一:生成KEY
在终端中输入:ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key重新建立ssh_host_dsa_key文件
以下是返回信息
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):(直接回车)
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@localhost.localdomain
在终端中输入:ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key重新建立ssh_host_rsa_key文件
以下是返回信息
Generating public/private rkey pair.
Enter passphrase (empty for no passphrase):(直接回车)
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_rey.pub.
二
key生成在目录/etc/ssh
cat ssh_host_dsa_key.pub >> /root/.ssh/authorized_keys
ssh_host_dsa_rey这个放到客户端
/etc/ssh/sshd_config配置如下
Port 22
PubkeyAuthentication yes
AuthorizedKeysFile /root/.ssh/authorized_keys
基本上,在您的系统中,『除非有必要,否则请不要更改 /etc/ssh/sshd_config 这个档案的设定值!』因为预设的情况下通常都是最严密的 SSH 保护了,因此,可以不需要更动他!上面的说明仅是在让大家了解每个细项的一些基本内容而已!需要注意的是最后一项,如果您不愿意开放 SFTP 的话,将最后一行批注掉即可!
另外,如果您修改过上面这个档案(/etc/ssh/sshd_config),那么就必需要重新启动一次 sshd 这个 daemon 才行!亦即是:
/etc/rc.d/init.d/sshd restart