如何在Ubuntu 20.04上设置SSH密钥

介绍 (Introduction)

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with an Ubuntu server, chances are you will spend most of your time in a terminal session connected to your server through SSH.

SSH(或安全外壳)是用于管理服务器并与服务器通信的加密协议。 使用Ubuntu服务器时，您很可能会花费大部分时间在通过SSH连接到服务器的终端会话中。

In this guide, we’ll focus on setting up SSH keys for an Ubuntu 20.04 installation. SSH keys provide a secure way of logging into your server and are recommended for all users.

在本指南中，我们将重点介绍为Ubuntu 20.04安装设置SSH密钥。 SSH密钥提供了一种登录服务器的安全方法，建议所有用户使用。

第1步-创建密钥对 (Step 1 — Creating the Key Pair)

The first step is to create a key pair on the client machine (usually your computer):

第一步是在客户端计算机(通常是您的计算机)上创建密钥对：

• ssh-keygen
  ssh-keygen

By default recent versions of ssh-keygen will create a 3072-bit RSA key pair, which is secure enough for most use cases (you may optionally pass in the -b 4096 flag to create a larger 4096-bit key).

默认情况下，最新版本的ssh-keygen将创建一个3072位的RSA密钥对，对于大多数用例来说，这是足够安全的(您可以选择传入-b 4096标志来创建更大的4096位密钥)。

After entering the command, you should see the following output:

输入命令后，您应该看到以下输出：

   
   
   

    
    
    Output
   
   
   
Generating public/private rsa key pair.
Enter file in which to save the key (/your_home/.ssh/id_rsa):

Press enter to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.

按Enter键将密钥对保存到主目录的.ssh/子目录中，或指定备用路径。

If you had previously generated an SSH key pair, you may see the following prompt:

如果先前已生成SSH密钥对，则可能会看到以下提示：

   
   
   

    
    
    Output
   
   
   
/home/your_home/.ssh/id_rsa already exists.
Overwrite (y/n)?

If you choose to overwrite the key on disk, you will not be able to authenticate using the previous key anymore. Be very careful when selecting yes, as this is a destructive process that cannot be reversed.

如果选择覆盖磁盘上的密钥，则将无法再使用先前的密钥进行身份验证。 选择是时要非常小心，因为这是一个破坏性的过程，无法逆转。

You should then see the following prompt:

然后，您应该看到以下提示：

   
   
   

    
    
    Output
   
   
   
Enter passphrase (empty for no passphrase):

Here you optionally may enter a secure passphrase, which is highly recommended. A passphrase adds an additional layer of security to prevent unauthorized users from logging in. To learn more about security, consult our tutorial on How To Configure SSH Key-Based Authentication on a Linux Server.

在此处，您可以选择输入安全密码，强烈建议您输入该密码。 密码短语增加了一层额外的安全性，以防止未经授权的用户登录。要了解有关安全性的更多信息，请参阅我们的如何在Linux服务器上配置基于SSH密钥的身份验证的教程。

You should then see the output similar to the following:

然后，您应该看到类似于以下内容的输出：

   
   
   

    
    
    Output
   
   
   
Your identification has been saved in /your_home/.ssh/id_rsa
Your public key has been saved in /your_home/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:/hk7MJ5n5aiqdfTVUZr+2Qt+qCiS7BIm5Iv0dxrc3ks user@host
The key's randomart image is:
+---[RSA 3072]----+
|                .|
|               + |
|              +  |
| .           o . |
|o       S   . o  |
| + o. .oo. ..  .o|
|o = oooooEo+ ...o|
|.. o *o+=.*+o....|
|    =+=ooB=o.... |
+----[SHA256]-----+

You now have a public and private key that you can use to authenticate. The next step is to place the public key on your server so that you can use SSH-key-based authentication to log in.

现在，您具有可用于进行身份验证的公用和专用密钥。 下一步是将公钥放置在服务器上，以便您可以使用基于SSH密钥的身份验证进行登录。

步骤2 —将公钥复制到您的Ubuntu服务器 (Step 2 — Copying the Public Key to Your Ubuntu Server)

The quickest way to c