SSH密钥登录

Posted 2020-10-15 前方有路

一、生成并配置密钥对

方式1、使用ssh-keygen(1)生成并配置

（1）生成密钥对

[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.

//输入文件名称
Enter file in which to save the key (/root/.ssh/id_rsa): keys_root   
//输入私钥加密密码
Enter passphrase (empty for no passphrase):    
//再次输入密码                       
Enter same passphrase again:                            
              
Your identification has been saved in keys_root.
Your public key has been saved in keys_root.pub.
The key fingerprint is:
f4:f9:70:51:cf:09:f6:da:30:6a:b1:67:4f:dc:14:44 [email protected]
The key‘s randomart image is:
+--[ RSA 2048]----+
|             o+E |
|            ..ooo|
|        .  ..o o+|
|       . . .+.*..|
|        S ++.+ +.|
|          .+o o  |
|            .  . |
|                 |
|                 |
+-----------------+

//文件生成成功，keys_root为私钥，keys_root.pub为公钥
[[email protected] ~]# ls
keys_root  keys_root.pub       

 

（2）配置公钥

[[email protected] ~]# echo -e ‘#this is keys_root‘ >> ~/.ssh/authorized_keys ; cat ~/keys_root.pub >> ~/.ssh/authorized_keys   
[[email protected] ~]# cat ~/.ssh/authorized_keys
#this is keys_root
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyhp9SBxas8Nmwdi4dQfOuUULpMGRnGEFopU2DXhSF+PE/s80xrVS31Ycd5o4gU3iehKx2vo4OEB2lYZ2JCfptTc59HAj+Qwqh7i5S4YQuX/+31GkY+s8XKFR4QgH1ubQt9feU2cagfG1f+wWRsa0YtefE67Kjv6OZuKuA2bOdrAH4mzV1m71iLMUZYgaEnfJExXj2lbPAXRqCV+tdIj9h0jxhB5pQXsZ3NE38D22WYNKO4Sy8odfE7Oby1I0Emm8Uhiwqgx91HP22iY/WqzZOxeKZPF17CPWr9cChaPh9/DXM1Wd8KDCg33MO6hbpqAwh7iEughndXly0FY0oZNKnQ== [email protected]

 

（3）下载私钥到本地机器，并导入到Xshell

[[email protected] ~]# sz keys_root   

• 启动Xshell
• 工具（Tools）
• 用户密钥管理者（User Key Manager）
• 导入已下载的 keys_root 文件（Import），关闭
• 配置完成

 

方式2、使用Xshell生成并配置

• 启动Xshell
• 工具
• 新建用户密钥生成向导（New User Key Wizard）
• 下一步 x2
• 输入密钥名称和私钥密码
• 下一步，生成的私钥将自动保存到Xshell中
• 手动保存公钥文件，并配置在终端的authorized_keys文件
• 配置完成

 

二、在Xshell上使用密钥登录服务器

• 新建会话，填写名称、主机等信息
• 选择用户身份验证，方法选择Public Key，填写用户名，选择对应的用户密钥并填写密钥的加密密码，点击确定
• 连接会话

---

附录

[[email protected] ~]# man ssh

1.ssh-keygen命令介绍

The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2
ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or
~/.ssh/id_rsa.pub (protocol 2 RSA) in the user’s home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine.
The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving
the password.

2.authorized_keys文件介绍

~/.ssh/authorized_keys
Lists the public keys (RSA/ECDSA/DSA) that can be used for logging in as this user. The format of this file is
described in the sshd(8) manual page. This file is not highly sensitive, but the recommended permissions are
read/write for the user, and not accessible by others.