使用密钥文件登录及免密登录服务器方法

使用密钥文件登录

首先将密钥应用到主机,然后下载密钥,将密钥拷贝到要访问主机的电脑上,最后通过此文件不需要密码可直接访问到主机

使用密钥文件登录及免密登录服务器方法_第1张图片

[deployer@Bigcolud ~]$ ssh -i ~/dyd/csb-dyd.pem [email protected]
The authenticity of host '10.166.66.66 (10.166.66.66)' can't be established.
ECDSA key fingerprint is SHA256:P2ydg2DT+NDMdYv8C8S8RpWE62znCn0OWiQJkqI6TBh.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.166.66.66' (ECDSA) to the list of known hosts.
You have logged onto a secured server..All accesses logged
Authorized users only. All activity may be monitored and reported
.----..-.  .-..----. 
| {}  \\ \/ / | {}  \
|     / }  {  |     /
`----'  `--'  `----' 
Welcome to BigCloud Enterprise Linux 8 (GNU/Linux 4.19.0-193.1.3.el8.bclinux.x86_64 x86_64)

System information as of Thu Jun 11 20:36:37 CST 2021

  * System CPU load:    0.30 0.24 0.10        * System   uptime:         20:36:37 up 2 min
  * Active sessions:    1                     * Memory    usage:         547 / 838 MB
  * Processes count:    101

  * Get Support  :

  * Ask Questions:
        http://forum.bclinux.org
  * Contact US   :
        MAIL : [email protected] / TEL : 400-1234567-8
[root@csb-dyd611 ~]#

若出现以下警告并让输入密码登录,说明使用密钥文件登录失败

[deployer@Bigcolud ~]$ ssh -i ~/dyd/csb-dyd.pem [email protected]
The authenticity of host '10.166.66.66 (10.166.66.66)' can't be established.
ECDSA key fingerprint is SHA256:P2ydg2DT+NDMdYv8C8S8RpWE62znCn0OWiQJkqI6SBg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.166.66.66' (ECDSA) to the list of known hosts.
You have logged onto a secured server..All accesses logged
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/deployer/dyd/csb-dyd.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/deployer/dyd/csb-dyd.pem": bad permissions
[email protected]'s password:

出现此情况是由于文件权限问题造成的,修改文件权限即可

chmod 600 ~/dyd/csb-dyd.pem # 将权限修改为600
ssh -i ~/dyd/csb-dyd.pem [email protected] # 再次使用密钥即可登录成功
免密登录

在两台主机上都生成密钥对,执行以下命令

ssh-keygen -t rsa

将一台主机做为客户端,将公钥导入到认证文件中

cat .ssh/id_rsa.pub >> .ssh/authorized_keys

将认证文件authorized_keys上传到另一台主机(即服务端)的.ssh目录下

使用密钥文件登录及免密登录服务器方法_第2张图片

此处的.ssh目录若非通过命令ssh-keygen -t rsa创建,而是通过命令mkdir .ssh创建,则需要更改权限

chmod 700 .ssh/
chmod 600 .ssh/authorized_keys

最后,在客户端即可直接登录到服务器,或者通过私钥id_rsa访问服务端

ssh [email protected]
ssh -i .ssh/id_rsa [email protected]

使用密钥文件登录及免密登录服务器方法_第3张图片

你可能感兴趣的:(linux,ssh,centos)