1、确认系统已经安装了SSH

rpm qa | grep openssh

   

yum install ssh  -y  ##安装SSH协议

 

2、生成秘钥对

ssh-keygen -t rsa -P ''    ##直接回车生成的密钥对:id_rsaid_rsa.pub,默认存储在用户的目录下 如:'/home/oldboy/.ssh' 如下:

 

例:

[oldboy@m01 ~]$ ssh-keygen -t rsa -P ''

Generating public/private rsa key pair.

Enter file in which to save the key(/home/oldboy/.ssh/id_rsa):

Created directory '/home/oldboy/.ssh'.

Your identification has been saved in/home/oldboy/.ssh/id_rsa.

Your public key has been saved in/home/oldboy/.ssh/id_rsa.pub.

The key fingerprint is:

12:87:bf:b2:ee:2f:71:eb:21:32:cc:51:81:cb:91:26oldboy@m01

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|    o.          |

|  E=  o         |

|   +o+ .        |

|   o. +         |

|   . . S        |

|   o.....       |

|   = ooo.       |

|    o.+..       |

|    o++o        |

+-----------------+

[oldboy@m01 ~]$

 

[oldboy@m01 ~]$ cd .ssh

[oldboy@m01 .ssh]$  ll -a

总用量 16

drwx------ 2 oldboy incahome 4096 10  6 17:48 .

drwx------. 4 oldboy oldboy   4096 10  6 17:48 ..

-rw------- 1 oldboy incahome 1675 10  6 17:48 id_rsa

-rw-r--r-- 1 oldboy incahome  392 10  6 17:48 id_rsa.pub

 

3、把id_rsa.pub追加到授权的key里面去。

cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys

 

例:

[oldboy@m01 .ssh]$ cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys

[oldboy@m01 .ssh]$ ll -a

总用量 20

drwx------ 2 oldboy incahome 4096 10  6 17:52 .

drwx------. 4 oldboy oldboy   4096 10  6 17:48 ..

-rw-r--r--  1 oldboy incahome  392 10  6 17:52 authorized_keys

-rw------- 1 oldboy incahome 1675 10  6 17:48 id_rsa

-rw-r--r-- 1 oldboy incahome  392 10  6 17:48 id_rsa.pub

 

4、修改授权key的权限

chmod 600 ~/.ssh/authorized_keys

 

例:

[oldboy@m01 .ssh]$ chmod 600~/.ssh/authorized_keys

[oldboy@m01 .ssh]$ ll -a

总用量 20

drwx------ 2 oldboy incahome 4096 10  6 17:52 .

drwx------. 4 oldboy oldboy   4096 10  6 17:48 ..

-rw-------  1 oldboy incahome  392 10  6 17:52 authorized_keys

-rw------- 1 oldboy incahome 1675 10  6 17:48 id_rsa

-rw-r--r-- 1 oldboy incahome  392 10  6 17:48 id_rsa.pub

5、修改SSH配置文件

su -  -->登陆root用户修改配置文件

vim /etc/ssh/sshd_config  ##去掉下面中三行的注释

 

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile     .ssh/authorized_keys

 

6、测试连接

service sshd restart   ##重启ssh服务,

exit    ##退出root用户,回到普通用户

ssh localhost  ##连接普通用户测试

这只是配置好了单机环境上的SSH服务,要远程连接其它的服务器,接着看下面

 

[oldboy@m01 .ssh]$ssh localhost

The authenticity ofhost 'localhost (::1)' can't be established.

RSA key fingerprintis 69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.

Are you sure youwant to continue connecting (yes/no)? yes      

Warning:Permanently added 'localhost' (RSA) to the list of known hosts.

Last login: Sat Sep 24 16:40:51 2016 from 10.0.0.1         ##表示连接成功

wangpu studying linuxday day up.

[oldboy@m01 ~]$

 

7、现在秘钥对已经生成好了,客户端SSH服务也已经配置好了,现在就把我们的钥匙(公钥)送给服务器。

scp ~/.ssh/id_rsa.pub 远程用户名@远程服务器IP:~/   ##将公钥复制到远程服务器的~/目录下

: scp ~/.ssh/id_rsa.pub oldboy@10.0.0.31:~/

可以看到我们复制的时候需要我们输入服务器的密码,等我们把SSH配置好之后这些步骤就可以不用输入密码了。

 

[oldboy@m01 ~]$

[oldboy@m01 ~]$ scp ~/.ssh/id_rsa.pub oldboy@10.0.0.31:~/

The authenticity of host '10.0.0.31(10.0.0.31)' can't be established.

RSA key fingerprint is69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.

