版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/cx55887/article/details/83216036
前言
首先实现基于密钥方式登录系统的原理:
- 在客户端建立一对密钥对,然后把公钥放在需要访问的目标服务器上,另外,还需要把私钥放在客户端用来登录的用户的家目录下。
- 当客户端发起登录请求时,会将公钥文件送给服务器端,然后服务器会做比对两个公钥,如果比对成功,会向客户端发送一个质询(该质询是用传输密钥对中的公钥加密)。
- 客户度收到这个质询之后,会进行解密,然后将解密的结果发送给服务器端确定。
案例:实现密钥方式登录系统
规划:
server:10.220.5.113
client:10.220.5.112
第一步:在客户端器端创建一个密钥对
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #询问1:密钥对的保存位置
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #询问2:对密钥对加密密码
Enter same passphrase again: #询问3:确认密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7d:e7:f4:ef:63:0b:26:fc:90:04:fd:d5:b6:e2:51:a4 root@BIGboss
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| . o .|
| . . E oo|
| .. . o..|
| S ...+o. |
| o.o+o. |
| = +. .|
| = .o.|
| ..o=|
+-----------------+
# 三次询问均保持默认,按enter即可;
# ls ~/.ssh/ <<<查看生成的密钥对
id_rsa id_rsa.pub
第二步:传送公钥到服务器端主机
# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
The authenticity of host '10.220.5.113 (10.220.5.113)' can't be established.
RSA key fingerprint is 5c:ae:6f:5e:a7:2f:bf:cb:27:fc:c9:a1:46:27:78:d1.
Are you sure you want to continue connecting (yes/no)? yes(此处询问是否确定继续连接,输入yes确认)
Warning: Permanently added '10.220.5.113' (RSA) to the list of known hosts.
[email protected]'s password: (输入客户端对应用户的登录密码)
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
说明:
- -i:指定要传输的密钥文件
- [email protected]:指定传输到哪个主机上面
- 传递到目标主机之后,公钥文件会被重命authorized_keys,该文件的权限必须600
第三步:在10.220.5.113主机上确认公钥文件是否传输到位:
[root@BIGboss ~]# ls -l /root/.ssh/
total 4
-rw------- 1 root root 394 Oct 21 01:39 authorized_keys
测试:在客户端可以直接登录服务器端
# ssh 10.220.5.113
#ip addr show <<<查看是否已经登录113主机
------做运维之前很矫情的小年轻-----