SSH 使用密钥远程登录
制作密钥对
# 在服务器上创建密钥对,生成密钥在目录 /root/.ssh/id_rsa 下
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:i20SQWD8Z7S3ps5xEkHI5dDJ3p2rfx/sLVI/Ud6lwqg root@fgd-ubuntu
The key's randomart image is:
+---[RSA 3072]----+
| .ooo=o. |
| ...o+= |
| ..ooo . . |
| ..=.o o o|
| .oS. + . o+|
| + o+ + +.o|
| o *+.. o +.|
| +E+. . +.+|
| .o ..o ++|
+----[SHA256]-----+
在服务器上安装公钥
$ cd /root/.ssh/
$ ls
id_rsa id_rsa.pub known_hosts
$ cat id_rsa.pub >> authorized_keys
$ chmod 600 authorized_keys
$ chmod 700 /root/.ssh/
打开 SSH 密钥登录功能
vim vim /etc/ssh/sshd_config
,配置下列选项:
RSAAuthentication yes
PubkeyAuthentication yes
#PermitRootLogin yes # 可选
#PasswordAuthentication no # 可选
重启 SSH:service sshd restart
连接测试
将私钥拷贝到客户端,进行测试:
$ ssh root@192.168.194.136 -i ./id_rsa
The authenticity of host '192.168.194.136 (192.168.194.136)' can't be established.
ECDSA key fingerprint is SHA256:xXfVIByV63jt6o5YxSJDqtTMzthUCOuGl4S4O+7qVwk.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.194.136' (ECDSA) to the list of known hosts.
Enter passphrase for key './id_rsa':
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.8.0-40-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
3 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable
Your Hardware Enablement Stack (HWE) is supported until April 2025.
*** System restart required ***
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
root@fgd-ubuntu:~#