1、使用密码登录到需要使用秘钥登录的账户,然后在服务器创建秘钥
[root@ecs-326c-0001 ~]# cd .ssh/
[root@ecs-326c-0001 .ssh]# ll -a
total 8
drwx------ 2 root root 4096 Jul 9 11:35 .
dr-xr-x---. 7 root root 4096 Mar 21 11:21 ..
-rw------- 1 root root 0 Jul 9 11:35 authorized_keys
[root@ecs-326c-0001 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:cf:d7:a9:91:fa:ec:c2:2e:ce:71:1e:b2:0a:c6:6f root@ecs-326c-0001
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . |
| S |
| . o o . |
| + o.= + o |
| . oE..*o= o |
| .oo+o++= |
+-----------------+
2、在服务器上安装公钥
[root@ecs-326c-0001 .ssh]# cat id_rsa.pub >> authorized_keys
3、为了确保连接成功,需要设置文件权限
[root@ecs-326c-0001 .ssh]# chmod 600 authorized_keys
[root@ecs-326c-0001 .ssh]# chmod 700 ~/.ssh
4、设置ssh,打开秘钥登录功能
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
去掉注释#
RSAAuthentication yes
PubkeyAuthentication yes
5、重启ssh服务
[root@ecs-326c-0001 ~]# systemctl restart sshd
6、拷贝私钥到PC端,使用软件导入秘钥,然后测试登录
7、秘钥测试登录成功之后,可以禁用使用密码登录,提高服务器的安全性
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
修改为no
PasswordAuthentication no