1、在Linux服务器生成公钥和私钥,默认生成的。
[root@redhat7 ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # 生成的密钥的路径
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): # 创建密码
Enter same passphrase again: #再次输入密码
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RFCI09BCMjiCpXE8AC9d8h5SzeC4oqqehqj/8cIa3i8 root@redhat7.6
The key's randomart image is:
+---[RSA 3072]----+
|*=*.*O.+o |
|=*oX+ *. |
|+.=.+o . |
| . + . . |
|. . . S |
|.. |
|+ ... |
|+o.oEo |
|O++oo+o |
+----[SHA256]-----+
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -C "192.169.111.31" -t 密钥类型 -f密钥文件路径及名称 -C备注信息
2、配置文件开启密钥登录
vim /etc/ssh/sshd_config
RSAAuthentication yes # 开启RSA证书验证
PubkeyAuthentication yes # 开启公钥证书验证
AuthorizedKeysFile .ssh/authorized_keys # 这个默认路径,可以根据生成的密钥路径进行修改。
3、创建认证文件
touch .ssh/authorized_keys # 路径与sshd_config所配置的路径一致
chmod 600 .ssh/authorized_keys # 尽量调低权限
cat .ssh/id_rsa.pub >> .ssh/authorized_keys # 将公钥信息写入到文件中
4、重启sshd服务
systemctl restart sshd
5、win客户端密钥登录
- 将.ssh/id_rsa下载到win客户端
- 通过Xshell等工具将密钥导入。