https://blog.csdn.net/u012865381/article/details/78521087/
1.在服務機上操作
創建要遠程登錄的用戶和密碼
[root@izwz97s23bov6qmem6poj8z ~]# useradd jundong [root@izwz97s23bov6qmem6poj8z ~]# passwd jundong New password: Retype new password: passwd: all authentication tokens updated successfully.
2.在客戶機上操作(其他機器也行,主要是用來創建密鑰對)
2.1.創建ssh-key
[root@node1 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:W05lCKLqZ8FWTyAwTsUrBzg7HRzZfZ8ZbacHg/Wnf6c root@node1 The key's randomart image is: +---[RSA 2048]----+ | o=Bo.o . +. | |oo=.oo.o..o.=.. | | +.o.......=o=. .| |o ooo. o +o. .o | | ..o+ S o .. | | . . . = . | | . o . . +| | o .o| | E | +----[SHA256]-----+
2.2.把生成的的秘鑰拷貝到服務器,
兩種可選方式
方式一:可以手動拷貝
手動拷貝剛剛生成的公鑰id_rsa.pub(在當前用戶家目錄的.ssh/id_rsa.pub),將里面的內容追加到要登錄的服務器的目標用戶家目錄下的.ssh/ authorized_keys中,這里是/home/jundong.ssh/ authorized_keys
方式二:直接用命令拷貝
ssh-copy-id可以方便快捷地把公鑰追加到到服務端的authorized_keys文件中,注意用戶名,輸入密碼
ssh-copy-id jundong@120.78.150.47
我的操作
[root@node1 ~]# ssh-copy-id jundong@120.78.150.47 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '120.78.150.47 (120.78.150.47)' can't be established. ECDSA key fingerprint is SHA256:KwfKwzN4xqw7/VxoVw5IoTi0NhUPZ+h2fSQXi3zgXXY. ECDSA key fingerprint is MD5:22:b0:8e:c0:21:e6:96:b1:de:bd:bd:c4:08:d9:bf:4d. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys jundong@120.78.150.47's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'jundong@120.78.150.47'" and check to make sure that only the key(s) you wanted were added.
方式三:在阿里雲控制台導入
【在控制台導入證書,阿里雲做的事是:將公鑰追加到/root/.ssh/authorized_keys中;修改/etc/ssh/sshd_config,把PasswordAuthentication改成no】
1.這種方式會默認把密碼登錄禁用,只能使用秘鑰登錄,可以自己手動打開(修改/etc/ssh/sshd_config,把PasswordAuthentication改成yes)
2.這種方式只能使用root用戶登錄,其他用戶不能使用這種方式導入,因為控制台導入只會導入到/root/.ssh/authorized_keys,不會導入到其他用戶目錄
復制剛剛生成的公鑰id_rsa.pub(在當前用戶家目錄的.ssh/id_rsa.pub),這里是/home/jundong.ssh/ authorized_keys,粘貼到控制台的文本框確定即可,再將密鑰對綁定到指定服務器
參考鏈接:https://help.aliyun.com/document_detail/51794.html?spm=5176.doc51793.6.707.1A6GMv
3.測試
3.1在生成秘鑰那台客戶機上
[root@node1 ~]# ssh jundong@120.78.150.47 Welcome to Alibaba Cloud Elastic Compute Service ! [jundong@izwz97s23bov6qmem6poj8z ~]$
3.2在其他工具上
拷貝生成的秘鑰對的私鑰/home/jundong/.ssh/id_rsa(在當前用戶家目錄的.ssh/id_rsa)到你想要用來登錄的客戶機,指定其為登錄的私鑰和對應的用戶名即可
提示使用密鑰文件登錄了
windows下其他工具應該也是類似的
【推薦使用Linux下自帶的ssh-keygen工具生成公鑰和私鑰,這樣的證書是通用的。在putty或者secureCRT生成的證書會是其他格式或者是帶有工具特有的信息,這些證書可能在其他工具無法使用,例如:在SecureCRT生成的證書,putty可能就不能用了】
---------------------
作者:謝謝俊東不用謝
來源:CSDN
原文:https://blog.csdn.net/u012865381/article/details/78521087/
版權聲明:本文為博主原創文章,轉載請附上博文鏈接!