CentOS設置ssh密鑰登陸

CentOS設置ssh密鑰登陸

centos 系統安全防護 2017年12月2日

329 0 0

1、生成密鑰對（兩種方式）並配置

方式1：使用ssh-keygen(1)生成並配置

（1）生成密鑰對

[root@iZwz9catu2mrq92b07d1d0Z ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.

//輸入文件名稱
Enter file in which to save the key (/root/.ssh/id_rsa): keys_root   
//輸入私鑰加密密碼
Enter passphrase (empty for no passphrase):    
//再次輸入密碼                       
Enter same passphrase again:                            
              
Your identification has been saved in keys_root.
Your public key has been saved in keys_root.pub.
The key fingerprint is:
f4:f9:70:51:cf:09:f6:da:30:6a:b1:67:4f:dc:14:44 root@iZwz9catu2mrq92b07d1d0Z
The key's randomart image is:
+--[ RSA 2048]----+
|             o+E |
|            ..ooo|
|        .  ..o o+|
|       . . .+.*..|
|        S ++.+ +.|
|          .+o o  |
|            .  . |
|                 |
|                 |
+-----------------+

//文件生成成功，keys_root爲私鑰，keys_root.pub爲公鑰
[root@iZwz9catu2mrq92b07d1d0Z ~]# ls
keys_root  keys_root.pub

（2）配置公鑰

//將生成的公鑰寫入到用戶的authorized_keys
[root@iZwz9catu2mrq92b07d1d0Z ~]# echo -e '#this is keys_root' >> ~/.ssh/authorized_keys ; cat ~/keys_root.pub >> ~/.ssh/authorized_keys   

[root@iZwz9catu2mrq92b07d1d0Z ~]# cat ~/.ssh/authorized_keys
#this is keys_root
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyhp9SBxas8Nmwdi4dQfOuUULpMGRnGEFopU2DXhSF+PE/s80xrVS31Ycd5o4gU3iehKx2vo4OEB2lYZ2JCfptTc59HAj+Qwqh7i5S4YQuX/+31GkY+s8XKFR4QgH1ubQt9feU2cagfG1f+wWRsa0YtefE67Kjv6OZuKuA2bOdrAH4mzV1m71iLMUZYgaEnfJExXj2lbPAXRqCV+tdIj9h0jxhB5pQXsZ3NE38D22WYNKO4Sy8odfE7Oby1I0Emm8Uhiwqgx91HP22iY/WqzZOxeKZPF17CPWr9cChaPh9/DXM1Wd8KDCg33MO6hbpqAwh7iEughndXly0FY0oZNKnQ== root@iZwz9catu2mrq92b07d1d0Z

（3）配置私鑰

1. 下載私鑰到本地機器

    

   [root@iZwz9catu2mrq92b07d1d0Z ~]# sz keys_root

    

2. 啓動Xshell
3. 工具（Tools）
4. 用戶密鑰管理者（User Key Manager）
5. 導入已下載的 keys_root 文件（Import）
6. 配置完成

方式2：使用Xshell生成並配置

1. 啓動Xshell
2. 工具
3. 新建用戶密鑰生成嚮導（New User Key Wizard）
4. 按步驟選擇下一步
5. 輸入密鑰名稱和私鑰密碼後選擇下一步
6. 密鑰對生成成功，此時私鑰已自動導入到Xshell中，須要咱們手動保存公鑰到本地機器
7. 上傳已保存的公鑰文件到服務器並配置在用戶的authorized_keys文件中
   
    

2、經過密鑰登陸服務器

1. 新建會話，填寫名稱、主機等信息
2. 選擇左側欄目用戶身份驗證，右側方法選擇Public Key，填寫用戶名，選擇對應的用戶密鑰並填寫密鑰的密碼，點擊肯定
3. 鏈接會話

 

附錄

[root@iZwz9catu2mrq92b07d1d0Z ~]# man ssh

1.ssh-keygen命令介紹

The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2

ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or

~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then  copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine.

The authorized_keys file corresponds to the conventional ~/.rhosts file, and has  one key per line, though the lines can be very long. After this, the user can log in without giving

the password.

注：每一個用戶都擁有本身的 authorized_keys

2.authorized_keys文件介紹

~/.ssh/authorized_keys

Lists the public keys (RSA/ECDSA/DSA) that can be used for logging in as this user. The format of this file is

described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are

read/write for the user, and not accessible by others.

注：建議文件權限對擁有者爲讀寫權限，其餘用戶無權限

  

本文由 CentOS中文站 - 專一Linux技術 做者：centos 發表，其版權均爲 CentOS中文站 - 專一Linux技術 全部，文章內容系做者我的觀點，不表明 CentOS中文站 - 專一Linux技術 對觀點贊同或支持。如需轉載，請註明文章來源。