1.在服务器上生成密钥对
[root@JumpServer ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <==是否设置私钥密码,如果设置了 使用私钥时还必须输入该密码防止盗用
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa <===私钥
Your public key has been saved in /root/.ssh/id_rsa.pub <====公钥
The key fingerprint is:
SHA256:8MMDEZvTZJqaNu5Fuqkvusbmt2/WM6vs3ocBiy4ppjw root@JumpServer
The key's randomart image is:
+---[RSA 3072]----+
| o.o |
| X |
| O . |
| + * |
| * + S |
| + = . o |
|. o o o o |
|oE.+.*.= . |
|@===%*.o= |
+----[SHA256]-----+
[root@JumpServer ~]# 生成后,私钥储存在/root/.ssh/id_rsa中,公钥储存在/root/.ssh/id_rsa.pub中
公钥放在服务器上,而私钥存放在我们本地中,作为登录凭证与服务器上的公钥进行配对。
2.安装密钥对
要让某个用户能通过这个密钥登录,需要把公钥写入用户家目录下的.ssh/authorized_keys
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys将id_rsa保存到本地中,然后可以从服务器中删除防止被盗。
3.修改sshd_config
PermitRootLogin without-password #禁止root用户使用密码登录 如果不需要root用户请设置为no
PasswordAuthentication no #禁止密码登录
PubkeyAuthentication yes #允许公钥登录4.重启sshd服务器
systemctl restart sshd接下来将密钥导入你的终端软件中就可以登录服务器了。