两台主机(服务器)秘钥登录流程图我们从主机A(左)用秘钥登录到服务器B(右)A主机生成公钥生成公钥和私钥key,一般不需要特别设置一路进入默认nextstep>ssh-keygenGeneratingpublic/privatersakeypair.Enterfilewhichtosavethekey(/root/.ssh/id_rsa):Enterpassphrase(empty没有密码):再次输入相同的密码:您的身份已保存在/root/.ssh/id_rsa。您的公钥已保存在/root/.ssh/id_rsa.pub。密钥指纹是:SHA256:+ims1qKnA9kAUbwuaGmGLdg+V4w1PMj7RO4gMHI7NCUroot@JD密钥的imagerand为:+---[RSA2048]----+|.+。||。E.||。=o||==o*||=%.oBoS||O=O+=。||+=oO.||+=*。.||oO.o.o|+----[SHA256]-----+查看公钥>ls-al~/.ssh-rw------1rootroot1675May721:39id_rsa//privatekey-rw-r--r--1rootroot389May721:39id_rsa.pub//publickey>catid_rsa.pubssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQDULg8kwT2rW8Z/r0h5lvO6KziZWV1roM/0eKVnkxeKOF9A0JAL46WF4ZA2XsNfG2camxTekC0ZwArB6uvFQTR8RZtDCwdsdsdsds6K3ytR/FOzira6z+7xbk6LvPylaCLfjfMmta04Q7dsdsdsdsdsds5MDr7oY73TWt2XToDA3FynMnl9MQjO4SoTU/Z1PiKsdOoCnbeP/O6KL+6sh9tbd5HoPPLm8LtDCeebZNhvZSulsbeTFZ5Z+HzPLostXJVhRFtiwUlaemAhXngVdIB5D9feXCYdQiP3NM0zAI94XUFCFyaSnZdv3+OTqHmxJroot@localid_rsa.pub公钥要发送到B服务器将主机A的公钥添加到服务器B将主机A的公钥添加到服务器B的登录账号对应的home目录下的.ssh/authorized_keys文件中。比如我们要使用rumenz账号进行secretkeylogin,weneedtoconfigure/home/rumenz/.ssh/authorized_keys>cat/home/rumenz/.ssh/authorized_keysssh-rsaAAAAB3NzaC1yc2EAAAADAQABAAABAQDULg8kwT2rW8Z/r0h5lvO6KziZWV1roM/0eKVnkxeKOF9A0JAL46WF4ZA2XsNfG2camxTekC0ZwArB6uvFQTR8RZtDCwdsdsdsds6K3ytR/FOzira6z+7xbk6LvPylaCLfjfMmta04Q7dsdsdsdsdsds5MDr7oY73TWt2XToDA3FynMnl9MQjO4SoTU/Z1PiKsdOoCnbeP/O6KL+6sh9tbd5HoPPLm8LtDCeebZNhvZSulsbeTFZ5Z+HzPLostXJVhRFtiwUlaemAhXngVdIB5D9feXCYdQiP3NM0zAI94XUFCFyaSnZdv3+OTqHmxJroot@local给公钥及目录添加权限>chmod600/home/rumenz//.ssh/authorized_keys>chmod700/home/rumenz/.sshsshd服务安全配置启用秘钥登录>vim/etc/ssh/sshd_configRSAAuthenticationyesPubkeyAuthenticationyesrestartsshdservice>servicesshdrestart密匙方式登录成功后,禁用密匙登录成功后密码登录必须成功,然后禁用密码登录。>vim/etc/ssh/sshd_configPasswordAuthenticationno>servicesshdrestartsecretkeylogintestA主机的命令行输入>sshrumenz@BserveripLastlogin:TueMar2322:23:222021配置正确,即可登录直接B服务器。原文链接:https://rumenz.com/rumenbiji/...微信公众号:入门站
