1、修改配置
# sudo vim /etc/ssh/sshd_config
# 禁止密碼登錄
PasswordAuthentication no
#允許密鑰認證
RSAAuthentication yes # 7.4之后廢除
PubkeyAuthentication yes
#默認公鑰存放的位置
AuthorizedKeysFile .ssh/authorized_keys
2、重啟sshd
service sshd restart
# 查看 ssh 狀態
systemctl status sshd
# 啟動 ssh
systemctl start sshd
# 停止 ssh
systemctl stop sshd
3、本地生成公鑰、私鑰
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jiqing/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jiqing/.ssh/id_rsa.
Your public key has been saved in /home/jiqing/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LDe1utjTXrLkuU961zkZdYI+yHaOcr0PLXTLYjRD0uE jiqing@JQ-Mac
The key's randomart image is:
+---[RSA 2048]----+
| . |
| o . |
| o E. |
| . . +. . o|
| . S..o= ..o|
| o o+o+* o |
| .oo=B.+.+|
| oo++O++.+.|
| . o=B+o+. .|
+----[SHA256]-----+
-rw------- 1 jiqing jiqing 1679 5月 28 17:05 id_rsa
-rw-r--r-- 1 jiqing jiqing 395 5月 28 17:05 id_rsa.pub
4、用ssh-copy-id將公鑰復制到遠程機器中
ssh-copy-id -i ~/.ssh/id_rsa.pub root@線上IP
5、直接免密登錄
ssh root@線上IP
我們發現線上的authorized_keys文件中有了秘鑰
# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDU3UxwVJVTqY80s9HhGrBue3PIbsvWuIkXxIokPLN8C6mSUW/PeJQ73jjp1ZXEEygePXkxAou7JsPBItHQ5C7U1Zg6rAt3x7JTccNjvoVIRRbpxLY4AK/qlr1nEHtLxGEfCTtZ4pVrtEyLXQDGYIS6lexvA96z9Z19YfZLRRkzbPp6Jud8kBG+j3hLAlfXMkB/+HJ6HFOQ7Sa5DUoZn98on0LvZPdThxwxBpLcNqjIZ3tiTUobnY1EKbi/8kcq9tS8vLoPFdsEQM4F3pe9P6cXQGaHy73z06/tWGfsVlGomJFSOrvNvtPXd/SsRRLrUMlE8yM7zQaoZULNG7KEVyb jiqing@JQ-Mac
$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDU3UxwVJVTqY80s9HhGrBue3PIbsvWuIkXxIokPLN8C6mSUW/PeJQ73jjp1ZXEEygePXkxAou7JsPBItHQ5C7U1Zg6rAt3x7JTccNjvoVIRRbpxLY4AK/qlr1nEHtLxGEfCTtZ4pVrtEyLXQDGYIS6lexvA96z9Z19YfZLRRkzbPp6Jud8kBG+j3hLAlfXMkB/+HJ6HFOQ7Sa5DUoZn98on0LvZPdThxwxBpLcNqjIZ3tiTUobnY1EKbi/8kcq9tS8vLoPFdsEQM4F3pe9P6cXQGaHy73z06/tWGfsVlGomJFSOrvNvtPXd/SsRRLrUMlE8yM7zQaoZULNG7KEVyb jiqing@JQ-Mac
我們刪除一下authorized_keys試試,刪除后發現無法登錄了。