1,部分机器第一次登录后,/root/ 目录下 没有 .ssh文件夹
mkdir -p ~/.ssh
chmod 700 ~/.ssh
2,生成密钥
ssh-keygen -t rsa -b 4096 -C htz
后面全部默认回车(具体也可以设置密码;我这里没有)
3,将密钥导入需要登录的目标机器
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFGOzdt6J039rR5W/h+F1q+nVCjxk2mlYh5TfJo+w4XDvWrdPU+/3Arh4+++1Yqd7nwtX9lpXaL1K/+PCj2+R8juv/0aTk2qBaJa1Zogk6d7rdCBAezWCU1p/RDDwX6P1AF8AWW9zL8NxoU26Toeta6+5bZO0r19y0IHBQKxdTXJIJGhaEPNWr3xyXwKa36WieykA0AX+qpOkUu3nVSCj9TS2ULe95g0JZPB4WoTI0nkSdyo1lS3K5IBKZxYABu0HkGgkrm8KJS899m/W5JLQH+fjN5suqjAHTljJA6dNXgCXIa225s9aHHSpZYi875/iY9u0RowShvRRfd2cf4BLksLZD4i2eebM5KYv4TAk1I7XxBAFk6GxLajb5IujLxvxrw12mp3l1lYWeDlGI+uFSeEulXqAhHXQQrWHsBmVOrVqde2EmYtaovV/oP372LPmqi9a5OZkjZlVQfwahPjohqcPKq40lMoIoCKwa2d3kwtHPpzLeHQpX26ODL3v0T37monqHsdc1ZI7lCZgUo/Q1ztfTr6pzpGoR2LYwXGVdHY689vTGP+BRXH2ngiSQ2D7AD8+Is/dA0R+9ezx8dBw7t29mXSgQ5JrdfdQOokkHPlSIA7r/lR10y0ST43QcOIcxz4LjZ/Bu3Cjge2Lm+QUxBZPxpQ1cxCbCM6fiJoWm3Q== htz" > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
这里是我的配置
/etc/ssh/sshd_config
备注:主要是红色地方; 改端口;启用密钥;取消密码登录
Port 1111
UseDNS no
UsePAM yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin without-password
PubkeyAuthentication yes
PasswordAuthentication no
MaxAuthTries 6
#RSAAuthentication yes
PubkeyAcceptedKeyTypes +ssh-rsa
AuthenticationMethods publickey
ChallengeResponseAuthentication no
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AuthorizedKeysFile .ssh/authorized_keys
重启ssh即可
注意:一般建议重启后不要退出登录界面;避免把自己锁死了
这里的登录次数6 可以结合pam认证 超过多少次 就屏蔽多久
这里的MaxAuthTries 建议和deny 保持一致
MaxAuthTries 6
vi /etc/pam.d/sshd
auth required pam_tally2.so deny=6 unlock_time=25920000 even_deny_root root_unlock_time=25920000