一、生成密钥对(两种方式)并配置
方式1:使用ssh-keygen(1)生成并配置
(1)生成密钥对
- [root@iZwz9catu2mrq92b07d1d0Z ~]# ssh-keygen -t rsa
- Generating public/private rsa key pair.
- //输入文件名称
- Enter file in which to save the key (/root/.ssh/id_rsa): keys_root
- //输入私钥加密密码
- Enter passphrase (empty for no passphrase):
- //再次输入密码
- Enter same passphrase again:
-
- Your identification has been saved in keys_root.
- Your public key has been saved in keys_root.pub.
- The key fingerprint is:
- f4:f9:70:51:cf:09:f6:da:30:6a:b1:67:4f:dc:14:44 root@iZwz9catu2mrq92b07d1d0Z
- The key's randomart image is:
- +--[ RSA 2048]----+
- | o+E |
- | ..ooo|
- | . ..o o+|
- | . . .+.*..|
- | S ++.+ +.|
- | .+o o |
- | . . |
- | |
- | |
- +-----------------+
- //文件生成成功,keys_root为私钥,keys_root.pub为公钥
- [root@iZwz9catu2mrq92b07d1d0Z ~]# ls
- keys_root keys_root.pub
(2)配置公钥
- //将生成的公钥写入到用户的authorized_keys
- [root@iZwz9catu2mrq92b07d1d0Z ~]# echo -e '#this is keys_root' >> ~/.ssh/authorized
- _keys ; cat ~/keys_root.pub >> ~/.ssh/authorized_keys
- [root@iZwz9catu2mrq92b07d1d0Z ~]# cat ~/.ssh/authorized_keys
- #this is keys_root
- ssh-rsa 我是猪!B3NzaC1yc2E我是猪!BIwAAAQEAyhp9SBxas8Nmwdi4dQfOuUULpMGRnGEFopU2DXhSF+
- PE/s80xrVS31Ycd5o4gU3iehKx2vo4OEB2lYZ2JCfptTc59HAj+Qwqh7i5S4YQuX/+31GkY+s8XKFR4QgH1
- ubQt9feU2cagfG1f+wWRsa0YtefE67Kjv6OZuKuA2bOdrAH4mzV1m71iLMUZYgaEnfJExXj2lbPAXRqCV+tdIj9h
- 0jxhB5pQXsZ3NE38D22WYNKO4Sy8odfE7Oby1I0Emm8Uhiwqgx91HP22iY/WqzZOxeKZPF17CPWr9cChaPh
- 9/DXM1Wd8KDCg33MO6hbpqAwh7iEughndXly0FY0oZNKnQ== root@iZwz9catu2mrq92b07d1d0Z
(3)配置私钥
下载私钥到本地机器
- [root@iZwz9catu2mrq92b07d1d0Z ~]# sz keys_root
启动Xshell
工具(Tools)
用户密钥管理者(User Key Manager)
导入已下载的 keys_root 文件(Import)
配置完成
方式2:使用Xshell生成并配置
启动Xshell
工具
新建用户密钥生成向导(New User Key Wizard)
按步骤选择下一步
输入密钥名称和私钥密码后选择下一步
密钥对生成成功,此时私钥已自动导入到Xshell中,需要我们手动保存公钥到本地机器
上传已保存的公钥文件到服务器并配置在用户的authorized_keys文件中
二、通过密钥登录服务器
新建会话,填写名称、主机等信息
选择左侧栏目用户身份验证,右侧方法选择Public Key,填写用户名,
选择对应的用户密钥并填写密钥的密码,点击确定
连接会话
附录
- [root@iZwz9catu2mrq92b07d1d0Z ~]# man ssh
1.ssh-keygen命令介绍
- The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/id
- entity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2
- ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub
- (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or
- ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then copy t
- he public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine.
- The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line,
- though the lines can be very long. After this, the user can log in without giving
- the password.
注:每个用户都拥有自己的 authorized_keys
2.authorized_keys文件介绍
- ~/.ssh/authorized_keys
- Lists the public keys (RSA/ECDSA/DSA) that can be used for logging in as this user. The format of this file is
- described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are
- read/write for the user, and not accessible by others.
注:建议文件权限对拥有者为读写权限,其他用户无权限
|
