key认证
1、生成key
[test@foundation0 ~]$ ssh-keygen ###生成公钥和私钥的工具
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件,使用默认
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): ###密码,必须大于4位
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is: ###确认密码
a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| .*+ |
| +. o . |
| .. . E . |
| o + + * |
| S + * + |
| . * . o |
| . . |
| |
| |
+-----------------+
[test@foundation0 .ssh]$ pwd
/home/test/.ssh ###生成密钥存放位置
[test@foundation0 .ssh]$ ls
id_rsa id_rsa.pub ####id_rsa位私钥,id_rsa.pub位公钥
2、添加key认证方式
[root@server0 ~]# ssh-copy-id -i /root/.ssh.id_rsa.pub root@172.25.0.11
ssh-copy-id ####添加key认证方式的工具
-i ####指定加密key文件
/root/.ssh/id_rsa.pub #####加密key
root ####加密用户为root
172.25.0.11 ####被加密主机的ip
3、分发钥匙给client主机
[root@servero ~]# scp /root/.ssh/id rsa root@172.25.0.10:/root/.ssh
#########################sshd服务的简单配置########################################
vim /etc/ssh/sshd_config ###sshd服务的配置文件
48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###重新加载配置
