密钥对验证

一：客户端创建密钥对 （要区别用户身份）

[root@localhost ~]# ssh-keygen -t ecdsa     //客户端生成密钥对文件
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:ue0QGApV4tdcxexIunKELc150V8+iiCwyKWORpESdBM root@localhost.localdomain
The key's randomart image is:
+---[ECDSA 256]---+
|oo.E+..   .=.    |
|.o.o.+ o .o +   .|
|. + = ==o+ + . o |
| . = +o+Boo . ...|
|. o . .oSo. . . .|
| o .  . o+ . .   |
|.      oo .      |
|         o       |
|          .      |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh            查看密钥对文件
id_ecdsa  id_ecdsa.pub

二：将公钥上传至服务器端（SSH端）

[root@localhost ~]# ls .ssh
id_ecdsa  id_ecdsa.pub
[root@localhost ~]# scp .ssh/id_ecdsa.pub   192.168.200.132:/tmp        把公钥上传至服务器端
The authenticity of host '192.168.200.132 (192.168.200.132)' can't be established.
ECDSA key fingerprint is SHA256:rE9trM2ngfsoCTwVTR56sDvUGduuvS66nukGp7nAkLU.
ECDSA key fingerprint is MD5:34:32:03:b3:a0:2a:58:fc:2b:16:32:ad:3b:f9:76:e2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.132' (ECDSA) to the list of known hosts.
root@192.168.200.132's password:            //密码为服务器端的密码
id_ecdsa.pub                                          100%  188   100.9KB/s   00:00 

三：服务端将公钥信息导入用户的公钥数据库文件（也要区别用户身份）

[root@localhost ~]# cat /tmp/id_ecdsa.pub              
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOki4ZCTlteMiIM0uNRSGOHOo56ABwv1+kJHVgMVANzvoib3D3ho0EQUcjpA6ywK2ParBqUplTbdjYjwx5wABVM= root@localhost.localdomain
[root@localhost ~]# mkdir .ssh

[root@localhost ~]# ll -d .ssh            
drwx------. 2 root root 25 8月  19 16:31 .ssh
[root@localhost ~]# chmod 700 .ssh    （权限要跟客户端.ssh的权限一样，为700）

[root@localhost ~]# cat /tmp/id_ecdsa.pub >> .ssh/authorized_keys

四客户端验证

[root@localhost ~]# ssh 192.168.200.132
Last login: Mon Aug 19 16:30:35 2019 from 192.168.200.100

二，三可以合在一起

[root@localhost ~]# ssh-copy-id -i .ssh/id_ecdsa.pub  192.168.200.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.132's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.200.132'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# ssh 192.168.200.132
Last login: Mon Aug 19 17:18:12 2019 from 192.168.200.130
[root@localhost ~]#

完整命令： ssh-copy-id   -i  /home/zhangsan/.ssh/id_rea.pub   amber@192.168.200.111