Linux 安全密钥验证

 

[root@rhel7 ~]# ssh-keygen  --在客户端主机中生成“密钥对”
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
81:ed:02:f4:f6:dc:12:0e:9a:6c:01:b0:f5:2e:80:07 root@rhel7.rusky.com
The key's randomart image is:
+--[ RSA 2048]----+
|E.o .            |
|.+ + . o         |
|+ . + = +        |
| o o * * +       |
|  . * . S .      |
|   o   . .       |
|                 |
|                 |
|                 |
+-----------------+
[root@rhel7 ~]# ssh-copy-id 192.168.1.8  --把公钥传送到远程服务器中
The authenticity of host '192.168.1.8 (192.168.1.8)' can't be established.
ECDSA key fingerprint is 46:b8:f6:7c:39:21:bb:68:7d:3e:92:6a:80:a0:c1:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.8's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.8'"
and check to make sure that only the key(s) you wanted were added.

[root@rhel7 ~]# ssh 192.168.1.8  --在客户端主机尝试登陆到服务端主机，此时无需输入密码口令也可直接验证登陆成功
Last login: Sun Aug  6 12:12:15 2017 from 192.168.1.99
[root@victory ~]# 

另外，还可以设置服务器主机只允许密钥验证，拒绝传统口令验证方式，记得修改配置文件后保存并重启sshd服务程序。

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
#PasswordAuthentication yes

#systemctl restart sshd

转载于:https://www.cnblogs.com/rusking/p/7373594.html