我的理解:
使用密钥登录服务端,即客户端也生成一对公私钥,并将公钥发送给服务端。服务端验证客户端时,将生成随机数,并先使用对称密钥进行加密,再使用客户端发送过来的公钥加密,然后发送给客户端,客户端解密随机数后使用对称密钥加密发送给服务端,服务端收到相同的随机数就验证成功了。
实验步骤:1.生成公私钥
[redhat@localhost ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa):
/home/redhat/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/redhat/.ssh/id_rsa.
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v8gk6L23nxJBaHPFtDqrtAxqi7BHKAxuvHtjHkefG7Q redhat@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| . +o |
| + o .. |
| . + . |
|. .. |
|=. . .S. |
|o=. ..o ++ |
|+...o.oEo.. |
|.+o*o= *=. o |
|o+Boo *++++ |
+----[SHA256]-----+
[redhat@localhost ~]$
[redhat@localhost ~]$ cd /home/redhat/.ssh
[redhat@localhost .ssh]$ ll
total 12
-rw-------. 1 redhat redhat 2622 Mar 11 16:38 id_rsa
-rw-r--r--. 1 redhat redhat 582 Mar 11 16:38 id_rsa.pub
-rw-r--r--. 1 redhat redhat 177 Mar 11 11:25 known_hosts
2.复制公钥到服务端目录下
[redhat@localhost .ssh]$ ssh-copy-id root@192.168.239.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.239.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.239.128'"
and check to make sure that only the key(s) you wanted were added.
3.登录服务器
[redhat@localhost .ssh]$ ssh root@192.168.239.128
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Mar 11 14:01:21 2023 from 192.168.239.1
[root@localhost ~]#