centos 7.6 设置 SSH 通过密钥登录

原创

feixiao 2019-06-24 17:05:42 ©著作权

文章标签 ssh-keyget 文章分类 开源

©著作权归作者所有：来自51CTO博客作者feixiao的原创作品，请联系作者获取转载授权，否则将追究法律责任

ssh 控制服务器：192.168.48.102 ssh 被控制服务器：192.168.48.103

产生sshd 私钥和公钥：

[root@localhost ~]# ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): --输入密码（可以为空） Enter same passphrase again: --再次输入密码 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:wxBPRyYTDpQQYvp2u86bL3Fza3cCs5V2TAYeFDM1qa4 root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | o o++.=+Ooo. | | o . .* =oo.. | |. . o. + | | . o o o | | o . S. = | | . ...o +.= o | | .o o O . | | ..o E o . | | .*+.. . o | +----[SHA256]-----+

查看密钥文件： [root@localhost ~]# cd /root/.ssh/ [root@localhost .ssh]# ls id_rsa id_rsa.pub known_hosts

将公钥文件传输到需要远控的机器上： [root@localhost .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.48.103 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.48.103's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.48.103'" and check to make sure that only the key(s) you wanted were added.

在远控的机器上要修改sshd配置文件： [root@localhost .ssh]# vi /etc/ssh/sshd_config PubkeyAuthentication yes --打开这行的注释

重启服务： [root@localhost .ssh]# systemctl restart sshd.service

在控制服务器ssh被控制服务器： [root@localhost .ssh]# ssh -i /root/.ssh/id_rsa root@192.168.48.103 Last login: Mon Jun 24 23:37:11 2019 from 192.168.48.101 [root@localhost ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.48.103 netmask 255.255.255.0 broadcast 192.168.48.255 inet6 fe80::6a9b:be28:c9bb:64fd prefixlen 64 scopeid 0x20<link> ether 00:0c:29:e6:e9:b0 txqueuelen 1000 (Ethernet) RX packets 16635 bytes 16327536 (15.5 MiB) RX errors 0 dropped 141 overruns 0 frame 0 TX packets 9187 bytes 5350257 (5.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 188 bytes 16920 (16.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 188 bytes 16920 (16.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0