Foreword:
In addition to verifying the remote connection to the server through the password, Linux can also connect to the server through the private key. Compared with the two, the latter is more secure and can be traced back to the source. The following is the configuration process
1. First, you need to generate the ssh-key key locally
1.1 Generate Generate a secret key through the command and create a file
Win+r (under windows) enter cmd to bring up the terminal.
Excuting an order:
ssh-keygen -m PEM -t rsa -b 4096 -f C:\Users\SC\.ssh\ztest.pem
# C:\Users\SC\.ssh\ztest.pem 该路径是指存放生成文件后的存放路径,可自定义
# ztest.pem 的文件名称可自定义, 必须以.pem 后缀结尾
The following is the explanation of the above figure
Enter passphrase (empty for no passphrase):
#Key password, the input needs to be remembered (safe). You can also withdraw directly without losing.
1 Enter same passphrase again:
#Return after entering the password again
After the 1.2 command, view the locally generated files
2. Upload the zyhtest.pem.pub public key file in the .ssh directory under the user to the server, or open this file and copy the content directly to the server.
2.1 Execute the command in the server to create a secret key:
Execute the command as follows:
ssh-keygen -m PEM -t rsa -b 4096 -f /root/.ssh/ztest2.pem
#/root/.ssh/ztest2.pem 表示存放生成文件的存放路径,可自定义路径
#/ztest2.pem 文件名称可以自定义 但必须以 .pem 结尾
2.2 Upload the locally generated public key to the server
2.2.1 Enter the generated .ssh directory and upload the local certificate public key
cd /root/.ssh
#该路径就是我们在2.1中 选择存储生成文件的路径下
An example image is as follows:
1. Select the file zyhtest.pem.pub that needs to be uploaded locally
(files to be uploaded locally)
2. The location of uploading to the server is as follows
(path to upload to server)
2.3 The value in the current uploaded public key needs to be added to the authorization list (authorized_keys)
2.3.1 If there is no authorized_keys file, create it, command:
touch authorized_keys
2.3.2 Add the contents of the zyhtest.pem.pub file to the newly created authorized_keys file
cat zyhtest.pem.pub>>authorized_keys
#zyhtest.pem.pub 文件名称,根据你们创建时的名称进行修改The content in zyhtest.pem.pub can also be directly copied and pasted into the authorized_keys file
2.2.3 Check whether the addition is successful
cat authorized_keys
Note explanation:
authorized_keys 中保存的可以有N个,数据来源于不同用户在本地生成的xxx.pem.pub 中的key,同时,也可以将服务器中的生成的xxx.pem.pub的key放到另外一个服务器中的authorized_keys中 这样就可以实现linux服务互相连接了
ztest.pem.pub 中的key可直接复制到authorized_keys 中
三、客户端通过私钥进行远程连接
3.1 新建ssh连接
3.1.1私钥 点击”浏览”,再点击导入
3.1.2浏览选择私钥
3.4 点击保存即可。
3.5 再次双击即可登录成功
四、开启秘钥登录后,就需要关闭密码连接,
操作如下:
4.1编辑sshd_config 配置文件
4.1输入命令:sudo vim /etc/ssh/sshd_config
4.2修改如下,允许秘钥连接,关闭密码登录
PubkeyAuthentication yes #允许秘钥登录
PasswordAuthentication no #不允许密码登录
如果默认被注释,就取消注释即可;
4.3最后:wq 保存退出,并重启ssh服务
4. 4重启命令:systemctl restart sshd
五、结束
在2.1 步骤,服务器中创建秘钥 这里 为了更加安全起见,可以新建一个普通用户,并切换为普通用户后,再执行2.1的命令即可
