ssh使用密钥登录配置步骤

ssh使用密钥登录配置步骤

1、创建密钥对：

[root@moc ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXgEhPG5huuchWOV9j7F+62JnOE1yk6oMaKNKmn17KY root@moc
The key's randomart image is:
+---[RSA 2048]----+
|    .+o..        |
|    .. + .       |
|      + o .      |
|     . + .       |
|    . * S.       |
|   . * . .o      |
| .. O + o.o.o    |
|o. B O =.=.* +   |
|+.oEO.. .oO.+..  |
+----[SHA256]-----+
[root@moc ~]# 

2、查看密钥：

[root@moc ~]# ls -l /root/.ssh/
total 8
-rw------- 1 root root 1675 Jul 24 05:24 id_rsa
-rw-r--r-- 1 root root  390 Jul 24 05:24 id_rsa.pub

3、修改ssh的配置文件：
[root@moc ~]# vim /etc/ssh/sshd_config

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile      .ssh/authorized_keys

4、将公钥导入指定文件：

[root@moc ~]# cat .ssh/id_rsa.pub  > .ssh/authorized_keys
[root@moc ~]# systemctl restart sshd

5、保存好私钥并用私钥登录服务器

[root@moc ~]# scp /root/.ssh/id_rsa 192.168.1.115:/root/.ssh/
The authenticity of host '192.168.1.115 (192.168.1.115)' can't be established.
ECDSA key fingerprint is SHA256:Lt5j3rBSyTdFPyV4aibgHYhfwXYMRP8hdz8oFaQIWpg.
ECDSA key fingerprint is MD5:c7:cb:52:e7:94:fd:31:c2:97:0a:9f:2f:1a:26:c3:f4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.115' (ECDSA) to the list of known hosts.
root@192.168.1.115's password: 
id_rsa                                                                         100% 1675   557.3KB/s   00:00