CentOS6.5创建公钥认证

Posted 2021-01-02 sunnyyangwang

服务器A：192.168.1.104 sund CentOS release 6.5 (Final)

 

1、熟悉默认sshd_config配置

[[email protected] ~]# egrep -v "#|^$" /etc/ssh/sshd_config 默认配置

Protocol 2

SyslogFacility AUTHPRIV

PasswordAuthentication yes

ChallengeResponseAuthentication no

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes

UsePAM no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

AcceptEnv XMODIFIERS

X11Forwarding yes

Subsystem sftp /usr/libexec/openssh/sftp-server

 

2、服务端创建.ssh目录

[[email protected] ~]# useradd test

[[email protected] ~]# passwd test

Changing password for user test.

New password:

[[email protected] ~]# su - test

[[email protected] ~]$ ssh-keygen -t rsa 直接enter，不需要输入密码

[[email protected] ~]$ rm -fr .ssh/*

 

3、客户端创建密钥

[[email protected] ~]# ls .ssh/

[[email protected] ~]# ssh-keygen -t rsa 直接输入enter，不需要输入密码

[[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]

Now try logging into the machine, with: "ssh ‘[email protected]‘"

and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]# ssh [email protected]

[email protected]‘s password:

Permission denied, please try again.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

[[email protected] ~]# ssh [email protected]

Last login: Sat Aug 11 19:56:27 2018 from 192.168.1.121

[[email protected] ~]$ exit

logout

Connection to 192.168.1.104 closed.

自此，完成了密码、秘钥两种方式访问服务器。

==============

4、服务端查看属性权限

[[email protected] ~]# ls -al /home/wang/

drwx------ 2 wang wang 4096 Aug 11 19:42 .ssh 700

[[email protected] ~]# ls -al /home/wang/.ssh/

-rw------- 1 wang wang 393 Aug 11 19:42 authorized_keys 600

 

5、关闭密码使用秘钥登录

编辑sshd_config配置文件，重启服务。

 

[[email protected] ~]# /etc/init.d/sshd restart 重启之后，退出，不能直接远程密码登录了。

[[email protected] ~]# exit

logout

The client has disconnected from the server. Reason:

Unable to authenticate using any of the configured authentication methods.

 

6、客户端访问

[[email protected] ~]# ssh -i .ssh/id_rsa [email protected]

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

[[email protected] ~]# ssh -i .ssh/id_rsa [email protected]

Last login: Sat Aug 11 19:57:07 2018 from 192.168.1.121

[[email protected] ~]$

将公钥拷贝到window电脑，sercureCRT客户端远程连接。

[[email protected] .ssh]# sz id_rsa 下载私钥证书远程连接服务器

参考：https://www.2cto.com/os/201301/184051.html

 

使用xshell客户端访问。配置私钥id_rsa。

参考：https://blog.csdn.net/qjc_501165091/article/details/51278696

 

登录成功，

 

自此，秘钥登录完毕。

====

xshell配置，配置新增私钥密码，是在客户端生成私钥过程中执行的。

 

服务端开启密码认证，远程重新拷贝公钥，

[[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]

[[email protected] ~]# ssh [email protected]

Enter passphrase for key ‘/root/.ssh/id_rsa‘: 12345

Last login: Sat Aug 11 20:35:02 2018 from 192.168.1.4

测试通过。