2.sshd的key认证 1)生成认证KEY [[email protected] ~]#ssh-keygen ##生成密钥的命令 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): ##指定保存加密字符的文件(使用默认) Enter passphrase (empty for no passphrase): ##设定密码(使用空密码) Enter same passphrase again: ##确认密码 Your identification has been saved in ”/root/.ssh/id_rsa“. ##私钥(钥匙) Your public key has been saved in /root/.ssh/id_rsa.pub. ##公钥(锁) The key fingerprint is: 13:34:9d:2e:1c:9f:92:6b:5b:30:f6:d1:e0:60:dc:01 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | .E+.o | | .=.= | | o.B + | | O.* . | | .SB . | | o.o | | . o | | . | | | +-----------------+
2)加密sshd服务 [[email protected] .ssh]# ssh-copy-id -i id_rsa.pub [email protected] ##加密sshd服务 The authenticity of host '172.25.254.133 (172.25.254.133)' can't be established. ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys roo[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
[[email protected] .ssh]# ls authorized_keys id_rsa id_rsa.pub known_hosts ^ 此文件出现表示加密完成