SSH秘钥登录

SSH秘钥登录

1、使用如下命令生成密钥对
[root@xuegod130 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #直接回车
Enter passphrase (empty for no passphrase): #输入密钥的密码
Enter same passphrase again: #再次输入密钥密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Y8K3Am4qdviR5IJC0xrVVNPQWHB9eR4fYgXBFh/qd0M [email protected]
The key’s randomart image is:
±–[RSA 2048]----+
| …=Bo. .+*o |
| o .oo . Bo+.|
| . . +.+E+|
| o . . …|
| + o. o S . o.|
|o *… + o . o|
|oo.+o . . |
|oo.+. . |
|…+. |
±—[SHA256]-----+

2、将密钥文件导入到authorized_keys文件，因为ssh的配置里面规定了读取密钥是从这个文件来读取的，如下：
[root@xuegod130 ~]# vim /etc/ssh/sshd_config
47 AuthorizedKeysFile .ssh/authorized_keys
将密钥文件导入到authorized_keys文件
[root@xuegod130 ~]# cd /root/.ssh/
[root@xuegod130 .ssh]# ls
id_dsa id_dsa.pub
[root@xuegod130 .ssh]# cat id_dsa > authorized_keys
[root@xuegod130 .ssh]# ls
authorized_keys id_dsa id_dsa.pub

3、使用xshell登录后，将id_dsa文件下载本地
[root@xuegod130 .ssh]# sz id_dsa

4、修改ssh服务的配置文件，只允许密钥登录
[root@xuegod130 ~]# vim /etc/ssh/sshd_config
64 PasswordAuthentication no #将yes改为no，不要密码登录

5、重启sshd服务
[root@xuegod130 ~]# systemctl restart sshd
6、使用xshell登录