出于安全的需要把所以线上服务器弄成密钥登录,而且使用使用密码短语加密(其实没有人这么干),好吧,我承认这样子是有点麻烦,但是安全第一。
以下为设置步骤
1,生成密钥的公钥和私钥
-
[root@puppet_client .ssh]# ssh-keygen -t rsa
-
Generating public/private rsa key pair.
-
Enter file in which to save the key (/root/.ssh/id_rsa):
-
Enter passphrase (empty for no passphrase): # 生成密码短语
-
Enter same passphrase again: #重复密码短语
-
Your identification has been saved in /root/.ssh/id_rsa.
-
Your public key has been saved in /root/.ssh/id_rsa.pub.
-
The key fingerprint is:
-
36:51:f0:41:60:5f:45:0b:a5:95:9b:78:c6:09:e4:b6 root@puppet_client.luckcart.com
[root@puppet_client .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): # 生成密码短语
Enter same passphrase again: #重复密码短语
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
36:51:f0:41:60:5f:45:0b:a5:95:9b:78:c6:09:e4:b6 root@puppet_client.luckcart.com
2,通过其他工具把上述生成的私钥下载到本地的windows机器上,并且把公钥导入到.ssh/authorized_keys 文件中去
-
cat id_rsa.pub > authorized_keys
cat id_rsa.pub > authorized_keys
3,设置sshd 服务器服务
打开以下设置:
-
RSAAuthentication yes
-
PubkeyAuthentication yes
-
AuthorizedKeysFile .ssh/authorized_keys
-
-
修改以下设置:
-
ChallengeResponseAuthentication no
-
PasswordAuthentication no
-
UsePAM no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
修改以下设置:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
此时需要重启sshd
service sshd restart
4,导入私钥到远程工具中,实验采用xshell。
![]()
![]()
3,此时输入刚才设置的密码短语,如果在生成密钥的时候没有输入密码短语,此时可以不用输入。
![]()
5.经过以上步骤,即可完成私钥登录了。
阅读(3508) | 评论(0) | 转发(0) |
