linux 之祕鑰登錄
兩臺主機 (服務器) 祕鑰登錄流程圖
我們從 A 主機 (左邊) 祕鑰登錄到 B 服務器(右邊)
A 主機生成公鑰
生成公鑰私鑰,一般不需要特殊設置一路回車默認下一步即可
> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+ims1qKnA9kAUbwuaGmGLdg+V4w1PMj7RO4gMHI7NCU root@JD
The key's randomart image is:
+---[RSA 2048]----+
|.+. |
|. E . |
|. = o |
|= = o * |
|=%.o B oS |
|O=O + =. |
|+= o O. |
| + = *. . |
| oO.o .o |
+----[SHA256]-----+查看公鑰
> ls -al ~/.ssh
-rw------- 1 root root 1675 May 7 21:39 id_rsa //私鑰
-rw-r--r-- 1 root root 389 May 7 21:39 id_rsa.pub //公鑰
> cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDULg8kwT2rW8Z/r0h5lvO6KziZWV1roM/0eKVnkxeKOF9A0JAL46WF4ZA2XsNfG2camxTekC0ZwArB6uvFQTR8RZtDCwdsdsdsds6K3ytR/FOzira6z+7xbk6LvPylaCLfjfMmta04Q7dsdsdsdsdsds5MDr7oY73TWt2XToDA3FynMnl9MQjO4SoTU/Z1PiKsdOoCnbeP/O6KL+6sh9tbd5HoPPLm8LtDCeebZNhvZSulsbeTFZ5Z+HzPLostXJVhRFtiwUlaemAhXngVdIB5D9feXCYdQiP3NM0zAI94XUFCFyaSnZdv3+OTqHmxJ root@local
id_rsa.pub公鑰要發送到 B 服務器。
B 服務器添加 A 主機的公鑰
在 B 服務器對應登錄賬號的家目錄下的
.ssh/authorized_keys文件添加 A 主機的公鑰
比如我們要使用
rumenz賬號進行祕鑰登錄, 就是配置/home/rumenz/.ssh/authorized_keys
> cat /home/rumenz/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDULg8kwT2rW8Z/r0h5lvO6KziZWV1roM/0eKVnkxeKOF9A0JAL46WF4ZA2XsNfG2camxTekC0ZwArB6uvFQTR8RZtDCwdsdsdsds6K3ytR/FOzira6z+7xbk6LvPylaCLfjfMmta04Q7dsdsdsdsdsds5MDr7oY73TWt2XToDA3FynMnl9MQjO4SoTU/Z1PiKsdOoCnbeP/O6KL+6sh9tbd5HoPPLm8LtDCeebZNhvZSulsbeTFZ5Z+HzPLostXJVhRFtiwUlaemAhXngVdIB5D9feXCYdQiP3NM0zAI94XUFCFyaSnZdv3+OTqHmxJ root@local給公鑰及目錄添加權限
> chmod 600 /home/rumenz//.ssh/authorized_keys
> chmod 700 /home/rumenz/.sshsshd 服務安全配置
開啓祕鑰登錄
> vim /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes重啓 sshd 服務
> service sshd restart密鑰方式登錄成功後,再禁用密碼登錄
一定要祕鑰登錄成功後, 再禁用密碼登錄。
> vim /etc/ssh/sshd_config
PasswordAuthentication no
> service sshd restart祕鑰登錄測試
A 主機的命令行輸入
> ssh rumenz@B服務器ip
Last login: Tue Mar 23 22:23:22 2021本文由 Readfog 進行 AMP 轉碼,版權歸原作者所有。
來源:https://mp.weixin.qq.com/s/9V3uDd-Q4xuZtyE7IWW2mw