第一种配置方法
服务端生成密钥和公钥
ssh-keygen -t rsa
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): #注意这里,如果设置了密码,那么登陆的时候也要输入这个密码 Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/gGrlDJN5euMS5aai5feBkEI/0WjEnzPzx1xGtdkKG4 root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ |.o.. o +o | | .o.oo . + +.. | | oo.o. .. B | | o..oo E | | ...oSo . | | .o +o+. | | ooB + . | | .oX.= . . | | .o=o=.o . | +----[SHA256]-----+
创建authorized_keys存储公钥
touch /root/.ssh/authorized_keys
把公钥写入authorized_key
cat id_rsa.pub > authorized_keys
修改权限
chmod 700 /root/.ssh
chmod 600 /root/.ssh/authorized_keys
修改/etc/ssh/sshd_config
RSAAuthentication yes # 开启密钥登入的认证方式
PubkeyAuthentication yes # 开启密钥登入的认证方式
PasswordAuthentication no #禁用密码登陆
重启sshd,然后建议用xshell登陆测试
Linux系统密钥登陆Linux
ssh root@192.168.199.2
第二种配置方式
Linux系统之间的密钥配置(此配置方式也要在ssh文件里面开启密钥认证方式)
ssh-keygen #生成密钥 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.28.128 #复制公钥到要远程的主机,本机也要执行 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.28.131 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.28.132
注意权限问题:
./ 700
.ssh 700
authorized_keys 600