使用公钥登录 Linux 服务器
使用公钥登录 Linux 服务器
Linux 上使用公钥登录
- 在客户端上通过
ssh-copy_id 将公钥写入到服务器的 authorized_keys:
[root@VM-4-11-centos ~]# ssh-copy-id root@10.0.4.4
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.4.4's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.0.4.4'"
and check to make sure that only the key(s) you wanted were added.
[root@VM-4-11-centos ~]#
- 通过 ssh 登录:
[root@VM-4-11-centos ~]# ssh root@10.0.4.4
Last login: Fri Aug 31 09:49:48 2024 from 222.64.93.61
[root@VM-4-4-opencloudos ~]#
Windows 上使用公钥登录
- 把 Windows 上生成的 id_rsa.pub 文件上传到服务器上:
C:\Users\zhpj\.ssh>dir
Volume in drive C is OS
Volume Serial Number is DE62-06F3
Directory of C:\Users\zhpj\.ssh
2024-08-30 09:26 <DIR> .
2024-08-28 09:13 <DIR> ..
2022-02-10 17:37 <DIR> .ssh
2023-05-16 09:08 2,245 config
2021-08-02 09:58 1,679 id_rsa
2021-08-02 09:58 405 id_rsa.pub
2022-07-20 13:43 2,602 id_rsa_zhpj07
2022-07-20 13:43 569 id_rsa_zhpj07.pub
2024-08-30 09:26 9,141 known_hosts
2024-08-30 09:26 8,395 known_hosts.old
7 File(s) 25,036 bytes
3 Dir(s) 27,532,115,968 bytes free
C:\Users\zhpj\.ssh>
C:\Users\zhpj\.ssh>scp .\id_rsa_zhpj07.pub root@xxx.xxx.xxx.xxx:/root/
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
ED25519 key fingerprint is SHA256:dcPCSvTa3Mk4BpeTG2Or6i1dOC+Y300WhKGL773lJfk.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Warning: Permanently added 'xxx.xxx.xxx.xxx' (ED25519) to the list of known hosts.
root@xxx.xxx.xxx.xxx's password:
id_rsa_zhpj07.pub 100% 569 61.3KB/s 00:00
C:\Users\zhpj\.ssh>
- 在服务器上,将上传的公钥内容追加到
.ssh/authorized_keys 文件的最后:
[root@VM-4-4-opencloudos ~]# ll
total 4
-rw-r--r-- 1 root root 569 Aug 31 09:26 id_rsa_zhpj07.pub
[root@VM-4-4-opencloudos ~]#
[root@VM-4-4-opencloudos ~]# cat id_rsa_zhpj07.pub >> .ssh/authorized_keys
[root@VM-4-4-opencloudos ~]#
- 检查
.ssh/authorized_keys 的权限,确认是 600:
[root@VM-4-4-opencloudos ~]# ll .ssh/
total 4
-rw------- 1 root root 569 Aug 31 09:30 authorized_keys
[root@VM-4-4-opencloudos ~]#
- 检查
/etc/ssh/sshd_config 配置文件:
# 启用证书登录
PubkeyAuthentication yes
RSAAuthentication yes
# 禁用密码登录
PasswordAuthentication no
- 重启
sshd 服务:
[root@VM-4-4-opencloudos ~]# systemctl restart sshd
[root@VM-4-4-opencloudos ~]#
- windows 上登录证书登录:
C:\Users\zhpj>ssh -i ~\.ssh\id_rsa_zhpj07 root@xxx.xxx.xxx.xxx
Last login: Fri Aug 31 09:36:27 2024 from xxx.xxx.xxx.xxx
[root@VM-4-4-opencloudos ~]#
- 修改 Windows 上的
.ssh/config 文件,避免每次 ssh 时都要通过-i 指定证书路径:
Host zhpj07
hostname xxx.xxx.xxx.xxx
user root
port 22
identityfile ~/.ssh/id_rsa_zhpj07
ServerAliveCountMax 5
ServerAliveInterval 5
- 在终端中通过
ssh zhpj07 登录:
C:\Users\zhpj>ssh zhpj07
Last login: Fri Aug 31 09:39:28 2024 from xxx.xxx.xxx.xxx
[root@VM-4-4-opencloudos ~]#