本機的Linux
在用戶端生成密鑰對
ssh-keygen -t rsa
[email protected]:~$ ssh-keygen -t rsa <== 建立密鑰對,-t代表類型,有RSA和DSA兩種
Generating public/private rsa key pair.
Enter file in which to save the key (/home/szm/.ssh/id_rsa): < == 密鑰檔案預設存放位置,按Enter即可
Created directory ‘/home/szm/.ssh’.
Enter passphrase (empty for no passphrase): <== 輸入密鑰鎖碼,或直接按 Enter 留白
Enter same passphrase again: <== 再輸入一遍密鑰鎖碼
Your identification has been saved in /home/szm/.ssh/id_rsa <== 生成的私鑰
Your public key has been saved in /home/szm/.ssh/id_rsa.pub <== 生成的公鑰
The key fingerprint is:
SHA256:Ed27eJpaMXOcaXaUeiYGG4X6hD7M/yrYfw9vYKv1XjI [email protected]
The key’s randomart image is:
±–[RSA 3072]----+
| … o. |
| .o… . |
| .oo .o |
| o…=.= |
| +So=.@.+ |
| = oO== |
| o o.=ooE .|
| . o.+.o+.+ |
| .++=.+= |
±—[SHA256]-----+
密鑰鎖碼在使用私鑰時必須輸入,這樣就可以保護私鑰不被盜用。當然,也可以留白,實作無密碼登入,這裡密鑰鎖碼設定為空。完成上述步驟後,在 root 使用者的家目錄中生成了一個 .ssh 的隐藏目錄,内含兩個密鑰檔案,其中id_rsa 為私鑰,id_rsa.pub 為公鑰。
目标Linux
把公鑰傳輸至遠端伺服器
這裡的遠端伺服器是192.168.0.232
s[email protected]:~$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/szm/.ssh/id_rsa.pub”
The authenticity of host ‘192.168.0.232 (192.168.0.232)’ can’t be established.
ECDSA key fingerprint is SHA256:mWVkLagrWvOrd9ZXRVPK+puNciwZOJRyXYbZCgTa3ho.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type ‘yes’, ‘no’ or the fingerprint: yes <== 是否繼續連接配接,回答為yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed – if you are prompted now it is to install the new keys
[email protected]’s password: <== 輸入遠端主機的密碼
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘[email protected]’”
and check to make sure that only the key(s) you wanted were added.
測試
[[email protected] ~]# ssh 192.168.0.232
可以看出,無需輸入密碼即可直接登入