一、通过 ssh-keygen命令创建认证文件
# ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: ............................... The key's randomart image is: .............................
|
如果没有更改路径的话,会在
/.ssh/目录下产生:id_dsa和id_dsa.pub两个文件。其中id_dsa是要加载到ssh客户端的,id_dsa.pub是服务器端的匹配文件。
二、使用ssh-copy-id命令将生成服务器端认证文件加载到对应服务器
# ssh-copy-id -i <认证文件保存的目录>/id_dsa.pub @
The authenticity of host '192.168.1.202 (192.168.1.202)' can't be established.
RSA key fingerprint is 46:8f:d3:43:db:52:b1:c2:16:99:cd:03:9b:3f:0c:e8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.202' (RSA) to the list of known hosts. @'s password: <服务器口令>
Now try logging into the machine, with "ssh '@'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
|
三、修改服务器的ssh配置文件
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
|
四、将id_dsa加载到客户端
ssh客户端很多,这里只介绍Xshell(免费的为啥不用啊,\(^o^)/~)
properties -> Authentication -> method改成“Public key”,在Userkey中载入对应的认证文件
ok啦~不必再用用户名、口令登录了,方便了不少,安全了不少~
阅读(22244) | 评论(0) | 转发(1) |