SSH遠程證書登陸是使用"公私鑰"認證的方式來進行SSH登錄。
1、創建公私鑰
創建方式有很多種,比如說通用ssh連接工具創建,然後把公鑰上傳到Server主機對應的用戶目錄下:
~/.ssh/authorized_keys
大家可以參考這裏:http://www.aiezu.com/system/linux/xshell_ssh_public-key_login.html
這裏我使用服務器自帶的openssh來創建,以root用戶爲例:
//檢查是否安裝了openssh服務 rpm -qa|grep openssh //創建公私鑰 ssh-keygen -t rsa
執行上邊的語句後,開始進入引導設置:
Generating public/private rsa key pair. //創建ssh目錄,直接回車 Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. //輸入密碼,好果不想輸入可直接回車 Enter passphrase (empty for no passphrase): //確認密碼 Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 74:4a:c7:28:26:06:20:7d:62:40:8b:2e:fa:14:a8:1b [email protected] The key's randomart image is: +--[ RSA 2048]----+ |==. | |o =.. o | |.o oo o + + | |.. . o + + | |o.. S | |+ . | |E . | | = | |. . | +-----------------+ //結束
執行上邊的方法,我們的公私鑰便創建完成啦,可以查看一下:
[root@localhost ~]# ls ~/.ssh/ id_rsa id_rsa.pub //id_rsa id 爲私鑰 //id_rsa.pub 爲公鑰
2、服務器配置
//打開配置文件 vim /etc/ssh/sshd_config
修改相應節點:
//啓用 RSA 認證 RSAAuthentication yes //啓用公鑰私鑰配對認證方式 PubkeyAuthentication yes //公鑰文件路徑 AuthorizedKeysFile .ssh/authorized_keys //禁用密碼登陸 PasswordAuthentication no
通過上邊的設置可以看出公鑰存儲在 authorized_keys 文件裏,我們需要將第一步生成的公鑰寫入到該文件,執行以下命令:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
注意:非root用戶至少需要授於只讀權限
chmod 400 ~/.ssh/authorized_keys
最後重啓ssh服務
systemctl restart sshd.service
3、客戶端配置
本地創建一個文件key.txt,下載服務端生成的私鑰,打開並複製到本地key.txt文件中:
more ~/.ssh/id_rsa
注意:複製的時候請選擇 -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- 全部內容,否則無法使用,例如:
-----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKCAQEAuUD63UpzsyrPc5YmW0VdQmF3fCqlPJmddGkVwl2V2nv7QDZX +oUan96XfABAms3Sp2LHKQHidHPDjgs/3hfIAsB/I8gBQZJupoA6DBJ2HHhoUD7O FG99S/YTM4nMfu3BPD6yFDMyhMjKY4Ed38WEaESG6QeFMO5EDqlvJiGjY8vnUoFe GEm3yQn3nOtxd3XHafeDdC0bt6CELs6x50zAhtvBogoeqDWQoCtAPcm4MxgZ8+wd f2GKdAj6fBNuAVOi/ARGVnOGma4PYgBovFlue1xIZJ4iGpVVRKTBopWZpicOiBtm 5qRzKsk5hYoR2L8WFAOYJGmdwmUs15+K9T1uqQIDAQABAoIBAQCjsRQ6N1BWz4wx cUqBOaB3SFJhB/mru30S4MwWS8VfIlBXY+2Hcteczf4C1uI/J4Fs4G5lAMJN7gCs 4anUoCTesaNmRZM+kpptSz5/bkypSYe66FQGYKFRXqWG08s7mPA3QJrwGHEaPaYA GJYCJbCixXKENF3vZ4oBfpu1EOIkCgQp9Gsw3TzKXtieihynwf6PBVA4gRDCA8S/ p3cEDhFJUiI/n8WG6VRd59/+4lhFL6zpX8FRVtWFshaNg60I/+DrGxzDxG+1MbkA BTkTpMq5evVsCDz/tJyyqBZTAv8pwluwn0bxoCEXQgE2FvpjJVl5qtfarWh3z7kB 1PVcIQjVAoGBAPNPRMqrtT7uUS8OvZf/bUHug+ENeJ/5mVJS/ZWPliLcNjAqJiek 0ye+T/XQxtOqJC2P4ds4+4dSkV+8jRsB47kC9r4Aa/6MhmfifQhXrUBwc54cQ8rj grw2BSfd5gZNqrYvaYwZOJMkTx2ljTuCNrKECHwNQwMHWtG5OTyw6NB7AoGBAMLq iRJPorQ1dXkzm795vuNrEayj8bEOUclpoyZctDflMEilj5p7/crslImSlOHXJHry ING5CmOJIE2GMPZAmV4UNrQRAffTpMuhPgu6YLmoKPXvQk85ArnGFImxsETTY3aX 2pW09O2EAfFLSEZfO+KtDfvjNeLgPpVObTSk3B4rAoGBAL7vyAZcNYHLN758DOEJ O85vxOKJ1c2E7IMkSYhjA+kbcxLdINAfku0vdkRrsHxOmtF+hjmpQAp0C01cBEfb db+sycFVR2qdEKTZolE3rOhS1wiPGcxQOjpFEkq04lyz+nG6R1QAPtuJtOSJFIpM p2v0HUxsg9gOn4DRoE82bZ2dAoGBAKLqF0F30F1hZVu1eBNVdehtYGt06Bl+B3wa UGRLDdK+PFosD1gnFJycmxZVrx0IjpQ4dpf0WquRPK+vXpMksUvCB2r/4C489rvA fLSexiPHWt0casb+trmBxz7DhrowGS1RhUCl7CXttRXyP2maRdqTnGGRqkOD/Ksc zwg2V0jbAoGBAM8MWhHmA6elQbLD3x38Kkcn2YNOrOcgqV3ihDTX6/VWkJQ9MFhC BnygVC/bA/0P+yhsivCfmS0YR1bfeTyfftlh7aprnfRNPsiAYwgWv2HM5we0qv7o pocCUHuflpIAQxm/mxQObFty/ie4Wrme9OcCe0ksjaJNDpOwFzLWx9oh -----END RSA PRIVATE KEY-----
打開xshell客戶端,身份驗證選擇Public key方式,輸入用戶名,剛纔我們使用的是root用戶,所以這裏輸入root,用戶密鑰選擇瀏覽,找到key.txt文件導入,密碼如果剛纔我們在創建密鑰的時候輸入了密碼,那此處密碼填寫剛纔設置的密碼,如果沒有設置,則不用填寫。
至此,便可以連接接使用啦,安全又升級了!
文章出處:http://www.cnblogs.com/anech/p/6888979.html