SSH认证配置
- server6生成公钥和私钥,将公钥放到IP为116.196.xx.xxx(你希望无密码登录的主机IP)主机对应文件中,即可实现,server6无密码访问
- 正常ssh登录,输入密码
-
[root@server6 ~]# ssh 116.196.xx.xxx
The authenticity of host '116.196.xx.xxx (116.196.82.222)' can't be established.
ECDSA key fingerprint is d3:5b:4a:ef:8e:00:41:a0:5e:80:ef:75:76:8a:a3:49.
Are you sure you want to continue connecting (yes/no)?** yes**
Warning: Permanently added '116.196.xx.xxx' (ECDSA) to the list of known hosts.
root@116.196.xx.xxx's password:
Last login: Fri Sep 1 14:17:51 2017 from 111.204.243.7
Welcome to JCLOUD Elastic Compute Service
- 生成公钥私钥
-
[root@server6 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
12:94:ea:89:5a:e3:a4:3d:84:45:04:2a:ca:cc:87:e3 root@server6.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|.o. .. |
|. . .. |
|o. .. |
|* o . . |
|.O + .. S |
|o O o . |
| E . |
|o + |
| . |
+-----------------+
-
[root@server6 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@server6 .ssh]# pwd
/root/.ssh
- 将公钥拷贝到116的机子上
-
[root@server6 ~]# ssh root@116.196.xx.xxx 'cat >>~/.ssh/authorized_keys'<~/.ssh/id_rsa.pub
root@116.196.xx.xxx's password:
- 成功
-
[root@server6 ~]# ssh 116.196.xx.xxx
Last failed login: Fri Sep 1 14:24:52 CST 2017 from 111.204.243.7 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Fri Sep 1 14:21:22 2017 from 111.204.243.7
Welcome to JCLOUD Elastic Compute Service
- 假设你有这条命令:ssh-copy-id
-
[root@server6 ~]# ssh-copy-id 116.196.xx.xxx
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@116.196.xx.xxx's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '116.196.xx.xxx'"
and check to make sure that only the key(s) you wanted were added.
[root@server6 ~]# ssh 116.196.xx.xxx
Last login: Fri Sep 1 14:38:52 2017 from www.quberry.cn
Welcome to JCLOUD Elastic Compute Service
[root@liu ~]#
SSH认证配置
- server6生成公钥和私钥,将公钥放到IP为116.196.xx.xxx(你希望无密码登录的主机IP)主机对应文件中,即可实现,server6无密码访问
- 正常ssh登录,输入密码
-
[root@server6 ~]# ssh 116.196.xx.xxx The authenticity of host '116.196.xx.xxx (116.196.82.222)' can't be established. ECDSA key fingerprint is d3:5b:4a:ef:8e:00:41:a0:5e:80:ef:75:76:8a:a3:49. Are you sure you want to continue connecting (yes/no)?** yes** Warning: Permanently added '116.196.xx.xxx' (ECDSA) to the list of known hosts. root@116.196.xx.xxx's password: Last login: Fri Sep 1 14:17:51 2017 from 111.204.243.7 Welcome to JCLOUD Elastic Compute Service
- 生成公钥私钥
-
[root@server6 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 12:94:ea:89:5a:e3:a4:3d:84:45:04:2a:ca:cc:87:e3 root@server6.example.com The key's randomart image is: +--[ RSA 2048]----+ |.o. .. | |. . .. | |o. .. | |* o . . | |.O + .. S | |o O o . | | E . | |o + | | . | +-----------------+
-
[root@server6 .ssh]# ls authorized_keys id_rsa id_rsa.pub known_hosts [root@server6 .ssh]# pwd /root/.ssh
- 将公钥拷贝到116的机子上
-
[root@server6 ~]# ssh root@116.196.xx.xxx 'cat >>~/.ssh/authorized_keys'<~/.ssh/id_rsa.pub root@116.196.xx.xxx's password:
- 成功
-
[root@server6 ~]# ssh 116.196.xx.xxx Last failed login: Fri Sep 1 14:24:52 CST 2017 from 111.204.243.7 on ssh:notty There was 1 failed login attempt since the last successful login. Last login: Fri Sep 1 14:21:22 2017 from 111.204.243.7 Welcome to JCLOUD Elastic Compute Service
- 假设你有这条命令:ssh-copy-id
-
[root@server6 ~]# ssh-copy-id 116.196.xx.xxx
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@116.196.xx.xxx's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '116.196.xx.xxx'"
and check to make sure that only the key(s) you wanted were added.
[root@server6 ~]# ssh 116.196.xx.xxx
Last login: Fri Sep 1 14:38:52 2017 from www.quberry.cn
Welcome to JCLOUD Elastic Compute Service
[root@liu ~]#
sshd服务的简单配置
vim /etc/ssh/sshd_config ###sshd服务的配置文件
PermitRootLogin yes|no ###是否允许root用户通过sshd的认证,48行
PasswordAuthentication yes|no ###开启或关闭用户密码认证,78行
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###从新加载配置