使用key验证方式登录ssh
使用key验证方式登录ssh
1、首先登录Client端
l使用test用户登录系统:
[test@rhel5-1 ~]$ pwd
/home/test
l生成密钥对,加密方式为dsa;一路回车,passphrase为空。
[test@rhel5-1 ~]$ ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_dsa):
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_dsa.
Your public key has been saved in /home/test/.ssh/id_dsa.pub.
The key fingerprint is:
3a:12:e8:b2:c5:90:24:83:36:4a:16:68:4e:ae:e8:6e test@rhel5-1
l生成的密钥对保存在用户主目录下的.ssh目录中,id_dsa为私钥,.pub文件为公钥,
需要把公钥文件导入到被访问的服务器上。
[test@rhel5-1 ~]$ ls .ssh
id_dsaid_dsa.pub
l将公钥文件发送到server端服务器,使用ssh-copy-id命令,-i指定本地公钥文件目录,-p为ssh端口号,输入root密码后,会提示公钥文件被保存为server端的.ssh/authorized_keys文件。
[test@rhel5-1 ~]$ ssh-copy-id -i /home/test/.ssh/id_dsa.pub "-p 22 root@192.168.203.173"
26
The authenticity of host '192.168.203.173 (192.168.203.173)' can't be established.
RSA key fingerprint is 2a:1c:de:6d:e3:8f:f8:61:6b:60:71:a4:ce:c1:63:d9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.203.173' (RSA) to the list of known hosts.
Address 192.168.203.173 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.203.173's password:
【使用key验证方式登录ssh】Now try logging into the machine, with "ssh '-p 22 root@192.168.203.173'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
2、登录server端:
l使用root身份登录系统:
[root@rhel5-1 ~]# vi /etc/ssh/sshd_config
l修改:PasswordAuthentication yes
为:PasswordAuthentication no
取消密码验证。
l接下来从client端使用ssh登录server就不再需要密码了。
转载于:https://blog.51cto.com/imperialzhang/1733075
推荐阅读
- 由浅入深理解AOP
- 【译】20个更有效地使用谷歌搜索的技巧
- mybatisplus如何在xml的连表查询中使用queryWrapper
- MybatisPlus|MybatisPlus LambdaQueryWrapper使用int默认值的坑及解决
- MybatisPlus使用queryWrapper如何实现复杂查询
- iOS中的Block
- Linux下面如何查看tomcat已经使用多少线程
- 使用composer自动加载类文件
- android|android studio中ndk的使用
- 使用协程爬取网页,计算网页数据大小