实现目的:
1、配置普通账号通过密钥验证远程SSH登录服务器
2、禁用root账号通过远程SSH登录服务器
3、禁用所有账号通过密码验证远程SSH登录服务器
具体操作:
使用root来示例
1、生成ssh密钥
Last login: Tue Jan 13 09:04:53 2015 from 192.168.16.107
[root@wlzs ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): #在此输入通行短语
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
42:d4:6c:1e:2f:a5:f7:93:ac:ad:5a:1b:49:57:89:5b root@wlzs.com
The key's randomart image is:
+--[ RSA 2048]----+
| .o |
| . = . . . |
| .o = . E |
| . + o + |
| . So.oo. |
| . . o= |
| +o . |
| ..o. |
| ..o. |
+-----------------+
2、创建验证文件(authorized_keys)
[root@wlzs ~]# cd .ssh/
[root@wlzs .ssh]# ls
id_rsa id_rsa.pub
[root@wlzs .ssh]# mv id_rsa.pub authorized_keys
3、将生成的验证文件下载到主机
[root@wlzs .ssh]# sz id_rsa
rz
zmodem trl+C ? 100% 1 KB 1 KB/s 00:00:01 0 Errors
4、使用secure crt连接
快速连接—-写上主机名—–用户名——将公钥移到最顶端—–点选公钥——属性
使用会话公钥设置—–找到下载的id_rsa文件—–确定
5、连接时,输入通行短语即可
二〇一五年一月十三日 10:40:45