在linux上生成密钥对,并把公钥放到远程linux上,实现密钥验证登陆
A机器上执行
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):#默认保存在root/.ssh/目录下回车即可
Enter passphrase (empty for no passphrase): #设置密码的密钥大于6位,为空也可以
Enter same passphrase again: #再次输入密码
Your identification has been saved in /root/.ssh/id_rsa. #私钥为id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub. #公钥为id_rsa.pub
The key fingerprint is:
56:69:cc:46:a1:19:28:05:03:52:2f:25:34:a3:2d:4b root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|.oB.+o... o. |
| + *... B . |
|oEo .. o B |
|.o . + |
|. S |
| . |
| |
| |
| |
+-----------------+
这样生成了一对密钥 在roo/.ssh/ 目录下,id_rsa.pub 为公钥,id_rsa为私钥
|
1
2
3
|
[root@localhost ~]
# cat .ssh/id_rsa.pub
ssh
-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqIhOP+Ljsme54
/bWkeKUVbnyXYnFaG
+ocTyXkaQLPiLOvUQWWp3EB+tjkUzRy0GpeAVaEKjIkjj19p+RKrz1eJG
/4QEbg6ZcKX
+wuH3
/kbrGYI5VfA5sAkJB
+6wDuZkp1nEawHnTgn0xg804vdD08yq1VirNYh0Xf0Xu6+QxStUwDjWZOj7hHu46xyOh
/j2ViozeyKYG3QIvHuK9MVhNGB6QFKQyFPfw0ZUoCIlOcBsKrKsssrh
+mCsmEJtV6
/2ZGJnV72iH
+Dk3EWlc7+dPod9sAU1BTshYlEcJ8YVuJcEyCBTewzCIpnGXPqqCYTZmk7E1SNap4HCTUm+ZvmsOWw==
root@localhost.localdomain
|
复制公钥的内容,复制到B机器的root/.ssh/authorized_keys里面
如果B机器没有/root/.ssh/目录 需要先建立一个,并且设置权限为700,只有root可以访问。
|
1
2
3
4
5
|
[root@yong ~]
# mkdir /root/.ssh
[root@yong ~]
# ls -ld .ssh/
drwxr-xr-x. 2 root root 4096 Mar 9 11:43 .
ssh
/
[root@yong ~]
# chmod 700 /root/.ssh/
[root@yong .
ssh
]
# vi /root/.ssh/authorized_keys
|
然后A机器通过SSH服务访问B机器
#ssh root@B机器的iP地址 或 #ssh B机器的iP地址
如果没有安装ssh客户端的话无法使用ssh命令
客户端安装ssh服务的命令 #yum -y install openssh-clients
|
1
2
3
4
5
6
|
[root@localhost ~]
# ssh root@192.168.20.4
The authenticity of host
'192.168.20.4 (192.168.20.4)'
can't be established.
RSA key fingerprint is c4:61:c3:7d:c7:fc:0a:7c:8d:b7:45:06:6a:26:03:5e.
Are you sure you want to
continue
connecting (
yes
/no
)?
yes
Warning: Permanently added
'192.168.20.4'
(RSA) to the list of known hosts.
root@192.168.20.4's password:
|
输入B机器的管理员密码登录,连续输错3次后拒绝登录。
退出ssh远程登录exit
查看机器安装ssh的安装包 #rpm -qa | grep ssh
|
1
2
3
4
5
|
[root@localhost ~]
# rpm -qa |grep ssh
openssh-server-5.3p1-104.el6_6.1.i686
openssh-clients-5.3p1-104.el6_6.1.i686
libssh2-1.4.2-1.el6.i686
openssh-5.3p1-104.el6_6.1.i686
|
sshd服务的置文件为 /etc/ssh/sshd_config
可以进行查看cat 更改vi 更改port端口号
更改sshd的端口号之后,必须要重启sshd服务 #service sshd restart
查看ssh服务器有没有运行 #ps -e | grep ssh
运行ssh的命令
#/etc/rc.d/init.d/sshd start
#service ssh start
查看ssh服务的网络连接 #netstat -ntlp
