——- 1 root root 1.8K 11-21 23:24 id_rsa
-rw-r–r– 1 root root  408 11-21 23:24 id_rsa.pub
  • id_rsa 是私钥 id_rsa.pub 是公钥
  • 完成后上传公钥到给服务器

服务器配置(192.168.1.114)

[root@localhost ~]# scp root@192.168.1.111:/root/.ssh/id_rsa.pub ./
root@192.168.1.111′s password:
id_rsa.pub                                                                    100%  408    0.4KB/s  00:00
[root@localhost ~]#
[root@localhost ~]# cp id_rsa.pub ~xiang005/.ssh/
[root@localhost .ssh]# ll
总用量 4
-rw-r–r– 1 root root 408 11 月 22 00:08 id_rsa.pub
[root@localhost .ssh]# cat id_rsa.pub > authorized_keys
[root@localhost .ssh]# vi /etc/ssh/sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
[root@localhost .ssh]# service sshd restart
停止 sshd:[确定]
正在启动 sshd:[确定]

在客户机上验证

[root@localhost .ssh]# ssh xiang005@192.168.1.114
Enter passphrase for key ‘/root/.ssh/id_rsa’:
Last login: Wed Nov 21 23:14:53 2012 from 192.168.1.115

最后编辑于: June 6, 2019
Archives QR Code
QR Code for this page
Tipping QR Code