ssh key登录远程服务器可以有效的增加服务器的安全性。
查看PubkeyAuthentication是否开启。
[root@localhost ~]# cat /etc/ssh/sshd_config | grep Pubkey
#PubkeyAuthentication yes
去掉前面的#号,开启PubkeyAuthentication。
[root@localhost ~]# vim /etc/ssh/sshd_config
已有公钥
将已有的ssh公钥上传到服务器id_rsa.pub。 然后将它的内容追加到authorized_keys文件中。
cat ./id_rsa.pub >> ~/.ssh/authorized_keys
新建ssh公钥
ssh-keygen -t rsa -b 2048
生成的路径默认位置:
linux : ~/.ssh/
windows:C:\Users\administrator\.ssh
mac: ~/.ssh
公钥和密钥
id_rsa 密钥 密钥是连接服务器用到的
id_rsa.pub 公钥 公钥是添加到服务器的
修改了sshd_config文件之后,需要重启sshd服务。
systemctl restart sshd
ssh -i .\id_rsa root@192.168.0.101 -i 密钥的路径
PS C:\Users\administrators\Desktop\ssh> ssh -i .\id_rsa root@192.168.0.101
The authenticity of host 'localhost(192.168.0.101)' can't be established.
ED25519 key fingerprint is SHA256:CC9asdu0asdax62NZEYm4asdadadUCjrmaAjUWAA.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.0.101' (ED25519) to the list of known hosts.
Enter passphrase for key '.\id_rsa':
Last failed login: Fri Aug 18 10:08:13 CST 2023 from 172.10.1.0 on ssh:notty
There were 29 failed login attempts since the last successful login.
Last login: Fri Aug 18 01:42:55 2023 from 172.10.1.5