#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 2a:ad:45:20:74:8b:bf:8f:c4:a8:6e:af:46:50:6b:ea root@localhost.localdomain The key's randomart p_w_picpath is: +--[ RSA 2048]----+ | . . | | ..o . | | .o.o | |. oo . | |.o . . S | |.. o + . | |o . = + | | E . * | |=oo.o . | +-----------------+ #ssh-copy-id -i ~/.ssh/id_rsa.pub 12.0.0.16 root@12.0.0.16's password: Now try logging into the machine, with "ssh '12.0.0.16'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [CCDT-QH-業務導航-1-root-<ccdt>]~#ssh 12.0.0.16 Last login: Sat Aug 5 10:27:32 2017 from 12.0.0.15 [CCDT-QH-業務導航-2-root-<~>]~#
#ssh-keygen -t rsa 三個回車生成密鑰對 ###生成rsa密鑰對,默認保存在~/.ssh/{id_rsa,id_rsa.pub} ###id_rsa私鑰本身保存的 id_rsa.pub公鑰被連主機保存的 #ssh-copy-id -i ~/.ssh/id_rsa.pub 12.0.0.16 ###將公鑰copy到將要登陸主機(12.0.0.16)中,默認(此位置是ssh配置文件中定義的)位置爲~/.ssh/authorized_keys文件中 無需密碼登陸執行scp ssh 完成。。
服務器配置完整的步驟應該是:linux
(1)生成密鑰公鑰copy到服務器上,私鑰保存在本地數據庫
(2)配置hosts.allow hosts.deny指名ssh容許連接的白名單bash
(3)禁止使用密碼登陸服務器
(4)(可選)禁止root用戶遠程登陸dom
----------------------------------------------------------------------------------------ssh
#編輯sshd_config文件
ide
vi /etc/ssh/sshd_config
spa
#禁用密碼驗證
rest
PasswordAuthenticationno
code
#啓用密鑰驗證
RSAAuthentication yes
PubkeyAuthentication yes
#指定公鑰數據庫文件
AuthorsizedKeysFile.ssh/authorized_keys
重啓SSH服務前建議多保留一個會話以防不測
go go go。。。