之前寫《搭建基于SSH的Git服務(wù)器》
,有大致講過SSH遠(yuǎn)程登陸
現(xiàn)在完整的小結(jié)一下
首先是SSH Key的生成
ssh-keygen -t rsa -C "byhook@163.com"
根據(jù)提示輸入密碼
Generating public/private rsa key pair.
Enter file in which to save the key (/home/byhook/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/byhook/.ssh/id_rsa.
Your public key has been saved in /home/byhook/.ssh/id_rsa.pub.
The key fingerprint is:
f5:9a:53:d3:97:d1:61:11:81:f6:9a:53:e1:c2:ab:62 byhook@163.com
The key's randomart image is:
+--[ RSA 2048]----+
| .*+|
| o..o|
| . o o.o|
| . . + +o|
| S + B..|
| + * . |
| + . . |
| E o |
| . . |
+-----------------+
生成的id_rsa文件是私有密鑰
id_rsa.pub是公開的密鑰
查看公鑰的內(nèi)容
cat ~/.ssh/id_rsa.pub
不建議用root用戶來開啟SSH登陸
建議新創(chuàng)建一個用戶
#遠(yuǎn)程登陸
ssh root@192.168.1.104
#創(chuàng)建新用戶
useradd andy
#配置密碼
passwd andy
本機現(xiàn)在可以上傳公鑰到服務(wù)器
#本機復(fù)制公鑰到服務(wù)器
scp -r ~/.ssh/id_rsa.pub andy@192.168.1.104:~/
#遠(yuǎn)程登陸
ssh andy@192.168.1.104
用戶andy配置授權(quán)
cd ~
mkdir .ssh
cd .ssh
touch authorized_keys
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
rm ~/id_rsa.pub
最后加上權(quán)限
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
開啟授權(quán)登陸
su
yum install vim
vim /etc/ssh/sshd_config
將如下三行注釋去掉
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
如圖所示
不建議使用root用戶開啟遠(yuǎn)程SSH登陸,如果實在想開啟可以去掉
#PermitRootLogin yes
的注釋
最后重啟服務(wù)
service sshd restart
最后你會發(fā)現(xiàn),已經(jīng)不用輸入密碼了
ssh andy@192.168.1.104