介绍 (Introduction)
SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with an Ubuntu server, chances are you will spend most of your time in a terminal session connected to your server through SSH.
SSH(或安全外壳)是用于管理服务器并与服务器通信的加密协议。 使用Ubuntu服务器时,您很可能会花费大部分时间在通过SSH连接到服务器的终端会话中。
In this guide, we’ll focus on setting up SSH keys for an Ubuntu 20.04 installation. SSH keys provide a secure way of logging into your server and are recommended for all users.
在本指南中,我们将重点介绍为Ubuntu 20.04安装设置SSH密钥。 SSH密钥提供了一种登录服务器的安全方法,建议所有用户使用。
第1步-创建密钥对 (Step 1 — Creating the Key Pair)
The first step is to create a key pair on the client machine (usually your computer):
第一步是在客户端计算机(通常是您的计算机)上创建密钥对:
- ssh-keygen ssh-keygen
By default recent versions of ssh-keygen
will create a 3072-bit RSA key pair, which is secure enough for most use cases (you may optionally pass in the -b 4096
flag to create a larger 4096-bit key).
默认情况下,最新版本的ssh-keygen
将创建一个3072位的RSA密钥对,对于大多数用例来说,这是足够安全的(您可以选择传入-b 4096
标志来创建更大的4096位密钥)。
After entering the command, you should see the following output:
输入命令后,您应该看到以下输出:
Output
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):
Press enter to save the key pair into the .ssh/
subdirectory in your home directory, or specify an alternate path.
按Enter键将密钥对保存到主目录的.ssh/
子目录中,或指定备用路径。
If you had previously generated an SSH key pair, you may see the following prompt:
如果先前已生成SSH密钥对,则可能会看到以下提示:
Output
/home/your_home/.ssh/id_rsa already exists.
Overwrite (y/n)?
If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Be very careful when selecting yes, as this is a destructive process that cannot be reversed.
如果选择覆盖磁盘上的密钥,则将无法再使用先前的密钥进行身份验证。 选择是时要非常小心,因为这是一个破坏性的过程,无法逆转。
You should then see the following prompt:
然后,您应该看到以下提示:
Output
Enter passphrase (empty for no passphrase):
Here you optionally may enter a secure passphrase, which is highly recommended. A passphrase adds an additional layer of security to prevent unauthorized users from logging in. To learn more about security, consult our tutorial on How To Configure SSH Key-Based Authentication on a Linux Server.
在此处,您可以选择输入安全密码,强烈建议您输入该密码。 密码短语增加了一层额外的安全性,以防止未经授权的用户登录。要了解有关安全性的更多信息,请参阅我们的如何在Linux服务器上配置基于SSH密钥的身份验证的教程。
You should then see the output similar to the following:
然后,您应该看到类似于以下内容的输出:
Output
Your identification has been saved in /your_home/.ssh/id_rsa
Your public key has been saved in /your_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:/hk7MJ5n5aiqdfTVUZr+2Qt+qCiS7BIm5Iv0dxrc3ks user@host
The key's randomart image is:
+---[RSA 3072]----+
| .|
| + |
| + |
| . o . |
|o S . o |
| + o. .oo. .. .o|
|o = oooooEo+ ...o|
|.. o *o+=.*+o....|
| =+=ooB=o.... |
+----[SHA256]-----+
You now have a public and private key that you can use to authenticate. The next step is to place the public key on your server so that you can use SSH-key-based authentication to log in.
现在,您具有可用于进行身份验证的公用和专用密钥。 下一步是将公钥放置在服务器上,以便您可以使用基于SSH密钥的身份验证进行登录。
步骤2 —将公钥复制到您的Ubuntu服务器 (Step 2 — Copying the Public Key to Your Ubuntu Server)
The quickest way to c