首先由用户生成一对密钥,然后将公钥保存在SSH服务器用户的目录下.ssh子目录中的authorized_key文件里(/root/.ssh/authorized_key).私钥保存在本地计算机.当用户登陆时,服务器检查authorized_key文件的公钥是否与用户的私钥对应,如果相符则允许登入,否则拒绝.由于私钥只有保存在用户的本地计算机中,因此入侵者就算得到用户口令,也不能登陆到服务器.
ssh-keygen -t rsa #之后请求输入密码回车即可
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
80:ed:2f:c9:6b:bc:41:26:60:bb:09:56:65:15:2a:6a root@localhost
私钥在 /root/.ssh/id_rsa
公钥在 /root/.ssh/id_rsa.pub
#mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
A:linux下可以拷贝到/root/.ssh/就可以直接使用了。
B : ssh-copy-id -i . ~/.ssh/id-rsa.pub USRNAME@IPADDRESS
window用户下使用SSH客户端选择pulic_key方式登录即可
修改配置文件/etc/ssh/sshd_config将”PasswordAuthentication yes”修改为”PasswordAuthentication no”
需要重启sshd服务
#service sshd restart