1、修改配置
# sudo vim /etc/ssh/sshd_config
# 禁止密码登录
PasswordAuthentication no
#允许密钥认证
RSAAuthentication yes # 7.4之后废除
PubkeyAuthentication yes
#默认公钥存放的位置
AuthorizedKeysFile .ssh/authorized_keys
2、重启sshd
service sshd restart
# 查看 ssh 状态
systemctl status sshd
# 启动 ssh
systemctl start sshd
# 停止 ssh
systemctl stop sshd
3、本地生成公钥、私钥
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jiqing/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jiqing/.ssh/id_rsa.
Your public key has been saved in /home/jiqing/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LDe1utjTXrLkuU961zkZdYI+yHaOcr0PLXTLYjRD0uE jiqing@JQ-Mac
The key's randomart image is:
+---[RSA 2048]----+
| . |
| o . |
| o E. |
| . . +. . o|
| . S..o= ..o|
| o o+o+* o |
| .oo=B.+.+|
| oo++O++.+.|
| . o=B+o+. .|
+----[SHA256]-----+
-rw------- 1 jiqing jiqing 1679 5月 28 17:05 id_rsa
-rw-r--r-- 1 jiqing jiqing 395 5月 28 17:05 id_rsa.pub
4、用ssh-copy-id将公钥复制到远程机器中
ssh-copy-id -i ~/.ssh/id_rsa.pub root@线上IP
5、直接免密登录
ssh root@线上IP
我们发现线上的authorized_keys文件中有了秘钥
# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDU3UxwVJVTqY80s9HhGrBue3PIbsvWuIkXxIokPLN8C6mSUW/PeJQ73jjp1ZXEEygePXkxAou7JsPBItHQ5C7U1Zg6rAt3x7JTccNjvoVIRRbpxLY4AK/qlr1nEHtLxGEfCTtZ4pVrtEyLXQDGYIS6lexvA96z9Z19YfZLRRkzbPp6Jud8kBG+j3hLAlfXMkB/+HJ6HFOQ7Sa5DUoZn98on0LvZPdThxwxBpLcNqjIZ3tiTUobnY1EKbi/8kcq9tS8vLoPFdsEQM4F3pe9P6cXQGaHy73z06/tWGfsVlGomJFSOrvNvtPXd/SsRRLrUMlE8yM7zQaoZULNG7KEVyb jiqing@JQ-Mac
$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDU3UxwVJVTqY80s9HhGrBue3PIbsvWuIkXxIokPLN8C6mSUW/PeJQ73jjp1ZXEEygePXkxAou7JsPBItHQ5C7U1Zg6rAt3x7JTccNjvoVIRRbpxLY4AK/qlr1nEHtLxGEfCTtZ4pVrtEyLXQDGYIS6lexvA96z9Z19YfZLRRkzbPp6Jud8kBG+j3hLAlfXMkB/+HJ6HFOQ7Sa5DUoZn98on0LvZPdThxwxBpLcNqjIZ3tiTUobnY1EKbi/8kcq9tS8vLoPFdsEQM4F3pe9P6cXQGaHy73z06/tWGfsVlGomJFSOrvNvtPXd/SsRRLrUMlE8yM7zQaoZULNG7KEVyb jiqing@JQ-Mac
我们删除一下authorized_keys试试,删除后发现无法登录了。