新建用户
[root@Test_Server1 ~]#adduser developer
创建密码
[root@Test_Server1 ~]#passwd developer
设置sudo权限
[root@test_server1 ~]# visudo
developer ALL=(ALL) NOPASSWD:ALL # 添加developer用户,且免密使用
切换用户并进入用户目录
[root@Test_Server1 ~]#su developer
[developer@Test_Server1 root ~]#cd ~
生成密钥对
[developer@Test_Server1 ~]$ ssh-keygen -m PEM -C "developer@kk.com" -f ~/.ssh/developer_rsa
进入.ssh目录并查看文件
[developer@Test_Server1 ~]$cd .ssh
[developer@test_server2 .ssh]$ ls
developer_rsa developer_rsa.pub # 此处应该存在两个文件
生成pem文件
[developer@Test_Server1 .ssh]$ mv developer_rsa developer_rsa.pem
修改authorized_keys文件
- 将公钥的内容追加到authorized_keys文件中
[developer@test_server1 .ssh]$ cat developer_rsa.pub >> authorized_keys
修改.ssh权限
[developer@test_server1 .ssh]$ cd ~
[developer@test_server1 ~]$ chmod 700 .ssh/
修改authorized_keys权限
[developer@test_server1 .ssh]$ chmod 600 ~/.ssh/authorized_keys
- 注意红色部分.ssh目录和authorized_keys的权限
修改远程服务器配置文件
[developer@test_server1 ~]$ sudo vim /etc/ssh/sshd_config
uthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no # 关闭密码登录,默认是yes
# 注意以下两个参数,不能为no
# RSAAuthentication yes # 启用RSA认证,默认是yes
# PubkeyAuthentication yes # 启用公钥认证,默认是yes
重启ssh服务
[developer@test_server1 ~]$ sudo service sshd restart
测试
- 将developer_rsa.pem拷贝到电脑某目录下
- 执行ssh命令,免密登录
ssh developer@xxx.xxx.xxx.xxx -i ./developer_rsa.pem