VSCode Remote-SSH插件使用证书登陆远程服务器
客户端
- 生成秘钥对
[root@wks ~]#ssh-keygen <== 建立密钥对,默认没有其他需求,直接知心命令就行了
Generating public/private rsa key pair. <==生成公共/私有rsa密钥对。
Enter file in which to save the key (/root/.ssh/id_rsa): <==输入保存密钥的文件(/root/.ssh/id_rsa) 直接回车 默认
Enter passphrase (empty for no passphrase): <== 输入密钥锁码,或直接按 Enter 留空
Enter same passphrase again: <== 再输入一遍密钥锁码
Your identification has been saved in /root/.ssh/id_rsa. <== 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. <== 公钥
The key fingerprint is:
SHA256:/[------]
The key's randomart image is:
- 将公钥拷贝到服务端
ssh-copy-id -i ~/.ssh/id_rsa.pub username@[server IP]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/username/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@192.168.2.22's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@[server IP]"
and check to make sure that only the key(s) you wanted were added.
<== 根据提示输入服务端username对应的密码
服务端
- 配置允许证书登陆
vim /etc/ssh/sshd_config
将PubkeyAuthentication 修改为yes
2. 允许私钥登陆
cat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
chmod 700 ~/.ssh
客户端
- 测试
ssh username@[server IP]
如果不用输入密码可登陆即完成证书适配
- 安装Remote-SSH插件并修改配置文件
Host [server IP]
HostName [server IP]
User username
ForwardAgent yes
IdentityFile "/Users/[local username]/.ssh/id_rsa"
服务端(可选:禁止密码登陆)
vim /etc/ssh/sshd_config
PasswordAuthentication no
