在本地機器生成祕鑰
[dev@dev .ssh]$ ssh-keygen -m PEM -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/dev/.ssh/id_rsa):
/home/dev/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/dev/.ssh/id_rsa.
Your public key has been saved in /home/dev/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:yemygEgSHiY5T84SMh/l4uJuttK9hojTAnNqXM2Zl7M [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| . |
| . o |
|Oo+ . |
|=%.o . o |
|+o* o o S |
|*+.o = = |
|=Ooo. o + |
|O=+ o. E |
|==..... |
+----[SHA256]-----+
拷貝公鑰到目標服務器
[dev@dev .ssh]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/dev/.ssh/id_rsa.pub"
The authenticity of host '192.168.32.20 (192.168.32.20)' can't be established.
ECDSA key fingerprint is SHA256:PMFv66hIVPYzdTFBjNbHSnE7n8erg2F8dlNq0uEiB7o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[dev@dev .ssh]$
SSH 通過祕鑰訪問目標服務器
ssh
在目標服務器清除指定的祕鑰
[dev@dev .ssh]$ ssh-keygen -R 192.168.32.20
# Host 192.168.32.20 found: line 1
/home/dev/.ssh/known_hosts updated.
Original contents retained as /home/dev/.ssh/known_hosts.old