一、生成密钥文件
-t 指定生成密钥的类型
-f 指定生成密钥的路径
-b 指定密钥长度,默认是2048
[root@localhost ~]# ssh-keygen -t rsa # 生成密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): #给私钥设置密码
Enter same passphrase again: #再次输入
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:6DWyVtlQvY5YV5imaBvDzhZfPpDZP8bBhDWox9k5NHY root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| .. *o |
| . B *.E|
| ... O X + |
| .B+B O * |
| o+SO.O o o |
| . =*.o + = |
| +. o . |
| . |
| |
+----[SHA256]-----+二、在/root/.ssh下创建authorized_keys文件,将公钥追加到文件中
[root@localhost ~]# cd /root/.ssh #进入目录
[root@localhost .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# touch authorized_keys #创建文件
[root@localhost .ssh]# cat id_rsa.pub >> authorized_keys #将公钥追加到文件中三、下载私钥
[root@localhost .ssh]# sz id_rsa四、修改权限
[root@localhost .ssh]# chmod 700 /root/.ssh
[root@localhost .ssh]# chmod 600 /root/.ssh/authorized_keys authorized_keys的权限为600或者更加严格,否则登录时会提示server refuse you key
五、修改ssh的配置文件
[root@localhost .ssh]# vim /etc/ssh/sshd_config
# To disable tunneled clear text passwords, change to no here!
PubkeyAuthentication yes # 将密钥登录打开
#PermitEmptyPasswords no
PasswordAuthentication no #关闭密码验证登录六、重启ssh
[root@localhost .ssh]# systemctl restart sshd七、FinalShell登录
518
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
