centos7系统使用密钥登陆系统配置比较简单,但需要注意个地方:
- .ssh权限为700
- authorized_keys权限为600(644也可以)
顺带操作记录如下:
[scnuser@app04 ~]$ mkdir .ssh
[scnuser@app04 ~]$ chmod 700 .ssh && cd .ssh
[scnuser@app04 ~]$ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/scnuser/.ssh/id_rsa): id_rsa
Enter passphrase (empty for no passphrase): (此处可输入密钥密码)
Enter same passphrase again:
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
……
[scnuser@app04 .ssh]$ cat id_rsa.pub > authorized_keys && chmod 600 authorized_keys
[scnuser@app04 .ssh]$ ls
authorized_keys id_rsa id_rsa.pub
/etc/ssh/sshd_config文件配置
- 设置ssh在接收登录请求之前是否检查用户家目录和rhosts文件的权限和所有权
StrictModes yes
[root@app04 ~]# sed -i 's/^#StrictModes/StrictModes/g' /etc/ssh/sshd_config
设置是否允许只有RSA安全验证
RSAAuthentication yes
PubkeyAuthentication yes
[root@app04 ~]# sed -i 's/^#PubkeyAuthentication/PubkeyAuthentication/g' /etc/ssh/sshd_config
#重启sshd服务
[root@app04 ~]# systemctl restart sshd
注意:以上操作完成后,使用key文件(id_rsa)登陆,没有错误可进行下面操作!
提醒:所有配置无误后再执行修改下面的配置,以免发生不必要的问题
- 设置是否允许口令验证
PasswordAuthentication yes
[root@app04 ~]# sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
禁用root登陆 (把yes修改为no,待密钥登陆配置无误后进行配置)
PermitRootLogin yes
[root@app04 ~]# sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
[root@app04 ~]# vim /etc/ssh/sshd_config
[root@app04 ~]# systemctl restart sshd
记得备份id_rsa id_rsa.pub文件,同时把服务器上的该文件删除。
好运!
有问题欢迎留言,共同进步!