方式1:使用ssh-keygen(1)生成并配置
(1)生成密钥对
[root@iZwz9catu2mrq92b07d1d0Z ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
//输入文件名称
Enter file in which to save the key (/root/.ssh/id_rsa): keys_root
//输入私钥加密密码
Enter passphrase (empty for no passphrase):
//再次输入密码
Enter same passphrase again:
Your identification has been saved in keys_root.
Your public key has been saved in keys_root.pub.
The key fingerprint is:
f4:f9:70:51:cf:09:f6:da:30:6a:b1:67:4f:dc:14:44 root@iZwz9catu2mrq92b07d1d0Z
The key's randomart image is:
+--[ RSA 2048]----+
| o+E |
| ..ooo|
| . ..o o+|
| . . .+.*..|
| S ++.+ +.|
| .+o o |
| . . |
| |
| |
+-----------------+
//文件生成成功,keys_root为私钥,keys_root.pub为公钥
[root@iZwz9catu2mrq92b07d1d0Z ~]# ls
keys_root keys_root.pub
(2)配置公钥
//将生成的公钥写入到用户的authorized_keys
[root@iZwz9catu2mrq92b07d1d0Z ~]# echo -e '#this is keys_root' >> ~/.ssh/authorized_keys ; cat ~/keys_root.pub >> ~/.ssh/authorized_keys
[root@iZwz9catu2mrq92b07d1d0Z ~]# cat ~/.ssh/authorized_keys
#this is keys_root
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyhp9SBxas8Nmwdi4dQfOuUULpMGRnGEFopU2DXhSF+PE/s80xrVS31Ycd5o4gU3iehKx2vo4OEB2lYZ2JCfptTc59HAj+Qwqh7i5S4YQuX/+31GkY+s8XKFR4QgH1ubQt9feU2cagfG1f+wWRsa0YtefE67Kjv6OZuKuA2bOdrAH4mzV1m71iLMUZYgaEnfJExXj2lbPAXRqCV+tdIj9h0jxhB5pQXsZ3NE38D22WYNKO4Sy8odfE7Oby1I0Emm8Uhiwqgx91HP22iY/WqzZOxeKZPF17CPWr9cChaPh9/DXM1Wd8KDCg33MO6hbpqAwh7iEughndXly0FY0oZNKnQ== root@iZwz9catu2mrq92b07d1d0Z
(3)配置私钥
方式2:使用Xshell生成并配置
[root@iZwz9catu2mrq92b07d1d0Z ~]# man ssh
1.ssh-keygen命令介绍
The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password. 注:每个用户都拥有自己的 authorized_keys
2.authorized_keys文件介绍
~/.ssh/authorized_keys Lists the public keys (RSA/ECDSA/DSA) that can be used for logging in as this user. The format of this file is described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. 注:建议文件权限对拥有者为读写权限,其他用户无权限
本文由 CentOS中文站 - 专注Linux技术 作者:centos 发表,其版权均为 CentOS中文站 - 专注Linux技术 所有,文章内容系作者个人观点,不代表 CentOS中文站 - 专注Linux技术 对观点赞同或支持。如需转载,请注明文章来源。
(adsbygoogle = window.adsbygoogle || []).push({});