在CentOS8中設置SSH密鑰

本文轉載自查看原文 2021-04-25 17:49 486

最流行的兩種SSH身份驗證機制是基於密碼的身份驗證和基於公鑰的身份驗證。使用SSH密鑰通常比傳統的密碼身份驗證更安全和方便。

環境

客戶端：CentOS8 192.168.43.137

服務端：CentOS8 192.168.43.139

創建SSH公私鑰

通過輸入以下命令，生成新的4096位的SSH密鑰對：

[root@localhost ~]# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ycOtSDK8ud2kd6EH7OxoQuc1BFb1HJ3T/kvAQJt0LrI root@localhost.localdomain
The key's randomart image is:
+---[RSA 4096]----+
|       ...oo.o o |
|      o   .+=.+ .|
|     . . . +=. o |
|   .   o.oo .o  .|
|    + .oSE.   . .|
|    .*..=o.    ..|
|   .oo.+o+ .  . .|
|    .oo== o    . |
|    .o+ooo       |
+----[SHA256]-----+

在CentOS8中設置SSH密鑰在CentOS8中設置SSH密鑰
想要驗證是否生成了新的SSH密鑰對，使用ls -l命令查看~/.ssh目錄是否有剛才生成的文件：

[root@localhost ~]# ll ~/.ssh/
total 8
-rw------- 1 root root 3389 May 13 08:26 id_rsa
-rw-r--r-- 1 root root  752 May 13 08:26 id_rsa.pub

在CentOS8中設置SSH密鑰在CentOS8中設置SSH密鑰
將公鑰復制到遠程服務器，使用ssh-copy-id實用程序，輸入遠程服務器的root密碼：

[root@localhost ~]# ssh-copy-id root@192.168.43.139
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.43.139 (192.168.43.139)' can't be established.
ECDSA key fingerprint is SHA256:7O1oIOooh4NZG87aC3v1Zz/vcTXkjOhQBnlkY0CD4y0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.43.139'"
and check to make sure that only the key(s) you wanted were added.

在CentOS8中設置SSH密鑰在CentOS8中設置SSH密鑰
也可以使用以下命令復制公鑰：

[root@localhost .ssh]# cat ~/.ssh/id_rsa.pub | ssh root@192.168.43.139 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

使用密鑰登錄服務器

使用以下命令登錄ssh服務器：

[root@localhost ~]# ssh 192.168.43.139
Last login: Tue May 12 12:33:41 2020 from 192.168.43.137

在CentOS8中設置SSH密鑰在CentOS8中設置SSH密鑰

關閉密碼認證

登錄服務器端，關閉密碼認證：

[root@localhost ~]# ssh 192.168.43.139
Last login: Tue May 12 12:33:41 2020 from 192.168.43.137
[root@localhost ~]# vim /etc/ssh/sshd_config
搜索一下三條，將選項改為No
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

在CentOS8中設置SSH密鑰在CentOS8中設置SSH密鑰
重啟sshd服務：

[root@localhost ~]# systemctl restart sshd

總結

可以使用同一密鑰管理多個遠程服務器。默認情況下，SSH的端口是TCP 22。更改默認SSH端口可降低自動攻擊的風險。

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 CentOS8 配置SSH使用密鑰登錄並禁止密碼登錄 centos8安裝 ssh git如何設置ssh密鑰 git 設置ssh密鑰 Git設置ssh密鑰設置 SSH 通過密鑰登錄設置 SSH 通過密鑰登錄設置 SSH 通過密鑰登錄設置 SSH 通過密鑰登錄開啟Centos8的SSH服務