使用key验证方式登录ssh

1、首先登录Client端

l  使用test用户登录系统:

[test@rhel5-1 ~]$ pwd

/home/test

l  生成密钥对,加密方式为dsa;一路回车,passphrase为空。

[test@rhel5-1 ~]$ ssh-keygen -d

Generating public/private dsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_dsa):

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_dsa.

Your public key has been saved in /home/test/.ssh/id_dsa.pub.

The key fingerprint is:

3a:12:e8:b2:c5:90:24:83:36:4a:16:68:4e:ae:e8:6e test@rhel5-1

l  生成的密钥对保存在用户主目录下的.ssh目录中,id_dsa为私钥,.pub文件为公钥,

需要把公钥文件导入到被访问的服务器上。

[test@rhel5-1 ~]$ ls .ssh

id_dsa  id_dsa.pub

l  将公钥文件发送到server端服务器,使用ssh-copy-id命令,-i指定本地公钥文件目录,-p为ssh端口号,输入root密码后,会提示公钥文件被保存为server端的.ssh/authorized_keys文件。

[test@rhel5-1 ~]$ ssh-copy-id -i /home/test/.ssh/id_dsa.pub "-p 22 [email protected]"

26

The authenticity of host '192.168.203.173 (192.168.203.173)' can't be established.

RSA key fingerprint is 2a:1c:de:6d:e3:8f:f8:61:6b:60:71:a4:ce:c1:63:d9.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.203.173' (RSA) to the list of known hosts.

Address 192.168.203.173 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

[email protected]'s password:

Now try logging into the machine, with "ssh '-p 22 [email protected]'", and check in:

 

  .ssh/authorized_keys

 

to make sure we haven't added extra keys that you weren't expecting.

2、登录server端:

l  使用root身份登录系统:

[root@rhel5-1 ~]# vi /etc/ssh/sshd_config

l  修改:PasswordAuthentication yes

为:PasswordAuthentication no

取消密码验证。

l  接下来从client端使用ssh登录server就不再需要密码了。