ssh control server: 192.168.48.102
ssh server is controlled: 192.168.48.103
Sshd generate private and public keys:
[root@localhost ~]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): --输入密码(可以为空)
Enter same passphrase again: --再次输入密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wxBPRyYTDpQQYvp2u86bL3Fza3cCs5V2TAYeFDM1qa4 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| o o++.=+Ooo. |
| o . . =oo.. |
|. . o. + |
| . o o o |
| o . S. = |
| . ...o +.= o |
| .o o O . |
| ..o E o . |
| . + ... o |
+ ---- [SHA256] ----- +
View the key file:
[root @ localhost ~] # cd /root/.ssh/
[root @ localhost .ssh] # LS
id_rsa id_rsa.pub known_hosts
将公钥文件传输到需要远控的机器上:
[root@localhost .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
On the remote control of the machine you want to modify sshd configuration file:
[root @ localhost .ssh] # vi / etc / SSH / sshd_config
PubkeyAuthentication yes - open comment this line
Restart the service:
[root @ localhost .ssh] # systemctl restart sshd.service
在控制服务器ssh被控制服务器:
[root@localhost .ssh]# ssh -i /root/.ssh/id_rsa [email protected]
Last login: Mon Jun 24 23:37:11 2019 from 192.168.48.101
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.48.103 netmask 255.255.255.0 broadcast 192.168.48.255
inet6 fe80::6a9b:be28:c9bb:64fd prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:e6:e9:b0 txqueuelen 1000 (Ethernet)
RX packets 16635 bytes 16327536 (15.5 MiB)
RX errors 0 dropped 141 overruns 0 frame 0
TX packets 9187 bytes 5350257 (5.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 188 bytes 16920 (16.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 188 bytes 16920 (16.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0