一:客户端创建密钥对 (要区别用户身份)
[root@localhost ~]# ssh-keygen -t ecdsa //客户端生成密钥对文件
Generating public/private ecdsa key pair.Enter file in which to save the key (/root/.ssh/id_ecdsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ecdsa.Your public key has been saved in /root/.ssh/id_ecdsa.pub.The key fingerprint is:SHA256:ue0QGApV4tdcxexIunKELc150V8+iiCwyKWORpESdBM root@localhost.localdomainThe key's randomart image is:+---[ECDSA 256]---+|oo.E+.. .=. ||.o.o.+ o .o + .||. + = ==o+ + . o || . = +o+Boo . ...||. o . .oSo. . . .|| o . . o+ . . ||. oo . || o || . |+----[SHA256]-----+[root@localhost ~]# ls .ssh 查看密钥对文件id_ecdsa id_ecdsa.pub
二:将公钥上传至服务器端(SSH端)
[root@localhost ~]# ls .ssh
id_ecdsa id_ecdsa.pub[root@localhost ~]# scp .ssh/id_ecdsa.pub 192.168.200.132:/tmp 把公钥上传至服务器端The authenticity of host '192.168.200.132 (192.168.200.132)' can't be established.ECDSA key fingerprint is SHA256:rE9trM2ngfsoCTwVTR56sDvUGduuvS66nukGp7nAkLU.ECDSA key fingerprint is MD5:34:32:03:b3:a0:2a:58:fc:2b:16:32:ad:3b:f9:76:e2.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.200.132' (ECDSA) to the list of known hosts.root@192.168.200.132's password: //密码为服务器端的密码id_ecdsa.pub 100% 188 100.9KB/s 00:00三:服务端将公钥信息导入用户的公钥数据库文件(也要区别用户身份)
[root@localhost ~]# cat /tmp/id_ecdsa.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOki4ZCTlteMiIM0uNRSGOHOo56ABwv1+kJHVgMVANzvoib3D3ho0EQUcjpA6ywK2ParBqUplTbdjYjwx5wABVM= root@localhost.localdomain[root@localhost ~]# mkdir .ssh[root@localhost ~]# ll -d .ssh
drwx------. 2 root root 25 8月 19 16:31 .ssh[root@localhost ~]# chmod 700 .ssh (权限要跟客户端.ssh的权限一样,为700)[root@localhost ~]# cat /tmp/id_ecdsa.pub >> .ssh/authorized_keys
四客户端验证
[root@localhost ~]# ssh 192.168.200.132
Last login: Mon Aug 19 16:30:35 2019 from 192.168.200.100
二,三可以合在一起
[root@localhost ~]# ssh-copy-id -i .ssh/id_ecdsa.pub 192.168.200.132 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ecdsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.200.132's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.200.132'" and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh 192.168.200.132 Last login: Mon Aug 19 17:18:12 2019 from 192.168.200.130 [root@localhost ~]#
完整命令: ssh-copy-id -i /home/zhangsan/.ssh/id_rea.pub amber@192.168.200.111