Step 1: 在本地机器上使用ssh-keygen产生公钥私钥对
[root@hk1601 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c9:81:9f:3b:3c:f2:dd:f6:c9:c4:10:32:9e:32:24:d1 root@hk1601 The key's randomart image is: +--[ RSA 2048]----+ | .. | | oE | | o o o . | | = = + . | | S o . | | . + o | | . = o | | o + ..o . | | . ....+ | +-----------------+
Step 2: 将公钥复制到远程机器
[root@hk1601 ~]# ssh-copy-id -i .ssh/id_rsa.pub -p 10022 jilili@125.76.225.126 The authenticity of host '[125.76.225.126]:10022 ([125.76.225.126]:10022)' can't be established. ECDSA key fingerprint is cb:91:c5:2a:f1:fd:aa:7e:34:9c:d6:8c:e0:30:5f:e1. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys jilili@125.76.225.126's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p '10022' 'jilili@125.76.225.126'" and check to make sure that only the key(s) you wanted were added.
如果没有ssh-copy-id命令可以使用cat,如下:
cat ~/.ssh/id_rsa.pub | ssh root@hk1.ideais.net "cat - >> ~/.ssh/authorized_keys"
Step 3: 登录不要密码了
[root@hk1601 ~]# ssh -p '10022' 'jilili@125.76.225.126' Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-63-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Mon Jun 20 14:55:44 CST 2016 System load: 0.0 Processes: 165 Usage of /: 26.5% of 28.18GB Users logged in: 1 Memory usage: 54% IP address for eth0: 192.168.106.60 Swap usage: 55% IP address for docker0: 172.17.42.1 Graph this data and manage this system at: https://landscape.canonical.com/ 169 packages can be updated. 99 updates are security updates. Last login: Mon Jun 20 14:55:45 2016 from 118.193.151.205 jilili@web:~$
限制root仅使用公钥登录
如果想让root用户使用公钥登录,而不能使用密码登录,可以使用以下步骤:
- 先允许root登录,通过修改sshd_config文件
# vi /etc/ssh/sshd_config ... PermitRootLogin yes ...
- 将公钥发送到服务器端
cat ~/.ssh/id_rsa.pub | ssh root@hk1.ideais.net "cat - >> ~/.ssh/authorized_keys"
- 关闭root密码登录,后面将只能使用公钥登录
# vi /etc/ssh/sshd_config ... PermitRootLogin without-password ...
相关内容
· SSH免密码登录