在Linux服务器客户端之间构建密钥对验证进行远程连接

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在Linux服务器客户端之间构建密钥对验证进行远程连接相关的知识,希望对你有一定的参考价值。

技术图片
客户端:192.168.1.10 zhangsan用户
服务端:192.168.1.20 lisi用户
在客户端中创建密钥对:

[zhangsan@localhost /]$ ssh-keygen -t ecdsa         # -t 用来指定算法类型:ecdsa和dsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/zhangsan/.ssh/id_ecdsa):     # 指定私钥位置
Created directory ‘/home/zhangsan/.ssh‘.
Enter passphrase (empty for no passphrase):             # 设置私钥短语
Enter same passphrase again:                            # 确认所设置的私钥短语
Your identification has been saved in /home/zhangsan/.ssh/id_ecdsa.
Your public key has been saved in /home/zhangsan/.ssh/id_ecdsa.pub.
The key fingerprint is:
81:3b:35:3b:8f:12:60:ba:f5:68:57:b0:ae:35:2c:fe zhangsan@localhost.localdomain
The key‘s randomart image is:
+--[ECDSA  256]---+
|                 |
|       .         |
|    o o +        |
|   o . = +       |
|  . . = S        |                                      # 一般出来左边这一串就说明对了
|   o = + +       |
|  . + O . .      |
|   o = o         |
|    o.E          |
+-----------------+

私钥短语用来对私钥文件进行保护,在进行远程连接时必须要输入正确的私钥短语。若不设置私钥短语,那么在连接时,就实现了无口令登录,不建议这样做。
一般是经过 客户端创建密钥对、将公钥上传至服务器、在服务器中导入公钥文本、在客户端使用密钥验证
这里第二步和第三步是可以采用另一种方法来实现的:

[zhangsan@localhost /]$ ssh-copy-id -i ~/.ssh/id_ecdsa.pub lisi@192.168.1.20 -p 2345                         # -i 选项用来指定公钥文件
The authenticity of host ‘[192.168.1.20]:2345 ([192.168.1.20]:2345)‘ can‘t be established.
ECDSA key fingerprint is 68:df:0f:ac:c7:75:df:02:88:7d:36:6a:1a:ae:27:23.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
lisi@192.168.1.20‘s password:           # lisi 用户的密码    验证后会将公钥添加到lisi宿主目录下的./sshauthorized_keys 文件

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p ‘2345‘ ‘lisi@192.168.1.20‘"
and check to make sure that only the key(s) you wanted were added.

使用秘钥对验证:

[zhangsan@localhost /]$ ssh -p 2345 lisi@192.168.1.20
Enter passphrase for key ‘/home/zhangsan/.ssh/id_ecdsa‘:        # 这里输入私钥短语,就不需要输入lisi的密码了
Last login: Fri Aug 16 18:19:48 2019 from 192.168.1.10
[lisi@mysql ~]$

以上是关于在Linux服务器客户端之间构建密钥对验证进行远程连接的主要内容,如果未能解决你的问题,请参考以下文章

实战证明LINUX系统下密钥对验证的安全性

如何构建密钥对验证的SSH体系

linux redhat6.5 构建SSH服务及SSH构建密钥对验证

Linux中远程访问SSH及TCP Wrappers控制

SSH远程管理,构建密钥对验证的SSH体系,设置SSH代理功能。

Openssh服务配置:控制用户登录 构建密钥对验证ssh