使用公私钥实现ssh认证免密登录

简述

利用公私钥的方式进行ssh免密登录。这里简述一下免密登录的过程：首先在客户端上创建一对公私钥（公钥文件：_{/.ssh/id_rsa.pub；私钥文件：}/.ssh/id_rsa），然后把公钥放到服务器上（~/.ssh/authorized_keys），自己保留好私钥。当ssh登录时，ssh程序会发送私钥去和服务器上的公钥做匹配。如果匹配成功就可以登录了。下面将详细介绍如何配置。

1）在客户端中安装ssh工具

$$ yum install openssh openssh-clients

2）利用ssh-keygen生成公私钥

$$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wege/.ssh/id_rsa): 	#存放位置，这里选择默认
Enter passphrase (empty for no passphrase): 		#加密密码，默认为空
Enter same passphrase again: 						#再次输入加密密码
Your identification has been saved in /home/wege/.ssh/id_rsa.
Your public key has been saved in /home/wege/.ssh/id_rsa.pub.
The key fingerprint is:
41:22:88:8e:10:de:68:6f:ed:99:3c:d4:34:5f:93:3d wege@centos68
The key's randomart image is:
+--[ RSA 2048]----+
|.o .. . .        |
|+ +  . o    o    |
|++ .   o.  + E   |
|o.. . o o.. . .  |
|   o o .S.       |
|  . + o          |
|     *           |
|      .          |
|                 |
+-----------------+

3）然后把生成的公钥id_rsa.pub拷贝到服务端对应的用户目录下

$ ll /home/wege/.ssh/id_rsa.pub 
-rw-r--r--. 1 root root 397 Jan  7 20:01 /home/wege/.ssh/id_rsa.pub

改名为authorized_keys，并且注意修改文件所有人和读写权限

$ chown wege:wege authorized_keys 
$ chmod 600 authorized_keys

4）修改服务端ssh配置文件sshd_config

$ vim sshd_config
### 打开下面配置
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile	.ssh/authorized_keys

### 添加以下一项，禁止root用户远程登录
PermitRootLogin no

### 修改以下一项，禁止使用密码登录
PasswordAuthentication no

### 修改以下一项，禁止使用空密码
PermitEmptyPasswords no

重启ssh

$ /etc/init.d/sshd restart

5）客户端就可以免密登录到服务端啦！

[wege@centos68 .ssh]$ ssh 192.168.0.69
The authenticity of host '192.168.0.69 (192.168.0.69)' can't be established.
RSA key fingerprint is b6:49:38:32:e0:95:e7:fe:8c:0b:71:a3:7e:1a:ed:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.69' (RSA) to the list of known hosts.
Last login: Mon Jan  7 19:48:17 2019 from 192.168.0.68
[wege@centos69 ~]$

使用公私钥实现ssh认证免密登录

简述

猜你喜欢