我们用ssh连接机器时候需要输用户名、密码,但是直接写账户文件的时候由于用的是明文,就存在安全的问题了。别人一旦截取了数据就获得了隐私了。这时候就用上ssh的密钥。
ssh的密钥存是成对出现的,一个叫公钥,一个是私钥。公钥是给别人的,私钥存在自己手里。在连接的时候两把钥匙配对成功,就可以建立数据连接。
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.这个就是私钥的存储路径
Your public key has been saved in /root/.ssh/id_rsa.pub.这个是公钥
The key fingerprint is:
SHA256:uRVPB4eYb3mXG7j7BcIeOEG83TSS7ApCzyDdU5P1abE root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| . . o+*ooo |
| . + o.=.=+o+ |
| o + .o=.=E..|
| . +..B*+oo.|
| .S.+o=.o.o|
| o.o + o |
| . . . .|
| . .|
| .. |
+----[SHA256]-----+
我们在看看这对密钥
[root@localhost ~]# cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4oRNlaIoefdsSuYmoLUdV7C2JtzKv6hd6UsC1FUEFfgjn/SV
5StzkVqnOWwEed77WOwW2my+n7pW6G3AyXtPAgrdih7Jpn6RG0AW3D0tkOlLN2/j
L3znlfsqGpQ63hBPRPjSswmCMILfRhOnY+KbsAEmeClcQIjUEsljomSMS2BT+zTZ
HyI1QLTdeET/DKxSrOcQPy+qNSSma7dAGDINNT8CVC7tdj62PVj1vgJ/lXJeTR79
wh0aKHuBfTp9zqBDVQRzAhjX4I3xBTwKh+tgdSrX55ltQqhxA0KaqvoB2ZCG5VuE
6U4XI8DUUEDtBY+AmCSUtWH+bDMwOI5ooNdL5wIDAQABAoIBAQCwO/lU+wX85sjF
eU0Cagc7S4xcrhm8hdUTBj5cTwzPvvCQqa3Z0DWpGFvUrDrLSvZJV93r8QFaqpKl
YYbF+38b+rIknRGMzRo+ll1y2tJR1YCk0BN0xfw0T2aRqVQno47Y/bKIg1RcQ+ZM
0kvAxfUVOb/ha2SP/STqvO8c0Jfqp78pwsEiT8BCRPERsFJR6E2QSjWJQu2QPRO+
Q51tHTVdzi4Z2jXjwbh/SwpKbK0zEsEa625RSocZXciT+b3IUYIZj0my0+Kmx6cE
cO5tZqxL3FE0NUQaGHhs3NCscoqb/oigRvNMxHY+9kP9+voI7GZGgf4lYZWO9FId
njjYc6q5AoGBAP/RnTw9SKLlHAa7ID8ThDe0BOIQKwPlyOKrV114MKbceuTHbdBc
NopzFF2Sg6MrCrgjyTvu9ymBcoHYNx0DdZQitI9cFLfD/7tgLmHCFBqxnc0aVmgg
9qGJ2hW3hM8lHK6mCCzdqlYF7R0UdkcoI6Cw5uznAKDE3Miesj7qyFZNAoGBAOKt
YDCgMeSRBWy0Jkf6RKP+cUvLGBNZOIyz8QerRhNN8FAjXQwun6yUrzdEq2GgOM4c
3GQKKSLikOn8jWczIPPA8/WIGEqIdWscDx2tjOCf2IID9bmWp1mIEo/66t9rQpqL
RUnCDC388aY7ddvAo/6yFd+PHvj3TXuJ2jPZfe0DAoGANszZaOkb4UFBErQNQVXV
8fTPQvoBrPERanUX3v77NRNwBAgwnvzR9jCWwUC8kDyNLEsGNZ+INMz1EZmWnNF7
44LXuQoZqhADfUkqRmjD08AOtLwanG3LR2l3XUWV3qXtkgAhKjNF5O2aEKusdqvD
jg23OjJ18Pqa7SMJve6fgdUCgYBytOGUObyFuY1RMOieS9soUb3raN7KC8A+E2DJ
TLatVidhpkOTwpQytRrlkO5Y/MdCJgCw7yNZ7+T9QzwbGRh3wRCzEyeXr+4bQZu0
nPpJQRpC0NYsEDynZeBe086/OHv/0LJDXNrk+rceM8C0b4uNe3juJHK78glXlq7A
xjKfGQKBgQDIOERmoRikK4qihhp6eKaVL8slCKNc+qxBhAWTr6Da4lfXrd8GkiNR
WPH4ZNHlIq6Cv8qZaypqdkrw9CsIHYDPQ3gSj/C3PMmXU24f6c2LkEhauOInK+22
qHHJv0blEfQWIs5Uj0yJC5qetGxyT+6n7kTdxgKzXteTX8ltDtvJqg==
-----END RSA PRIVATE KEY-----
[root@localhost ~]#
[root@localhost ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDihE2Voih592xK5iagtR1XsLYm3Mq/qF3pSwLUVQQV+COf9JXlK3ORWqc5bAR53vtY7BbabL6fulbobcDJe08CCt2KHsmmfpEbQBbcPS2Q6Us3b+MvfOeV+yoalDreEE9E+NKzCYIwgt9GE6dj4puwASZ4KVxAiNQSyWOiZIxLYFP7NNkfIjVAtN14RP8MrFKs5xA/L6o1JKZrt0AYMg01PwJULu12PrY9WPW+An+Vcl5NHv3CHRooe4F9On3OoENVBHMCGNfgjfEFPAqH62B1KtfnmW1CqHEDQpqq+gHZkIblW4TpThcjwNRQQO0Fj4CYJJS1Yf5sMzA4jmig10vn root@localhost.localdomain
[root@localhost ~]#
我们现在启动两台linux,用户名分别是user_on_1和user_on_2
可以看到各自的ip和用户名。现在我们在user1上用ssh登陆user2
[user_on_1@localhost ~]$ ssh user_on_2@192.168.233.130
其实在IP后面应该还有个-p端口号,这里省略了。
发现是需要输入登陆密码的,不是我们要的结果。我们在user1的/etc/.ssh文件夹下查找authorized_keys这个文件,把use2的公钥放进去,重新登陆,应该就没问题了!
对了,要把.ssh文件夹的权限改成700,authorized_keys的权限改为600
chmod 700 .ssh
chmod 600 authorized_keys
ps:我这里说的是应该,因为我也没成功,网上查的资料说StrictModes设置有问题,改了依旧没成功,先记下来