Are you sure you want to continueconnecting (yes/no)? yes

Warning: Permanently added '10.0.0.31'(RSA) to the list of known hosts.

oldboy@10.0.0.31'spassword:

id_rsa.pub                                                                 100%  392     0.4KB/s  00:00   

[oldboy@m01 ~]$

 

8、上一步把公钥发送到10.0.0.31服务器上去了,我们去31机器上把公钥追加到授权key中去。(注意:如果是第一次运行SSH,那么.ssh目录需要手动创建,或者使用命令ssh-keygen -t rsa生成秘钥,它会自动在用户目录下生成.ssh目录。特别注意的是.ssh目录的权限问题,记得运行下chmod 700 .ssh命令)

31机器上使用命令:

cat ~/id_rsa.pub >>~/.ssh/authorized_keys    ##追加公钥到授权key

rm ~/id_rsa.pub    ##保险起见,删除公钥

同样在31机器上重复第四步和第五步,

/etc/init.d/sshd reload  ##重启ssh服务

 

[oldboy@nfs ~]$ sftp oldboy@10.0.0.61           ##首先创建~/.ssh目录

Connecting to 10.0.0.61...

The authenticity of host '10.0.0.61(10.0.0.61)' can't be established.

RSA key fingerprint is69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.

Are you sure you want to continueconnecting (yes/no)? yes

Warning: Permanently added '10.0.0.61'(RSA) to the list of known hosts.

oldboy@10.0.0.61's password:

 

[oldboy@nfs ~]$ cd ~/.ssh/              ##切换进去

[oldboy@nfs .ssh]$ ls

known_hosts

 

[oldboy@nfs .ssh]$ ssh-keygen -t rsa        ##执行自动生成秘钥

Generating public/private rsa key pair.

Enter file in which to save the key(/home/oldboy/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/home/oldboy/.ssh/id_rsa.

Your public key has been saved in/home/oldboy/.ssh/id_rsa.pub.

The key fingerprint is:

cf:ef:3f:86:7e:46:54:1a:80:dc:98:e3:5e:5d:f3:eeoldboy@nfs

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|        . =..   |

|         * . ..o|

|        . . . =o|

|         . . + .|

|       S. . . . |

|        o.   . .|

|         o  o . |

|          .. = E|

|          o+=.. |

+-----------------+

[oldboy@nfs .ssh]$

 

[oldboy@nfs .ssh]$ ls                  ##查看

id_rsa id_rsa.pub  known_hosts

[oldboy@nfs .ssh]$ cat ~/id_rsa.pub>> ~/.ssh/authorized_keys     ##追加公钥到授权中

[oldboy@nfs .ssh]$ ll -a

总用量 24

drwx------ 2 oldboy incahome 4096 10  6 18:26 .

drwx------. 4 oldboy oldboy   4096 10  6 18:25 ..

-rw-r--r-- 1 oldboy incahome  392 10  6 18:26 authorized_keys

-rw------- 1 oldboy incahome 1675 10  6 18:26 id_rsa

-rw-r--r-- 1 oldboy incahome  392 10  6 18:26 id_rsa.pub

-rw-r--r-- 1 oldboy incahome  391 10  6 18:25 known_hosts

 

[oldboy@nfs .ssh]$ rm ~/id_rsa.pub  -f   ##保险起见,删除公钥

 

[oldboy@nfs .ssh]$ chmod 600 authorized_keys ##授权600

[oldboy@nfs .ssh]$ ll -a

总用量 24

drwx------ 2 oldboy incahome 4096 10  6 18:26 .

drwx------. 4 oldboy oldboy   4096 10  6 18:30 ..

-rw-------  1 oldboy incahome  392 10  6 18:26 authorized_keys

-rw------- 1 oldboy incahome 1675 10  6 18:26 id_rsa

-rw-r--r-- 1 oldboy incahome  392 10  6 18:26 id_rsa.pub

-rw-r--r-- 1 oldboy incahome  391 10  6 18:25 known_hosts


vim /etc/ssh/sshd_config

RSAAuthentication yes      ##修改配置文件

PubkeyAuthentication yes

AuthorizedKeysFile     .ssh/authorized_keys

 

[root@nfs ~]# /etc/init.d/sshd reload

重新载入 sshd              [确定]

 

9、回到客户机来,输入:

ssh 192.168.1.134     ##应该就可以直接连服务器咯

 

例:

[oldboy@m01 ~]$ ssh 10.0.0.31

Last login: Sat Sep 24 16:40:51 2016 from10.0.0.1

wangpu studying linuxday day up.

[oldboy@nfs ~]$

 

成功!!!!