使用密钥登录

# 使用密钥登录

ssh-keygen -t rsa

[root@host ~]$ ssh-keygen  <== 建立密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <== 按 Enter
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): <== 输入密钥锁码，或直接按 Enter 留空
Enter same passphrase again: <== 再输入一遍密钥锁码
Your identification has been saved in /root/.ssh/id_rsa. <== 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. <== 公钥
The key fingerprint is:
0f:d3:e7:1a:1c:bd:5c:03:f1:19:f1:22:df:9b:cc:08 root@host

vi  /etc/ssh/sshd_config

RSAAuthentication yes
PubkeyAuthentication yes

#另外，请留意 root 用户能否通过 SSH 登录：
PermitRootLogin yes

#当你完成全部设置，并以密钥方式登录成功后，再禁用密码登录：
PasswordAuthentication no

#最后，重启 SSH 服务：
systemctl restart sshd

#===============================


# 禁用密码验证 
PasswordAuthentication no
# 启用密钥验证 
RSAAuthentication yes
PubkeyAuthentication yes
# 指定公钥数据库文件 
AuthorsizedKeysFile .ssh/authorized_keys

# 开启密钥登录
#sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config
sed -i "s/^#RSAAuthentication.*/RSAAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#AuthorizedKeysFile.*/AuthorizedKeysFile .ssh\/authorized_keys/g" /etc/ssh/sshd_config
systemctl restart sshd

# 等待密钥登录成功后，在关闭密码登录
sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config
systemctl restart sshd

# 使用finalshell登录，报错
暂不支持此私钥格式,请参考以下方法解决:
1.转换成PEM格式私钥
ssh-keygen -p -m PEM -f 私钥路径
2.生成PEM格式的私钥
生成时增加 -m PEM参数
ssh-keygen -m PEM -t rsa -C "注释"

[root@node02 ~]# ssh-keygen -p -m PEM -f .ssh/id_rsa
Key has comment 'root@node02'
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

1