使用key验证方式登陆ssh

使用key验证方式登陆ssh

一、首先登陆Client端

l  使用test用户登陆系统：

[test@rhel5-1 ~]$ pwd

/home/test

l  生成密钥对，加密方式为dsa；一路回车，passphrase为空。

[test@rhel5-1 ~]$ ssh-keygen -d

Generating public/private dsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_dsa):

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_dsa.

Your public key has been saved in /home/test/.ssh/id_dsa.pub.

The key fingerprint is:

3a:12:e8:b2:c5:90:24:83:36:4a:16:68:4e:ae:e8:6e test@rhel5-1

l  生成的密钥对保存在用户主目录下的.ssh目录中，id_dsa为私钥，.pub文件为公钥，

须要把公钥文件导入到被访问的服务器上。

[test@rhel5-1 ~]$ ls .ssh

id_dsa  id_dsa.pub

l  将公钥文件发送到server端服务器，使用ssh-copy-id命令，-i指定本地公钥文件目录，-p为ssh端口号，输入root密码后，会提示公钥文件被保存为server端的.ssh/authorized_keys文件。

[test@rhel5-1 ~]$ ssh-copy-id -i /home/test/.ssh/id_dsa.pub "-p 22 root@192.168.203.173"

26

The authenticity of host '192.168.203.173 (192.168.203.173)' can't be established.

RSA key fingerprint is 2a:1c:de:6d:e3:8f:f8:61:6b:60:71:a4:ce:c1:63:d9.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.203.173' (RSA) to the list of known hosts.

Address 192.168.203.173 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

root@192.168.203.173's password:

Now try logging into the machine, with "ssh '-p 22 root@192.168.203.173'", and check in:

 

  .ssh/authorized_keys

 

to make sure we haven't added extra keys that you weren't expecting.

二、登陆server端：

l  使用root身份登陆系统：

[root@rhel5-1 ~]# vi /etc/ssh/sshd_config

l  修改：PasswordAuthentication yes

为：PasswordAuthentication no

取消密码验证。

l  接下来从client端使用ssh登陆server就再也不须要密码了。