基於祕鑰的登陸認證

ssh-keygen

ssh-keygen 是Unix和類Unix計算機系統上的安全外殼（SSH）協議套件的標準組件，用於經過使用各類加密技術在不安全的網絡上創建遠程計算機之間的安全shell會話。ssh-keygen實用程序用於生成，管理和轉換身份驗證密鑰。

ssh-keygen可以使用三種不一樣的數字簽字算法之一輩子成密鑰。

在ssh-keygen工具的幫助下，用戶能夠爲任何這些密鑰類型建立密碼（爲了提供無人值守操做，密碼能夠保留爲空，風險更高）。

這些密鑰與相關工具 GNU Privacy Guard使用的密鑰不一樣。

 

 

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #按Enter /root/.ssh/id_rsa already exists.
Overwrite (y/n)? y   #覆蓋以前的祕鑰對
Enter passphrase (empty for no passphrase): #輸入祕鑰密碼
Enter same passphrase again: 　　　　　　　　　　#重複
Your identification has been saved in /root/.ssh/id_rsa. #私鑰
Your public key has been saved in /root/.ssh/id_rsa.pub.  #公鑰
The key fingerprint is:
SHA256:zrHfkb0+zCDc3/BKUvpILyHMwruqyhw8ZQy+CoFROWM root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|  ..             |
| .E              |
|...o             |
|.o o             |
|o . +  .S+ .  .  |
| o +   ooo* +=.  |
|. =     +o o**o+ |
|.+ o    .. o.B=.o|
|. +........ oo*o |
+----[SHA256]-----+
[root@localhost ~]# 

 

 

ssh-copy-id 

使用本地可用密鑰來受權遠程計算機上的登陸

 

 

[root@localhost .ssh]# ssh-copy-id -i id_rsa.pub root@127.0.0.1     #經過ssh-copy-id 工具將祕鑰對發送到服務器，這裏我是本機測試，或者能夠使用cat 命令直接重定向
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@127.0.0.1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@127.0.0.1'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]# 

 

 

Xshell 配置

 

測試能夠正常登陸，若是登陸異常請檢查 /etc/ssh/sshd_config 配置文件對應參數