使用key驗證方式登陸ssh

使用key驗證方式登陸ssh

一、首先登陸Client端

l  使用test用戶登陸系統：

[test@rhel5-1 ~]$ pwd

/home/test

l  生成密鑰對，加密方式爲dsa；一路回車，passphrase爲空。

[test@rhel5-1 ~]$ ssh-keygen -d

Generating public/private dsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_dsa):

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_dsa.

Your public key has been saved in /home/test/.ssh/id_dsa.pub.

The key fingerprint is:

3a:12:e8:b2:c5:90:24:83:36:4a:16:68:4e:ae:e8:6e test@rhel5-1

l  生成的密鑰對保存在用戶主目錄下的.ssh目錄中，id_dsa爲私鑰，.pub文件爲公鑰，

須要把公鑰文件導入到被訪問的服務器上。

[test@rhel5-1 ~]$ ls .ssh

id_dsa  id_dsa.pub

l  將公鑰文件發送到server端服務器，使用ssh-copy-id命令，-i指定本地公鑰文件目錄，-p爲ssh端口號，輸入root密碼後，會提示公鑰文件被保存爲server端的.ssh/authorized_keys文件。

[test@rhel5-1 ~]$ ssh-copy-id -i /home/test/.ssh/id_dsa.pub "-p 22 root@192.168.203.173"

26

The authenticity of host '192.168.203.173 (192.168.203.173)' can't be established.

RSA key fingerprint is 2a:1c:de:6d:e3:8f:f8:61:6b:60:71:a4:ce:c1:63:d9.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.203.173' (RSA) to the list of known hosts.

Address 192.168.203.173 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

root@192.168.203.173's password:

Now try logging into the machine, with "ssh '-p 22 root@192.168.203.173'", and check in:

 

  .ssh/authorized_keys

 

to make sure we haven't added extra keys that you weren't expecting.

二、登陸server端：

l  使用root身份登陸系統：

[root@rhel5-1 ~]# vi /etc/ssh/sshd_config

l  修改：PasswordAuthentication yes

爲：PasswordAuthentication no

取消密碼驗證。

l  接下來從client端使用ssh登陸server就再也不須要密碼了。