本教程以root用户演示
1.进入该用户根目录
cd ~
2.创建密钥
[root@slave1 ~]# ssh-keygen
Generating public/private rsa key pair.
#该命令提示的意思是:让我们定义私钥的存放路径,默认存在的路径是在/root/.ssh/id_rsa的下面
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
#该命令提示的意思是:定义私钥的密码,一般为了免密默认的留空,直接的回车
Enter passphrase (empty for no passphrase):
该命令提示的意思是:确认密码设置
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QuZWoxNQTWlFd5/wHmGiO/aQJH97sExwWO8gOzT38WI root@slave1
The key's randomart image is:
+---[RSA 2048]----+
| ...o.+o .+.o |
| . + .+.*.o|
| +.o. O + *.|
| + + .= X = +|
| * S X +E+.|
| . o . O.+. |
| = . |
| . |
| |
+----[SHA256]-----+
[root@slave1 ~]#
3.SSDH默认公钥文件为authorized_keys,可在配置中修改,此处使用默认配置。 创建authorized_keys,将公钥写入该文件并且授权。
[swack@localhost ~]$ touch .ssh/authorized_keys
[swack@localhost ~]$ cat /home/swack/.ssh/id_rsa.pub >> /home/swack/.ssh/authorized_keys
4.修改SSHD配置
vim /etc/ssh/sshd_config
修改以下参数
禁止密码登录
PasswordAuthentication no
启用密钥登录
PubkeyAuthentication yes
5.重启SSHD
systemctl reload sshd