SSH配置秘钥登入(root用户)

1、进入.ssh文件夹

cd .ssh

2、生成秘钥对, 根据情况写入密码(默认免密)

ssh-keygen -t rsa

  [root@localhost .ssh]# ls

known_hosts    记录ssh访问过计算机的公钥(public key)
id_rsa    生成的私钥
id_rsa.pub    生成的公钥
authorized_keys    存放授权过的无密登录服务器公钥

3、先给本机发一份公钥

ssh-copy-id 192.168.0.200

 验证免密登入

[root@localhost .ssh]# ssh 192.168.0.200
Last login: Fri Apr 28 06:09:38 2023 from 192.168.0.171
[root@localhost ~]# exit
logout
Connection to 192.168.0.200 closed.
[root@localhost .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

4、发送公钥给192.168.0.201

[root@localhost .ssh]# ssh-copy-id 192.168.0.201
 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.201 (192.168.0.201)' can't be established.
ECDSA key fingerprint is SHA256:haVMdddyTWD9WBmNq+gE3ecWZO8obQATiS9TONvpkh4.
ECDSA key fingerprint is MD5:51:e9:38:37:24:ce:2d:36:01:45:12:9b:01:40:18:3e.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.201's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.0.201'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]#

5、验证

[root@localhost .ssh]# ssh 192.168.0.201
Last login: Thu Apr 27 13:58:20 2023 from 192.168.0.171
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:e0:cb:10 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.201/24 brd 192.168.0.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::3dc2:127:d5f5:5cf3/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[root@localhost ~]# exit
logout
Connection to 192.168.0.201 closed.
[root@localhost .ssh]#

6、关闭密码登入

编辑 vi /etc/ssh/sshd_config
将PasswordAuthentication参数值修改为no: PasswordAuthentication no
重启ssh服务:systemctl restart sshd.service

 

posted @ 2023-04-28 17:29  Flyoung  阅读(407)  评论(0)    收藏  举报