一、生成密钥
使用 ssh-keygen 命令生成密钥:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
> ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ma/.ssh/id_rsa): Created directory '/home/ma/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ma/.ssh/id_rsa. Your public key has been saved in /home/ma/.ssh/id_rsa.pub. The key fingerprint is: 5b:78:9f:ca:37:c0:80:f3:43:af:0c:64:78:5a:60:df ma@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ | | | o | | . + o | | . O E. | | * +S+o | | . . o++. . | | o.o .o | | o. .o | | o. . | +-----------------+ |
生成的密钥默认位于~/.ssh/目录下,有两个文件,id_rsa 是私钥,id_rsa.pub 是公钥:
|
1 2 3 4 5 |
> cd ~/.ssh/ > ll total 8 -rw-------. 1 ma root 1675 Mar 16 19:02 id_rsa -rw-r--r--. 1 ma root 406 Mar 16 19:02 id_rsa.pub |
把公钥内容添加到登陆密钥文件中:
|
1 |
> cat id_rsa.pub >> authorized_keys |
二、修改配置文件
修改 ssh 的配置文件:
|
1 2 3 4 |
> vi /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys |
然后使用 service sshd reload 重新载入配置,不要使用 service sshd restart 也不要退出终端,避免配置出错导致无法登陆。
三、连接
开启新终端,在用户身份验证方式中选择 public key:
然后导入私钥即可,确认能登录后再关闭上一个终端。
四、关闭密码登录
有了密钥登陆后可以考虑禁止密码登录,修改内容:
|
1 2 3 |
> vi /etc/ssh/sshd_config PasswordAuthentication no > service sshd reload |
评论