基于秘钥的登陆认证

ssh-keygen

ssh-keygen 是Unix和类Unix计算机系统上的安全外壳（SSH）协议套件的标准组件，用于经过使用各类加密技术在不安全的网络上创建远程计算机之间的安全shell会话。ssh-keygen实用程序用于生成，管理和转换身份验证密钥。

ssh-keygen可以使用三种不一样的数字签字算法之一辈子成密钥。

在ssh-keygen工具的帮助下，用户能够为任何这些密钥类型建立密码（为了提供无人值守操做，密码能够保留为空，风险更高）。

这些密钥与相关工具 GNU Privacy Guard使用的密钥不一样。

 

 

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #按Enter /root/.ssh/id_rsa already exists.
Overwrite (y/n)? y   #覆盖以前的秘钥对
Enter passphrase (empty for no passphrase): #输入秘钥密码
Enter same passphrase again: 　　　　　　　　　　#重复
Your identification has been saved in /root/.ssh/id_rsa. #私钥
Your public key has been saved in /root/.ssh/id_rsa.pub.  #公钥
The key fingerprint is:
SHA256:zrHfkb0+zCDc3/BKUvpILyHMwruqyhw8ZQy+CoFROWM root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|  ..             |
| .E              |
|...o             |
|.o o             |
|o . +  .S+ .  .  |
| o +   ooo* +=.  |
|. =     +o o**o+ |
|.+ o    .. o.B=.o|
|. +........ oo*o |
+----[SHA256]-----+
[root@localhost ~]# 

 

 

ssh-copy-id 

使用本地可用密钥来受权远程计算机上的登陆

 

 

[root@localhost .ssh]# ssh-copy-id -i id_rsa.pub root@127.0.0.1     #经过ssh-copy-id 工具将秘钥对发送到服务器，这里我是本机测试，或者能够使用cat 命令直接重定向
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]# 

 

 

Xshell 配置

 

测试能够正常登陆，若是登陆异常请检查 /etc/ssh/sshd_config 配置文件对应参数