今天小编给大家分享一下SSH无密码怎么实现安全登录的相关知识点,内容详细,逻辑清晰,相信大部分人都还太了解这方面的知识,所以分享这篇文章给大家参考一下,希望大家阅读完这篇文章后有所收获,下面我们一起来了解一下吧。
今天我们通过使用ssh-kengen命令生成私钥&公钥对,目的:免密码登录SSH。其算法有两种,分别是RSA和DSA。
RSA 是非对称加密算法,可以用来加密和签名。
DSA(Digital Signature Algorithm) 只能用来数字签名的算法。
以下操作适用于OS:Centos 7、Ubuntu 17,其他系统没测,理论上都可以使用。
服务器:
10.204.63
10.204.64
如何生成ssh公钥
登录10.10.204.63服务器生成公私密钥对:
[root@10-10-204-63 ~]# ssh-keygen -b 4096 -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:qLcoj2nSzq6G9ZpFQZ/OFqFT+oBDf3ousHkt82F1/xM root@10-10-204-63.10.10.204.63The key's randomart image is:+---[RSA 4096]----+| . . o || . + = o || o B = || . X o || . o B S . || .= * . . . E ||.oo.B * . . ||oo+*.O o .. ||o*O+o o .. |+----[SHA256]-----+三次回车即可生成 ssh key。注解:
-b 指定密钥长度。对于RSA密钥,最小要求768位,默认是2048位,最长4096字节。
-t 指定要创建的密钥类型。可以使用:”rsa1″(SSH-1) “rsa”(SSH-2) “dsa”(SSH-2)。
查看生成的文件
[root@10-10-204-63 ~]# ll .ssh/total 8-rw------- 1 root root 3243 Nov 25 15:58 id_rsa-rw-r--r-- 1 root root 758 Nov 25 15:58 id_rsa.pub说明:id_rsa 私钥id_rsa.pub 公钥将公钥上传到10.10.204.64
[root@10-10-204-63 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.10.204.64/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '10.10.204.64 (10.10.204.64)' can't be established.ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k.ECDSA key fingerprint is MD5:6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2.Are you sure you want to continue connecting (yes/no)? yes【输入yes回车】/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@10.10.204.64's password:【输入服务器密码回车】Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@10.10.204.64'"and check to make sure that only the key(s) you wanted were added.上传成功。
修改SSH配置文件
登录10.28.204.64修改,操作如下:
$ vim /etc/ssh/sshd_config去除以下注释:RSAAuthentication yesPubkeyAuthentication yes重启SSH服务
$ systemctl restart sshd测试免密码登录10.10.204.64
[root@10-10-204-63 ~]# ssh 'root@10.10.204.64'Last failed login: Sat Nov 25 16:09:48 CST 2017 from 83.234.149.66 on ssh:nottyThere was 1 failed login attempt since the last successful login.Last login: Sat Nov 25 15:57:33 2017 from 36.7.69.84[root@10-10-204-64 ~]#在不输入密码的情况下成功登录。
登陆成功后,建议在10.10.204.64服务器上也生成ssh公钥,并上传到10.10.204.63服务器,这样以来我们就可以相互免密码SSH登陆。多台服务器亦是如此。
查看公钥
[root@10-10-204-64 ~]# ll /root/.ssh/total 8-rw------- 1 root root 758 Nov 25 16:08 authorized_keys-rw-r--r--. 1 root root 175 Aug 9 09:19 known_hostsauthorized_keys是刚上传过来的公钥名称
如果公钥丢失,可以使用私钥再次生成公钥,命令如下:
[root@10-10-204-63 ~]# ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub以上就是“SSH无密码怎么实现安全登录”这篇文章的所有内容,感谢各位的阅读!相信大家阅读完这篇文章都有很大的收获,小编每天都会为大家更新不同的知识,如果还想学习更多的知识,请关注编程网行业资讯频道。
