CentOS设置ssh密钥登录

zhaorong · 发表于 linux教程 2017-12-2 11:41:22


	一、生成密钥对（两种方式）并配置方式1：使用ssh-keygen(1)生成并配置（1）生成密钥对 [root@iZwz9catu2mrq92b07d1d0Z ~]# ssh-keygen -t rsa Generating public/private rsa key pair. //输入文件名称 Enter file in which to save the key (/root/.ssh/id_rsa): keys_root //输入私钥加密密码 Enter passphrase (empty for no passphrase): //再次输入密码 Enter same passphrase again: Your identification has been saved in keys_root. Your public key has been saved in keys_root.pub. The key fingerprint is: f4:f9:70:51:cf:09:f6:da:30:6a:b1:67:4f:dc:14:44 root@iZwz9catu2mrq92b07d1d0Z The key's randomart image is: +--[ RSA 2048]----+ \| o+E \| \| ..ooo\| \| . ..o o+\| \| . . .+...\| \| S ++.+ +.\| \| .+o o \| \| . . \| \| \| \| \| +-----------------+ //文件生成成功，keys_root为私钥，keys_root.pub为公钥 [root@iZwz9catu2mrq92b07d1d0Z ~]# ls keys_root keys_root.pub 复制代码* （2）配置公钥 //将生成的公钥写入到用户的authorized_keys [root@iZwz9catu2mrq92b07d1d0Z ~]# echo -e '#this is keys_root' >> ~/.ssh/authorized _keys ; cat ~/keys_root.pub >> ~/.ssh/authorized_keys [root@iZwz9catu2mrq92b07d1d0Z ~]# cat ~/.ssh/authorized_keys #this is keys_root ssh-rsa 我是猪！B3NzaC1yc2E我是猪！BIwAAAQEAyhp9SBxas8Nmwdi4dQfOuUULpMGRnGEFopU2DXhSF+ PE/s80xrVS31Ycd5o4gU3iehKx2vo4OEB2lYZ2JCfptTc59HAj+Qwqh7i5S4YQuX/+31GkY+s8XKFR4QgH1 ubQt9feU2cagfG1f+wWRsa0YtefE67Kjv6OZuKuA2bOdrAH4mzV1m71iLMUZYgaEnfJExXj2lbPAXRqCV+tdIj9h 0jxhB5pQXsZ3NE38D22WYNKO4Sy8odfE7Oby1I0Emm8Uhiwqgx91HP22iY/WqzZOxeKZPF17CPWr9cChaPh 9/DXM1Wd8KDCg33MO6hbpqAwh7iEughndXly0FY0oZNKnQ== root@iZwz9catu2mrq92b07d1d0Z 复制代码（3）配置私钥下载私钥到本地机器 [root@iZwz9catu2mrq92b07d1d0Z ~]# sz keys_root 复制代码启动Xshell 工具（Tools）用户密钥管理者（User Key Manager）导入已下载的 keys_root 文件（Import）配置完成方式2：使用Xshell生成并配置启动Xshell 工具新建用户密钥生成向导（New User Key Wizard）按步骤选择下一步输入密钥名称和私钥密码后选择下一步密钥对生成成功，此时私钥已自动导入到Xshell中，需要我们手动保存公钥到本地机器上传已保存的公钥文件到服务器并配置在用户的authorized_keys文件中二、通过密钥登录服务器新建会话，填写名称、主机等信息选择左侧栏目用户身份验证，右侧方法选择Public Key，填写用户名，选择对应的用户密钥并填写密钥的密码，点击确定连接会话附录 [root@iZwz9catu2mrq92b07d1d0Z ~]# man ssh 复制代码 1.ssh-keygen命令介绍 The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/id entity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then copy t he public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password. 复制代码注：每个用户都拥有自己的 authorized_keys 2.authorized_keys文件介绍 ~/.ssh/authorized_keys Lists the public keys (RSA/ECDSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. 复制代码注：建议文件权限对拥有者为读写权限，其他用户无权限

微信扫一扫 分享朋友圈

CentOS设置ssh密钥登录

微信扫一扫分享朋友圈