Centos7设置SSH无密码登录

发表于   |   分类于 个人笔记   |   暂无评论   |  字数 159

通过使用ssh-kengen命令生成私钥&公钥对,主要目的免密码登录SSH。
其算法有两种,分别是RSA和DSA。
RSA 是非对称加密算法,可以用来加密和签名。
DSA(Digital Signature Algorithm) 只能用来数字签名的算法。

操作系统版本:CentOS Linux release 7.9.2009 (Core)

  • 生成ssh公私密钥对
[root@localhost ~]# ssh-keygen -b 4096 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0+4LZqbAVEIlPIwc0mDA8y2GT849CvQ1ohyeC76sZsA root@localhost
The key's randomart image is:
+---[RSA 4096]----+
|*o+.o..          |
|.* * + .         |
|  X & =          |
| . % X o .       |
|o o = + S .      |
|.E + . . o       |
|o . o   = .      |
| =   . = o       |
|=     .   o.     |
+----[SHA256]-----+

-b 指定密钥长度。对于RSA密钥,最小要求768位,默认是2048位,最长4096字节。
-t 指定要创建的密钥类型:”rsa1″(SSH-1) “rsa”(SSH-2) “dsa”(SSH-2)。

  • 查看生成的密钥对
[root@localhost ~]# ll .ssh/
total 8
-rw------- 1 root root 3243 Mar 29 21:27 id_rsa             #私钥
-rw-r--r-- 1 root root  737 Mar 29 21:27 id_rsa.pub         #公钥
  • 将公钥上传至远程服务器
[root@10-10-204-63 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k.
ECDSA key fingerprint is MD5:6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2.
Are you sure you want to continue connecting (yes/no)? yes【输入yes回车】
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.1.1'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# ll .ssh/
总用量 4
-rw-------. 1 root root 737 3月  29 21:29 authorized_keys #查看公钥
  • 配置远程服务器SSH免密登录
[root@localhost ~]# vi /etc/ssh/sshd_config
RSAAuthentication yes    
PubkeyAuthentication yes
systemctl restart sshd
  • 测试SSH免密码登录
[root@localhost ~]# ssh 'root@192.168.1.1'
Last login: Wed Mar 29 22:25:38 2023 from desktop-e91ua52
[root@localhost ~]# exit
添加新评论