1.使用SecureCRT生成公钥和私钥
选择Tools>>Create Public Key…,生成公钥和私钥
密钥类型选择RSA
加密私钥,加密密码为888888(可选择不加密)
RSA密钥长度设置为2048位
选择第2个OpenSSH密钥格式,保存公钥和私钥到本地磁盘目录
2.上传SecureCRT生成的公钥到CentOS
进入/root/.ssh目录,修改authorized_keys权限为400
[root@vps ~]# cd /root/.ssh/
[root@vps ~]# chmod 400 authorized_keys
[root@vps .ssh]# ll
total 16
-r--------. 1 root root 964 Jan 10 04:14 authorized_keys
[root@vps .ssh]#
安装lrzsz用于SecureCRT上传文件(也可用WinSCP上传)
[root@vps .ssh]# dnf install lrzsz
Last metadata expiration check: 0:19:33 ago on Mon 10 Jan 2022 04:37:48 AM PST.
Dependencies resolved.
===========================================================================================================================================
Package Architecture Version Repository Size
===========================================================================================================================================
Installing:
lrzsz x86_64 0.12.20-43.el8 BaseOS 84 k
Transaction Summary
===========================================================================================================================================
Install 1 Package
Total download size: 84 k
Installed size: 190 k
Is this ok [y/N]: y
Downloading Packages:
lrzsz-0.12.20-43.el8.x86_64.rpm 1.0 MB/s | 84 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------
Total 383 kB/s | 84 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : lrzsz-0.12.20-43.el8.x86_64 1/1
Running scriptlet: lrzsz-0.12.20-43.el8.x86_64 1/1
Verifying : lrzsz-0.12.20-43.el8.x86_64 1/1
Installed:
lrzsz-0.12.20-43.el8.x86_64
Complete!
[root@vps .ssh]#
选择Transfer>>Zmodem Upload List…添加需要上传的公钥后进行上传
上传成功如下显示
[root@vps .ssh]# rz
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring Identity.pub...
100% 395 bytes 395 bytes/sec 00:00:01 0 Errors
[root@vps .ssh]# ll
total 20
-r--------. 1 root root 964 Jan 10 04:14 authorized_keys
-rw-r--r--. 1 root root 395 Jan 10 04:54 Identity.pub
3.添加公钥到授权文件
CentOS服务器生成RSA密钥对
[root@vps .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 888888 #加密密钥,留空为不加密#
Enter same passphrase again: 888888
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OZcIIaYmj5rudACS94/RZ6e3ejtN3fUw6LkX+EzKf0k root@vps
The key's randomart image is:
+---[RSA 3072]----+
| o . |
| . o . . |
|= + . . |
|o* . . . o .. o .|
|... o . S +. + +o|
|... + o = = +Eo|
|o. .. . . .+ *...|
|o . .o.= +..|
|.o .ooo o.. |
+----[SHA256]-----+
[root@vps .ssh]# ll
total 20
-r--------. 1 root root 402 Jan 10 04:10 authorized_keys
-rw-r--r--. 1 root root 402 Jan 10 02:11 Identity.pub
-rw-------. 1 root root 2635 Jan 10 04:14 id_rsa
-rw-r--r--. 1 root root 562 Jan 10 04:14 id_rsa.pub
添加服务器公钥和本地客户端公钥到授权文件
[root@vps .ssh]# cat id_rsa.pub >>authorized_keys
[root@vps .ssh]# cat Identity.pub >>authorized_keys
4.修改SSH配置文件,允许使用公钥免密登录
修改SSH配置文件,启用公钥认证
[root@vps .ssh]# vim /etc/ssh/sshd_config
#启用公钥认证
PubkeyAuthentication yes
#公钥认证授权文件位置
AuthorizedKeysFile .ssh/authorized_keys
#禁用密码登录方式(也可选择yes,保留原密码认证方式)
PasswordAuthentication no
重启sshd服务
[root@vps .ssh]# systemctl restart sshd
5.使用公钥登录CentOS系统
SSH属性取消勾选密码登录
输入SecureCRT创建密钥对时私钥的加密密码888888
登录成功
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Mon Jan 10 04:16:20 2022 from 120.130.12.18
[root@vps ~]#