通过使用ssh-kengen命令生成私钥&公钥对,主要目的免密码登录SSH。
其算法有两种,分别是RSA和DSA。
RSA 是非对称加密算法,可以用来加密和签名。
DSA(Digital Signature Algorithm) 只能用来数字签名的算法。
操作系统版本:CentOS Linux release 7.9.2009 (Core)
- 生成ssh公私密钥对
[root@localhost ~]# ssh-keygen -b 4096 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0+4LZqbAVEIlPIwc0mDA8y2GT849CvQ1ohyeC76sZsA root@localhost
The key's randomart image is:
+---[RSA 4096]----+
|*o+.o.. |
|.* * + . |
| X & = |
| . % X o . |
|o o = + S . |
|.E + . . o |
|o . o = . |
| = . = o |
|= . o. |
+----[SHA256]-----+
-b 指定密钥长度。对于RSA密钥,最小要求768位,默认是2048位,最长4096字节。
-t 指定要创建的密钥类型:”rsa1″(SSH-1) “rsa”(SSH-2) “dsa”(SSH-2)。
- 查看生成的密钥对
[root@localhost ~]# ll .ssh/
total 8
-rw------- 1 root root 3243 Mar 29 21:27 id_rsa #私钥
-rw-r--r-- 1 root root 737 Mar 29 21:27 id_rsa.pub #公钥
- 将公钥上传至远程服务器
[root@10-10-204-63 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k.
ECDSA key fingerprint is MD5:6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2.
Are you sure you want to continue connecting (yes/no)? yes【输入yes回车】
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.1'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ll .ssh/
总用量 4
-rw-------. 1 root root 737 3月 29 21:29 authorized_keys #查看公钥
- 配置远程服务器SSH免密登录
[root@localhost ~]# vi /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
systemctl restart sshd
- 测试SSH免密码登录
[root@localhost ~]# ssh 'root@192.168.1.1'
Last login: Wed Mar 29 22:25:38 2023 from desktop-e91ua52
[root@localhost ~]# exit