1、使用密码登录到需要使用秘钥登录的账户,然后在服务器创建秘钥
[root@ecs-326c-0001 ~]# cd .ssh/
[root@ecs-326c-0001 .ssh]# ll -a
total 8
drwx------ 2 root root 4096 Jul 9 11:35 .
dr-xr-x---. 7 root root 4096 Mar 21 11:21 ..
-rw------- 1 root root 0 Jul 9 11:35 authorized_keys
[root@ecs-326c-0001 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:cf:d7:a9:91:fa:ec:c2:2e:ce:71:1e:b2:0a:c6:6f root@ecs-326c-0001
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . |
| S |
| . o o . |
| + o.= + o |
| . oE..*o= o |
| .oo+o++= |
+-----------------+
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
2、在服务器上安装公钥
[root@ecs-326c-0001 .ssh]# cat id_rsa.pub >> authorized_keys
- 1
3、为了确保连接成功,需要设置文件权限
[root@ecs-326c-0001 .ssh]# chmod 600 authorized_keys
[root@ecs-326c-0001 .ssh]# chmod 700 ~/.ssh
- 1
- 2
4、设置ssh,打开秘钥登录功能
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
- 1
去掉注释#
RSAAuthentication yes
PubkeyAuthentication yes
- 1
- 2
5、重启ssh服务
[root@ecs-326c-0001 ~]# systemctl restart sshd
- 1
6、拷贝私钥到PC端,使用软件导入秘钥,然后测试登录
7、秘钥测试登录成功之后,可以禁用使用密码登录,提高服务器的安全性
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
- 1
修改为no
PasswordAuthentication no
- 1