linux生成公钥私钥ssh远程实现直接免密登录

作者: admin 分类: linux 发布时间: 2019-06-25 21:11

  实验环境

  系统:CentOS 6.5

  加密算法:RSA

  两台服务器:服务端、客户端

  服务端用户名:lisi

  客户端用户名:zhangsan

  让两台服务器互相登录不需要密码登录,实现直接免密登录。
 

双向公钥和私钥验证图
双向公钥和私钥验证图

  OpenSSH安装包

  默认安装Linux系统时自动安装,若未安装,安装光盘中的如下rpm包:

  openssh-clients-5.3p1-94.el6.x86_64

  openssh-askpass-5.3p1-94.el6.x86_64

  openssh-server-5.3p1-94.el6.x86_64

  openssh-5.3p1-94.el6.x86_64

  服务名称:sshd

  服务端主程序:/usr/sbin/sshd

  服务端配置文件:/etc/ssh/sshd_config

  客户端配置文件:/etc/ssh/ssh_config

  

  28.128配置创建公钥和私钥对

  在客户端创建公钥私钥

  [root@localhost ~]# useradd zhangsan

  [root@localhost ~]# passwd zhangsan

  更改用户 zhangsan 的密码 。

  新的 密码:

  无效的密码: WAY 过短

  无效的密码: 过于简单

  重新输入新的 密码:

  passwd: 所有的身份验证令牌已经成功更新。

  [root@localhost ~]# su - zhangsan

  [zhangsan@localhost ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/zhangsan/.ssh/id_rsa): #提示文件放到这里行不行,不修改回车就行。
Created directory '/home/zhangsan/.ssh'.
Enter passphrase (empty for no passphrase):   #回车
Enter same passphrase again:   #回车
Your identification has been saved in /home/zhangsan/.ssh/id_rsa.       #私钥位置
Your public key has been saved in /home/zhangsan/.ssh/id_rsa.pub.    #公钥位置
The key fingerprint is:
3e:57:cf:9a:d6:6f:1d:36:71:c1:f4:3a:94:9d:61:40 zhangsan@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|            .E++ |
|              .=+|
|              o.+|
|             . o.|
|        S   . o o|
|       .   . o = |
|        o .  .+ +|
|         o  .o. o|
|           .o  o.|
+-----------------+

 

[zhangsan@localhost ~]$ ssh-copy-id -i /home/zhangsan/.ssh/id_rsa.pub lisi@192.168.28.128
The authenticity of host '192.168.28.128 (192.168.28.128)' can't be established.
RSA key fingerprint is e2:e9:fc:57:50:d3:2d:16:4a:a1:9c:15:08:0d:70:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.28.128' (RSA) to the list of known hosts.
lisi@192.168.28.128's password:   #输入用户密码
Now try logging into the machine, with "ssh 'lisi@192.168.28.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
 

  开启密钥验证配置文件/etc/ssh/sshd_config

  #RSAAuthentication yes #启用RSA算法

  #PubkeyAuthentication yes #启用密钥对验证

  #AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置

 

  服务端:

  [lisi@www ~]$ ll .ssh/

  总用量 4

  -rw-------. 1 lisi lisi 412 5月 28 20:53 authorized_keys

  [lisi@www ~]$ cat .ssh/authorized_keys

  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqWHpmYbHdB5G8yb0CtbowBHNPKi8o9SwDNLfmy0C0sG/tROvM2yHTbwQiFpan4yiRYOHGPCajMnsuywFo0waxT2CkhkZB3k9bvDKkfuUhvA/O7zl2GRh4yKSsGmAMU/OEA80oPv2AeSu41LNCgQ3FeItZwLwzq7EvD40yOJLuzCM7EG8gwsg5RF8OCJAIA7oJSyEhg3+HUppmtf6QJX6dNnb/uvoalAbjLrN+aJuiokaFi76OiMVKQYYw82Wof3p/XJre+tkm2DLhZSyZpvBfsZhPiKMxTVOnKyhx7z2wkQkh9bdHo+9uG7HTgeUN2blg90rhq9hpBwwZnMzz+SB2w== zhangsan@localhost.localdomain

 

  28.100服务器配置生成公钥和私钥

  [root@www ~]# useradd lisi

  [root@www ~]# passwd lisi

  更改用户 lisi 的密码 。

  新的 密码:

  无效的密码: WAY 过短

  无效的密码: 过于简单

  重新输入新的 密码:

  passwd: 所有的身份验证令牌已经成功更新。

  [root@www ~]# su - lisi

[lisi@www ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lisi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lisi/.ssh/id_rsa.
Your public key has been saved in /home/lisi/.ssh/id_rsa.pub.
The key fingerprint is:
b3:55:1b:8f:5f:47:e7:6f:e3:0c:e9:ef:30:2b:bc:2e lisi@www
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|            o   o|
|           . = o.|
|        S . o . +|
|         +   ...o|
|        . .  =..o|
|         E o. B..|
|          ooooo= |
+-----------------+

[lisi@www ~]$ ssh-copy-id -i /home/lisi/.ssh/id_rsa.pub zhangsan@192.168.28.100
zhangsan@192.168.28.100's password:
Now try logging into the machine, with "ssh 'zhangsan@192.168.28.100'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
 

  开启密钥验证配置文件/etc/ssh/sshd_config

  #RSAAuthentication yes #启用RSA算法

  #PubkeyAuthentication yes #启用密钥对验证

  #AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置

 

  测试

  [zhangsan@localhost ~]$ ssh lisi@192.168.28.128

  Last login: Mon May 28 20:57:32 2018 from 192.168.28.100

  [lisi@www ~]$

 

  [lisi@www ~]$ ssh zhangsan@192.168.28.100

  [zhangsan@localhost ~]$

 

  linux ssh配置文件修复详解

Linux 命令大全

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!