- 列表内容
###############用ssh生成的key给用户加密
1.#######用ssh生成key###########
[root@localhost .ssh]# ssh-keygen ###生成公钥和私钥的工具
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ###指定加密字符保存文件,使用默认
Enter passphrase (empty for no passphrase): ###密码自己设定,在加密成功之后登陆加密用户时会用到,也可 以成空格
Enter same passphrase again: ###再输入一次密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b6:9e:51:3a:b4:63:b4:eb:84:b3:fa:01:f0:c1:c4:d8 root@localhost
The key’s randomart image is:
+–[ RSA 2048]—-+
| +. |
| .oE |
| . o |
| o . |
| o S . |
| . = * |
| + @ |
| B * |
| .oo.= |
+—————–+
[root@localhost .ssh]# ls
authorized_keys id_rsa id_rsa.pub ###生成的公钥和私钥
id_rsa是私钥,id_rsa.pub是公钥
authorized_keys ###此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。
2.#######用生成的密钥给用户加密###########
ssh-copy-id
列表内容
上传key的工具
-i ####指定使用的公钥
student ####被管理的目标用户
172.25.254.192 ####被管理用户所在主机的ip
~/.ssh/id_rsa.pub #####使用公钥的名称
[root@localhost .ssh]# ssh-copy-id -i ~/.ssh/id_rsa student@172.25.254.192
The authenticity of host ‘172.25.254.192 (172.25.254.192)’ can’t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
student@172.25.254.192’s password: ###输入student的密码
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘student@172.25.254.192’”
and check to make sure that only the key(s) you wanted were added.
3.#####更改student用户sshd的配置文件
[root@localhost .ssh]#vim /etc/ssh/sshd_config ###sshd服务的配置文件,进入关闭密码认证,然后重新加载配置
48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###从新加载配置
4.#####登陆student用户
[root@localhost .ssh]#ssh student@172.25.254.192 ###回车之后,输入之前设置的密码,登陆成功
附加:id_rsa文件传送给想要登陆的用户
[root@localhost .ssh]# scp /root/.ssh/id_rsa root@172.25.254.191:~/.ssh ###将密钥传给root用户 IP为172.25.254.191
kiosk@172.25.254.33’s password:
id_rsa 100% 1679 1.6KB/s 00:00
其他用户也能通过私钥登陆student用户