使用金鑰登入
阿新 • • 發佈:2021-10-11
# 使用金鑰登入 ssh-keygen -t rsa [root@host ~]$ ssh-keygen <== 建立金鑰對 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): <== 按 Enter Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): <== 輸入金鑰鎖碼,或直接按 Enter 留空 Enter same passphrase again: <== 再輸入一遍金鑰鎖碼 Your identification has been saved in /root/.ssh/id_rsa. <== 私鑰 Your public key has been saved in /root/.ssh/id_rsa.pub. <== 公鑰 The key fingerprint is: 0f:d3:e7:1a:1c:bd:5c:03:f1:19:f1:22:df:9b:cc:08 root@host vi /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes #另外,請留意 root 使用者能否通過 SSH 登入: PermitRootLogin yes #當你完成全部設定,並以金鑰方式登入成功後,再禁用密碼登入: PasswordAuthentication no #最後,重啟 SSH 服務: systemctl restart sshd #=============================== # 禁用密碼驗證 PasswordAuthentication no # 啟用金鑰驗證 RSAAuthentication yes PubkeyAuthentication yes # 指定公鑰資料庫檔案 AuthorsizedKeysFile .ssh/authorized_keys # 開啟金鑰登入 #sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config sed -i "s/^#RSAAuthentication.*/RSAAuthentication yes/g" /etc/ssh/sshd_config sed -i "s/^#PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config sed -i "s/^#AuthorizedKeysFile.*/AuthorizedKeysFile .ssh\/authorized_keys/g" /etc/ssh/sshd_config systemctl restart sshd # 等待金鑰登入成功後,在關閉密碼登入 sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config systemctl restart sshd # 使用finalshell登入,報錯 暫不支援此私鑰格式,請參考以下方法解決: 1.轉換成PEM格式私鑰 ssh-keygen -p -m PEM -f 私鑰路徑 2.生成PEM格式的私鑰 生成時增加 -m PEM引數 ssh-keygen -m PEM -t rsa -C "註釋" [root@node02 ~]# ssh-keygen -p -m PEM -f .ssh/id_rsa Key has comment 'root@node02' Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase.
1