linux設置免密登錄

使用密碼登錄老是存在着被暴力破解的密碼的狀況，這樣很不安全。我以前有一臺服務器一天被八千多個ip嘗試暴力登錄。

因而咱們使用ssh密鑰來登錄，這樣既安全也省事。

如下咱們使用主機A來稱呼你的跳板機，而主機B則是免密登錄的對象。

操做步驟

• 在主機A中生成密鑰對，執行命令ssh-keygen

root@aliyun:/var/run/dbus# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:px5DgIDv1hQSxesLKblcBdYLRxdGSklRQ/PkWz8kOeQ root@aliyun
The key's randomart image is: +---[RSA 2048]----+ | .o+==*X.. . | |. .=+=+ * o . | | ...=+o o E . | | . oo . o = | | o =. S.. o | |o =.o . o . | |.+.. . + | |.. . . o | | . | +----[SHA256]-----+ 複製代碼

在輸入ssh-keygen以後提示Enter passphrase:，這個時候是讓你輸入密鑰對的密碼，若是你想對密鑰對加密那就輸入，若是輸入了密碼會致使以後即便設置了Pubkey登錄仍是須要輸入密鑰對的密碼，通常一路回車就行了。

• 輸入ssh-copy-id <yourhost>，將主機A中的密鑰對發送到主機B

  注意：輸入你的主機名，以下的vultr就是個人主機B，-p參數是由於我修改了端口爲8848，若是是默認的話則不須要該參數

  root@aliyun:~/.ssh# ssh-copy-id root@vultr -p 8848
  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  root@vultr's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p '8848' 'root@vultr'" and check to make sure that only the key(s) you wanted were added 複製代碼

• 最後修改遠程主機的sshd服務的配置文件，輸入vim /etc/ssh/sshd_config

  須要設置容許密鑰登錄，並取消密碼登錄

  PubkeyAuthentication yes
  PasswordAuthentication no
  複製代碼

  最後重啓ssh服務，service ssh restart

​ 最後就能夠嘗試用跳板機免密登錄啦～