dylan revised this gist . Go to revision
1 file changed, 0 insertions, 0 deletions
sshkeylogin renamed to sshkeylogin.md
File renamed without changes
dylan revised this gist . Go to revision
1 file changed, 75 insertions
sshkeylogin(file created)
| @@ -0,0 +1,75 @@ | |||
| 1 | + | ### 1. 制作密钥对 | |
| 2 | + | ||
| 3 | + | 首先在服务器上制作密钥对。首先用密码登录到你打算使用密钥登录的账户,然后执行以下命令: | |
| 4 | + | ||
| 5 | + | ``` | |
| 6 | + | [root@host ~]$ ssh-keygen <== 建立密钥对 | |
| 7 | + | Generating public/private rsa key pair. | |
| 8 | + | Enter file in which to save the key (/root/.ssh/id_rsa): <== 按 Enter | |
| 9 | + | Created directory '/root/.ssh'. | |
| 10 | + | Enter passphrase (empty for no passphrase): <== 输入密钥锁码,或直接按 Enter 留空 | |
| 11 | + | Enter same passphrase again: <== 再输入一遍密钥锁码 | |
| 12 | + | Your identification has been saved in /root/.ssh/id_rsa. <== 私钥 | |
| 13 | + | Your public key has been saved in /root/.ssh/id_rsa.pub. <== 公钥 | |
| 14 | + | The key fingerprint is: | |
| 15 | + | 0f:d3:e7:1a:1c:bd:5c:03:f1:19:f1:22:df:9b:cc:08 root@host | |
| 16 | + | ``` | |
| 17 | + | ||
| 18 | + | 密钥锁码在使用私钥时必须输入,这样就可以保护私钥不被盗用。当然,也可以留空,实现无密码登录。 | |
| 19 | + | ||
| 20 | + | 现在,在 root 用户的家目录中生成了一个 .ssh 的隐藏目录,内含两个密钥文件。id\_rsa 为私钥,id\_rsa.pub 为公钥。 | |
| 21 | + | ||
| 22 | + | ### 2. 在服务器上安装公钥 | |
| 23 | + | ||
| 24 | + | 键入以下命令,在服务器上安装公钥: | |
| 25 | + | ||
| 26 | + | ``` | |
| 27 | + | [root@host ~]$ cd .ssh | |
| 28 | + | [root@host .ssh]$ cat id_rsa.pub >> authorized_keys | |
| 29 | + | ``` | |
| 30 | + | ||
| 31 | + | 如此便完成了公钥的安装。为了确保连接成功,请保证以下文件权限正确: | |
| 32 | + | ||
| 33 | + | ``` | |
| 34 | + | [root@host .ssh]$ chmod 600 authorized_keys | |
| 35 | + | [root@host .ssh]$ chmod 700 ~/.ssh | |
| 36 | + | ``` | |
| 37 | + | ||
| 38 | + | ### 3. 设置 SSH,打开密钥登录功能 | |
| 39 | + | ||
| 40 | + | 编辑 /etc/ssh/sshd\_config 文件,进行如下设置: | |
| 41 | + | ||
| 42 | + | ``` | |
| 43 | + | RSAAuthentication yes | |
| 44 | + | PubkeyAuthentication yes | |
| 45 | + | ``` | |
| 46 | + | ||
| 47 | + | 另外,请留意 root 用户能否通过 SSH 登录: | |
| 48 | + | ||
| 49 | + | ``` | |
| 50 | + | PermitRootLogin yes | |
| 51 | + | ``` | |
| 52 | + | ||
| 53 | + | 当你完成全部设置,并以密钥方式登录成功后,再禁用密码登录: | |
| 54 | + | ||
| 55 | + | ``` | |
| 56 | + | PasswordAuthentication no | |
| 57 | + | ``` | |
| 58 | + | ||
| 59 | + | 最后,重启 SSH 服务: | |
| 60 | + | ||
| 61 | + | ``` | |
| 62 | + | [root@host .ssh]$ service sshd restart | |
| 63 | + | ``` | |
| 64 | + | ||
| 65 | + | ### 4. 下载私钥到本地后注意权限问题 | |
| 66 | + | ||
| 67 | + | ``` | |
| 68 | + | [user@local .ssh]$ chmod 400 id_rsa | |
| 69 | + | ``` | |
| 70 | + | ||
| 71 | + | ### 5. 指定密钥连接服务器 | |
| 72 | + | ||
| 73 | + | ``` | |
| 74 | + | [user@local .ssh]$ ssh -i ~/.ssh/id_rsa root@host | |
| 75 | + | ``` | |
Newer
Older