一台装有RHEL 7.0操作系统的电脑
在客户端主机中生成“密钥对”并把公钥传送到远程服务器中:[root@linuxprobe ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):直接敲击回车或设置密钥的存储路径 Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): 直接敲击回车或设置密钥的密码Enter same passphrase again: 再次敲击回车或设置密钥的密码Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@linuxprobe.com The key's randomart image is: +--[ RSA 2048]----+ |+*..o . | |*.o + | |o* . | |+ . . | |o.. S | |.. + | |. = | |E+ . | |+.o | +-----------------+
把客户端主机中生成好的公钥文件传送至远程主机:[root@linuxprobe ~]# ssh-copy-id 192.168.10.10 The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established. ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f. Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.10.10's password:此处输入远程服务器主机密码Number of key(s) added: 1 Now try logging into the machine, with: 'ssh '192.168.10.10'' and check to make sure that only the key(s) you wanted were added.
设置服务器主机只允许密钥验证,拒绝传统口令验证方式,记得修改配置文件后保存并重启sshd服务程序哦~:[root@linuxprobe ~]# vim /etc/ssh/sshd_config ………………省略部分输出信息……………… 74 75 # To disable tunneled clear text passwords, change to no here! 76 #PasswordAuthentication yes 77 #PermitEmptyPasswords no 78 PasswordAuthentication no 79 ………………省略部分输出信息……………… [root@linuxprobe ~]# systemctl restart sshd
在客户端主机尝试登陆到服务端主机,此时无需输入密码口令也可直接验证登陆成功:[root@linuxprobe ~]# ssh 192.168.10.10 Last login: Mon Apr 13 19:34:13 2017