ssh key authentication

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

SSH keys prove to be a reliable and secure alternative.
The private key is retained by the client and should be kept absolutely secret.

The public key is uploaded to a remote server that you want to be able to log into with SSH.
The key is added to a special file within the user account you will be logging into called
~/.ssh/authorized_keys

When a client attempts to authenticate using SSH keys, the server can test the client on
whether they are in possession of the private key.
If the client can prove that it owns the private key, a shell session
is spawned or the requested command is executed.

0. 安装openssh-server

在server上配置:

sudo apt-get install openssh-server

查看ssh daemon 是否启动

ps aux | grep sshd

查看server IP

ip addr

在其他机器上ssh password 方式登录server

ssh username@serverIp

1. 生成key pair

ssh-keygen

输出

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

By default, this will create a 2048 bit RSA key pair, which is fine for most uses.

生成位置/home/username/.ssh/

  • private key id_rsa
  • public key id_rsa.pub

Next, you will be prompted to enter a passphrase for the key.
This is an optional passphrase that can be used to encrypt the private key file on disk.
The passphrase serves as an additional layer of protection in case these conditions are compromised.
A passphrase is an optional addition. If you enter one, you will have to provide it every time you use this key.

2. 上传public key 到server

方法1

ssh-copy-id username@remote_host

To use the utility, you simply need to specify the remote host that you would like to connect to
the user account that you have password SSH access to. This is the account where your public SSH key will be copied.

使用前提:
you must already have password-based SSH access to your server.

方法2

cat ~/.ssh/id_rsa.pub | ssh username@remote_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

3. 验证

ssh username@remote_host

4. 在server上关闭 ssh password 登录方式

sudo vi /etc/ssh/sshd_config
PasswordAuthentication no

On Ubuntu or Debian machines, you can issue this command:

sudo service ssh restart

On CentOS/Fedora machines, the daemon is called sshd:

sudo service sshd restart

After completing this step, you’ve successfully transitioned your SSH daemon to only respond to SSH keys.

posted @ 2021-02-26 10:50  fndefbwefsowpvqfx  阅读(120)  评论(0编辑  收藏  举报