linux ssh鍵構成ログイン
#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
2a:ad:45:20:74:8b:bf:8f:c4:a8:6e:af:46:50:6b:ea [email protected]
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| . . |
| ..o . |
| .o.o |
|. oo . |
|.o . . S |
|.. o + . |
|o . = + |
| E . * |
|=oo.o . |
+-----------------+
#ssh-copy-id -i ~/.ssh/id_rsa.pub 12.0.0.16
[email protected]'s password:
Now try logging into the machine, with "ssh '12.0.0.16'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[CCDT-QH- -1-root-]~#ssh 12.0.0.16
Last login: Sat Aug 5 10:27:32 2017 from 12.0.0.15
[CCDT-QH- -2-root-]~#
#ssh-keygen -t rsa
### rsa , ~/.ssh/{id_rsa,id_rsa.pub}
###id_rsa id_rsa.pub
#ssh-copy-id -i ~/.ssh/id_rsa.pub 12.0.0.16
### copy (12.0.0.16) , ( ssh ) ~/.ssh/authorized_keys
scp ssh 。。
サーバ構成の完全な手順は、次のとおりです.
(1)鍵公開鍵copyをサーバに生成し,秘密鍵をローカルに保存する.
(2)設定hosts.allow hosts.deny指名ssh許可リンクのホワイトリスト
(3)パスワードでのログイン禁止
(4)(オプション)rootユーザーのリモートログインを禁止
----------------------------------------------------------------------------------------
SSHプロファイルの変更
# sshd_config
vi /etc/ssh/sshd_config
#
PasswordAuthenticationno
#
RSAAuthentication yes
PubkeyAuthentication yes
#
AuthorsizedKeysFile.ssh/authorized_keys
SSHサービスを再起動する前に、不測の事態に備えてセッションを1つ多く保持することをお勧めします.
#RHEL/CentOS
service sshd restart
#Ubuntu
service ssh restart
#debian
/etc/init.d/ssh restart
go go go...