一:客户端创建密钥对 (要区别用户身份)
[root@localhost ~]# ssh-keygen -t ecdsa //客户端生成密钥对文件
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:ue0QGApV4tdcxexIunKELc150V8+iiCwyKWORpESdBM root@localhost.localdomain
The key's randomart image is:
+---[ECDSA 256]---+
|oo.E+.. .=. |
|.o.o.+ o .o + .|
|. + = ==o+ + . o |
| . = +o+Boo . ...|
|. o . .oSo. . . .|
| o . . o+ . . |
|. oo . |
| o |
| . |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh 查看密钥对文件
id_ecdsa id_ecdsa.pub
二:将公钥上传至服务器端(SSH端)
[root@localhost ~]# ls .ssh
id_ecdsa id_ecdsa.pub
[root@localhost ~]# scp .ssh/id_ecdsa.pub 192.168.200.132:/tmp 把公钥上传至服务器端
The authenticity of host '192.168.200.132 (192.168.200.132)' can't be established.
ECDSA key fingerprint is SHA256:rE9trM2ngfsoCTwVTR56sDvUGduuvS66nukGp7nAkLU.
ECDSA key fingerprint is MD5:34:32:03:b3:a0:2a:58:fc:2b:16:32:ad:3b:f9:76:e2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.132' (ECDSA) to the list of known hosts.
root@192.168.200.132's password: //密码为服务器端的密码
id_ecdsa.pub 100% 188 100.9KB/s 00:00
三:服务端将公钥信息导入用户的公钥数据库文件(也要区别用户身份)
[root@localhost ~]# cat /tmp/id_ecdsa.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOki4ZCTlteMiIM0uNRSGOHOo56ABwv1+kJHVgMVANzvoib3D3ho0EQUcjpA6ywK2ParBqUplTbdjYjwx5wABVM= root@localhost.localdomain
[root@localhost ~]# mkdir .ssh
[root@localhost ~]# ll -d .ssh
drwx------. 2 root root 25 8月 19 16:31 .ssh
[root@localhost ~]# chmod 700 .ssh (权限要跟客户端.ssh的权限一样,为700)
[root@localhost ~]# cat /tmp/id_ecdsa.pub >> .ssh/authorized_keys
四客户端验证
[root@localhost ~]# ssh 192.168.200.132
Last login: Mon Aug 19 16:30:35 2019 from 192.168.200.100
二,三可以合在一起
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.132's password:
and check to make sure that only the key(s) you wanted were added.
Last login: Mon Aug 19 17:18:12 2019 from 192.168.200.130
[root@localhost ~]#
完整命令: ssh-copy-id -i /home/zhangsan/.ssh/id_rea.pub amber@192.168.200.111