Step 1: 在本地机器上使用ssh-keygen产生公钥私钥对

[root@hk1601 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c9:81:9f:3b:3c:f2:dd:f6:c9:c4:10:32:9e:32:24:d1 root@hk1601
The key's randomart image is:
+--[ RSA 2048]----+
|      ..         |
|       oE        |
|      o o o .    |
|       = = + .   |
|        S o .    |
|       . +   o   |
|      . =     o  |
|       o + ..o . |
|        . ....+  |
+-----------------+

Step 2: 将公钥复制到远程机器

[root@hk1601 ~]# ssh-copy-id -i .ssh/id_rsa.pub -p 10022 jilili@125.76.225.126
The authenticity of host '[125.76.225.126]:10022 ([125.76.225.126]:10022)' can't be established.
ECDSA key fingerprint is cb:91:c5:2a:f1:fd:aa:7e:34:9c:d6:8c:e0:30:5f:e1.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
jilili@125.76.225.126's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '10022' 'jilili@125.76.225.126'"
and check to make sure that only the key(s) you wanted were added.

如果没有ssh-copy-id命令可以使用cat,如下:

cat ~/.ssh/id_rsa.pub | ssh root@hk1.ideais.net "cat - >> ~/.ssh/authorized_keys"

Step 3: 登录不要密码了

[root@hk1601 ~]# ssh -p '10022' 'jilili@125.76.225.126'
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-63-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Mon Jun 20 14:55:44 CST 2016

  System load:  0.0                Processes:              165
  Usage of /:   26.5% of 28.18GB   Users logged in:        1
  Memory usage: 54%                IP address for eth0:    192.168.106.60
  Swap usage:   55%                IP address for docker0: 172.17.42.1

  Graph this data and manage this system at:
    https://landscape.canonical.com/

169 packages can be updated.
99 updates are security updates.

Last login: Mon Jun 20 14:55:45 2016 from 118.193.151.205
jilili@web:~$

限制root仅使用公钥登录

如果想让root用户使用公钥登录,而不能使用密码登录,可以使用以下步骤:

  • 先允许root登录,通过修改sshd_config文件
# vi /etc/ssh/sshd_config
...
PermitRootLogin yes
...
  • 将公钥发送到服务器端
cat ~/.ssh/id_rsa.pub | ssh root@hk1.ideais.net "cat - >> ~/.ssh/authorized_keys"
  • 关闭root密码登录,后面将只能使用公钥登录
# vi /etc/ssh/sshd_config
...
PermitRootLogin without-password
...

相关内容

· SSH免密码登录

· Oracle用户和密码

· 华为交换机清除Console密码

· Linux目录结构

· Python二维码

· 使用Certbot申请免费SSL证书

· 通过SSH在建立端口映射

· Linux编码设置

· Javascript与数据编码

· Python json.dumps中文编码

[ 编辑 | 历史 ]
最近由“jilili”在“2016-06-21 14:53:59”修改