* 把远程主机的自定义主机名aliyun添加到/etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
127.0.0.1 bogon # added by Apache Friends XAMPP
192.168.10.10 homestead.test
192.168.10.10 homestead.app
192.168.10.127 mingzhanghui
xx.xx.xx.xx aliyun
xx.xx.xx.xx 写成自己的远程主机IP地址
* 登录到远程主机 创建 ~/.ssh目录
ssh mzh@aliyun
mkdir ~/.ssh
* 在当前的机器上生成密钥
ssh-keygen -t rsa
一路回车
* 将生成的公钥复制到远程主机上的~/.ssh/authorized_keys中 (append)
scp ~/.ssh/id_rsa.pub mzh@aliyun:/home/mzh/.ssh/authorized_keys
这种方法不怎么好,~/.ssh/authorized_keys 直接被覆盖了, 应该把生成的公钥追加到这个文件
* 测试免密码登录
ssh mzh@aliyun
还是需要输入密码
* 登录到远程主机查看log
sudo grep -n "Authentication refused: " /var/log/secure
762:Aug 25 11:28:30 iz2ze5rptd09gfzl0jpc3gz sshd[28259]: Authentication refused: bad ownership or modes for directory /home/mzh/.ssh
763:Aug 25 11:28:30 iz2ze5rptd09gfzl0jpc3gz sshd[28259]: Authentication refused: bad ownership or modes for directory /home/mzh/.ssh
767:Aug 25 11:28:59 iz2ze5rptd09gfzl0jpc3gz sudo: mzh : TTY=pts/0 ; PWD=/home/mzh ; USER=root ; COMMAND=/bin/grep -n Authentication refused: /var/log/secure
* 修改权限
** SSH不希望home目录和~/.ssh目录对组有写权限
chmod g-w ~/
ls -ld ~/
drwx------ 20 mzh mzh 4096 Aug 25 11:19 /home/mzh/
** 对 .ssh 文件夹和 authorized_keys 文件同样也要限制
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
* 再测试登录
ssh mzh@aliyun -vvv
Welcome to Alibaba Cloud Elastic Compute Service !