因为在配置过程中需要问题了,所以记录一下。
环境如下:
| 服务端 | 192.168.0.132 (CentOS Linux release 7.9.2009 (Core)) |
| 客户端 | 192.168.0.216(Ubuntu 22.04.5 LTS) |
服务端配置密钥对(使用Centos作为服务端实验)
服务端执行:
[root@localhost ~]# ssh-keygen
[root@localhost ~]# ssh-copy-id bird@192.168.0.216
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.216 (192.168.0.216)' can't be established.
ECDSA key fingerprint is SHA256:l2BGywJPJak8cLLAFNb5BX1bdKBoxOrwRWNN32gemqs.
ECDSA key fingerprint is MD5:36:1b:27:32:6d:15:81:a1:46:29:92:15:c0:5b:92:c5.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bird@192.168.0.216's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'bird@192.168.0.216'"PubkeyAuthentication
and check to make sure that only the key(s) you wanted were added.
客户端SSH配置,禁止密码登录只允许密钥登录:
配置文件路径: /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
禁止密码登录,允许密钥登录。最后记得重启 sshd
最后的实验效果使用密码还是可以登录,之后在所有的配置文件中搜索 PubkeyAuthentication 参数,发现存在多个配置文件,如下:
bird@bird:/etc/ssh$ sudo grep -r PasswordAuthentication *
ssh_config:# PasswordAuthentication yes
sshd_config:PasswordAuthentication no
sshd_config:# PasswordAuthentication. Depending on your PAM configuration,
sshd_config:# PAM authentication, then enable this but set PasswordAuthentication
sshd_config.d/50-cloud-init.conf:PasswordAuthentication yes
分别是: ssh_config,sshd_config,sshd_config.d/50-cloud-init.conf
将sshd_config.d/50-cloud-init.conf配置文件中PasswordAuthentication yes 修改为 no,重启后密码就被禁止登录了
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
