版权声明:转载请标明出处! https://blog.csdn.net/weixin_38642130/article/details/87607772
简述
利用公私钥的方式进行ssh免密登录。这里简述一下免密登录的过程:首先在客户端上创建一对公私钥(公钥文件:/.ssh/id_rsa.pub;私钥文件:/.ssh/id_rsa),然后把公钥放到服务器上(~/.ssh/authorized_keys),自己保留好私钥。当ssh登录时,ssh程序会发送私钥去和服务器上的公钥做匹配。如果匹配成功就可以登录了。下面将详细介绍如何配置。
1)在客户端中安装ssh工具
$$ yum install openssh openssh-clients
2)利用ssh-keygen生成公私钥
$$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wege/.ssh/id_rsa): #存放位置,这里选择默认
Enter passphrase (empty for no passphrase): #加密密码,默认为空
Enter same passphrase again: #再次输入加密密码
Your identification has been saved in /home/wege/.ssh/id_rsa.
Your public key has been saved in /home/wege/.ssh/id_rsa.pub.
The key fingerprint is:
41:22:88:8e:10:de:68:6f:ed:99:3c:d4:34:5f:93:3d wege@centos68
The key's randomart image is:
+--[ RSA 2048]----+
|.o .. . . |
|+ + . o o |
|++ . o. + E |
|o.. . o o.. . . |
| o o .S. |
| . + o |
| * |
| . |
| |
+-----------------+
3)然后把生成的公钥id_rsa.pub拷贝到服务端对应的用户目录下
$ ll /home/wege/.ssh/id_rsa.pub
-rw-r--r--. 1 root root 397 Jan 7 20:01 /home/wege/.ssh/id_rsa.pub
改名为authorized_keys,并且注意修改文件所有人和读写权限
$ chown wege:wege authorized_keys
$ chmod 600 authorized_keys
4)修改服务端ssh配置文件sshd_config
$ vim sshd_config
### 打开下面配置
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
### 添加以下一项,禁止root用户远程登录
PermitRootLogin no
### 修改以下一项,禁止使用密码登录
PasswordAuthentication no
### 修改以下一项,禁止使用空密码
PermitEmptyPasswords no
重启ssh
$ /etc/init.d/sshd restart
5)客户端就可以免密登录到服务端啦!
[wege@centos68 .ssh]$ ssh 192.168.0.69
The authenticity of host '192.168.0.69 (192.168.0.69)' can't be established.
RSA key fingerprint is b6:49:38:32:e0:95:e7:fe:8c:0b:71:a3:7e:1a:ed:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.69' (RSA) to the list of known hosts.
Last login: Mon Jan 7 19:48:17 2019 from 192.168.0.68
[wege@centos69 ~]$