CentOS6.5创建公钥认证

服务器A：192.168.1.104 sund CentOS release 6.5 (Final)

 

1、熟悉默认sshd_config配置

[root@sund ~]# egrep -v "#|^$" /etc/ssh/sshd_config 默认配置

Protocol 2

SyslogFacility AUTHPRIV

PasswordAuthentication yes

ChallengeResponseAuthentication no

GSSAPIAuthentication yes

GSSAPICleanupCredentials yes

UsePAM no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

AcceptEnv XMODIFIERS

X11Forwarding yes

Subsystem sftp /usr/libexec/openssh/sftp-server

 

2、服务端创建.ssh目录

[root@sund ~]# useradd test

[root@sund ~]# passwd test

Changing password for user test.

New password:

[root@sund ~]# su - test

[test@sund ~]$ ssh-keygen -t rsa 直接enter，不需要输入密码

[test@sund ~]$ rm -fr .ssh/*

 

3、客户端创建密钥

[root@testone ~]# ls .ssh/

[root@testone ~]# ssh-keygen -t rsa 直接输入enter，不需要输入密码

[root@testone ~]# ssh-copy-id -i .ssh/id_rsa.pub test@192.168.1.104

Now try logging into the machine, with: "ssh 'test@192.168.1.104'"

and check to make sure that only the key(s) you wanted were added.

[root@testone ~]# ssh root@192.168.1.104

root@192.168.1.104's password:

Permission denied, please try again.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

[root@testone ~]# ssh test@192.168.1.104

Last login: Sat Aug 11 19:56:27 2018 from 192.168.1.121

[test@sund ~]$ exit

logout

Connection to 192.168.1.104 closed.

自此，完成了密码、秘钥两种方式访问服务器。

==============

4、服务端查看属性权限

[root@sund ~]# ls -al /home/wang/

drwx------ 2 wang wang 4096 Aug 11 19:42 .ssh 700

[root@sund ~]# ls -al /home/wang/.ssh/

-rw------- 1 wang wang 393 Aug 11 19:42 authorized_keys 600

 

5、关闭密码使用秘钥登录

编辑sshd_config配置文件，重启服务。

 

[root@sund ~]# /etc/init.d/sshd restart 重启之后，退出，不能直接远程密码登录了。

[root@sund ~]# exit

logout

The client has disconnected from the server. Reason:

Unable to authenticate using any of the configured authentication methods.

 

6、客户端访问

[root@testone ~]# ssh -i .ssh/id_rsa root@192.168.1.104

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

[root@testone ~]# ssh -i .ssh/id_rsa test@192.168.1.104

Last login: Sat Aug 11 19:57:07 2018 from 192.168.1.121

[test@sund ~]$

将公钥拷贝到window电脑，sercureCRT客户端远程连接。

[root@testone .ssh]# sz id_rsa 下载私钥证书远程连接服务器

参考：https://www.2cto.com/os/201301/184051.html

 

使用xshell客户端访问。配置私钥id_rsa。

参考：https://blog.csdn.net/qjc_501165091/article/details/51278696

 

登录成功，

 

自此，秘钥登录完毕。

====

xshell配置，配置新增私钥密码，是在客户端生成私钥过程中执行的。

 

服务端开启密码认证，远程重新拷贝公钥，

[root@testone ~]# ssh-copy-id -i .ssh/id_rsa.pub test@192.168.1.104

[root@testone ~]# ssh test@192.168.1.104

Enter passphrase for key '/root/.ssh/id_rsa': 12345

Last login: Sat Aug 11 20:35:02 2018 from 192.168.1.4

测试通过。