在Linux机器上生成ssh密钥对

1.将SSH服务设为开机自启

[root@bogon ~]# sudo systemctl enable sshd

2.生成密钥对

mkdir /root/.ssh

[root@bogon ~]#ssh-keygen -m PEM -t rsa -b 4096

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):---直接回车

Enter passphrase (empty for no passphrase): ---直接回车

Enter same passphrase again: ---直接回车

Your identification has been saved in /root/.ssh/id_rsa

Your public key has been saved in /root/.ssh/id_rsa.pub

The key fingerprint is:

SHA256:0fkmG9TL4uaSytSCcOzUPrm8s9sUactEf8MzckFah4c root@bogon

The key's randomart image is:

+---[RSA 3072]----+

|            oo.  |

|         . *E..  |

|        o = o.   |

|   . . . = + o   |

|  . + . S * %    |

|   = o * + X +   |

|    o * =.+      |

|     +.*oo       |

|      O*...      |

+----[SHA256]-----+

直接回车即可，不必添加密

// 密钥对生成路径，默认为/root/.ssh/id_rsa，可以手动输入其他地址

[root@bogon ~]# cd /root/.ssh

[root@bogon .ssh]# ls

id_rsa  id_rsa.pub

[root@bogon .ssh]#

发送密钥并验证：

[root@bogon .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.18.220

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host '192.168.18.220 (192.168.18.220)' can't be established.

ECDSA key fingerprint is SHA256:cgU1SuVpMebBi8woXzbKzxNtmZxzvjRhONUAWy94+bI.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes---输入yes回车

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.

root@192.168.18.220's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.18.220'"

and check to make sure that only the key(s) you wanted were added.

[root@bogon .ssh]# ssh root@192.168.18.220

Authorized users only. All activities may be monitored and reported.

Web console: https://kylin-server.localdomain:9090/ or https://192.168.18.220:9090/

Last login: Fri Sep  9 14:59:53 2022 from 192.168.18.153

[user@kylin-server ~]$