Centos7 ssh秘钥登录

1、使用密码登录到需要使用秘钥登录的账户,然后在服务器创建秘钥

[root@ecs-326c-0001 ~]# cd .ssh/
[root@ecs-326c-0001 .ssh]# ll -a
total 8
drwx------  2 root root 4096 Jul  9 11:35 .
dr-xr-x---. 7 root root 4096 Mar 21 11:21 ..
-rw-------  1 root root    0 Jul  9 11:35 authorized_keys
[root@ecs-326c-0001 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:cf:d7:a9:91:fa:ec:c2:2e:ce:71:1e:b2:0a:c6:6f root@ecs-326c-0001
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|        .        |
|       . .       |
|        S        |
|   .     o   o . |
|    +   o.= + o  |
|   . oE..*o= o   |
|     .oo+o++=    |
+-----------------+

   
   
     
     
     
     
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27

2、在服务器上安装公钥

[root@ecs-326c-0001 .ssh]# cat id_rsa.pub >> authorized_keys

   
   
     
     
     
     
  • 1

3、为了确保连接成功,需要设置文件权限

[root@ecs-326c-0001 .ssh]# chmod 600 authorized_keys 
[root@ecs-326c-0001 .ssh]# chmod 700 ~/.ssh

   
   
     
     
     
     
  • 1
  • 2

4、设置ssh,打开秘钥登录功能

[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config

   
   
     
     
     
     
  • 1

去掉注释#

RSAAuthentication yes
PubkeyAuthentication yes

   
   
     
     
     
     
  • 1
  • 2

5、重启ssh服务

[root@ecs-326c-0001 ~]# systemctl restart sshd

   
   
     
     
     
     
  • 1

6、拷贝私钥到PC端,使用软件导入秘钥,然后测试登录

7、秘钥测试登录成功之后,可以禁用使用密码登录,提高服务器的安全性

[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config

   
   
     
     
     
     
  • 1

修改为no

PasswordAuthentication no

   
   
     
     
     
     
  • 1

你可能感兴趣的:(linux,ssh,linux,centos,安全)