1. 生成秘钥对
[root@localhost ~]# ssh-keygen -t rsa #生成密钥对,-t代表类型,有RSA和DSA两种
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #密钥文件默认存放位置,按Enter即可
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #输入密钥锁码,或直接按 Enter 留空
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa. #生成的私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. #生成的公钥
The key fingerprint is:
SHA256:K1qy928tkk1FUuzQtsdfsdf6dfdfPvHw9lQ+KNuZ4 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| +. |
| o * . |
| . .O + |
| . *. * |
| S =3+ |
| . =... |
| .oo =+ov+ |
| ==o+B*3o. |
| oo.3=EXO. |
+----[SHA256]-----+
2. 分发公钥
ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.2
#修改权限
chmod 600 /root/.ssh/authorized_keys
3. 锁定秘钥文件,不能被更改
chattr +i /root/.ssh/id_rsa.pub
chattr +i /root/.ssh/authorized_keys
