ssh创建密钥对认证
[root@localhost ~]# useradd hehe #创建普通用户张三
[root@localhost ~]# su - hehe #进入张三用户
[hehe@localhost ~]$ ssh-keygen -t rsa #创建密钥对,rsa算法
#创建密钥对时会让你输入密码密码可写可不写
[hehe@localhost ~]$ ls
[hehe@localhost ~]$ ls -a
. .. .bash_logout .bash_profile .bashrc .cache .config .mozilla .ssh
[hehe@localhost ~]$ cd .ssh
[hehe@localhost .ssh]$ ls
id_rsa id_rsa.pub #出现.ssh目录 私钥公钥都在里面id_rsa 私钥 id_rsa.pub 公钥
[hehe@localhost .ssh]$ scp id_rsa.pub root@192.168.100.181 #把公钥以root的身份传给服务器
[hehe@localhost .ssh]$ scp id_rsa.pub root@192.168.100.181:/tmp/
The authenticity of host '192.168.100.181 (192.168.100.181)' can't be established.
ECDSA key fingerprint is e6:6a:1c:35:a0:ce:55:49:f8:3a:fd:72:9b:11:aa:0d.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.100.181' (ECDSA) to the list of known hosts.
root@192.168.100.181's password:
id_rsa.pub 0% 0 0.0KB/s --:-- ETA
id_rsa.pub 100% 408 0.4KB/s 00:00 #百分百显示成功
------------------------------------------------------------------------------------------------------------------------以上是客户端操作,以下是服务器操作
ls /tmp/
id_rsa.pub #公钥已经导入成功了
ks-script-lH7Zsq
systemd-private-5b39a8ad25264afea8d50d43f68e2b47-chronyd.service-vomwxB
vmware-root_5994-725844256
vmware-root_6127-1949772731
vmware-root_6422-994228579
yum.log
[root@localhost tmp]# mkdir /home/test3/.ssh #在test3用户下创建一个.ssh的文件夹
[root@localhost tmp]# cat id_rsa.pub #看一下公钥里面的铭文
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCcdhbE3ZbFYsyPg5TMHHNxU/1bU8
[root@localhost tmp]# cat id_rsa.pub > /home/test3/.ssh/authorized_keys #把公钥覆盖到authorrized_keys下 这个目录一个方公钥的数据库
[root@localhost tmp]# ll /home/test3/.ssh/authorized_keys #看一下里面的权限 644
-rw-r--r--. 1 root root 408 8月 16 09:37 /home/test3/.ssh/authorized_keys
--------------------------------------------------------------------------------------------------------------------------------
然后我们去客户端中测试
[hehe@localhost .ssh]$ ssh test3@192.168.100.181 #远程连接test3
Enter passphrase for key '/home/hehe/.ssh/id_rsa':
[test3@localhost ~]$ ip a #可以看到用户名编程test3了此时连接成功了
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:18:21:6d brd ff:ff:ff:ff:ff:ff
inet 192.168.100.181/24 brd 192.168.100.255 scope global noprefixroute dynamic ens33 #ip地址也变成服务器的了
valid_lft 4550sec preferred_lft 4550sec
inet6 fe80::d1f4:2e18:af6b:f8b8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
总结(一共四个步骤)
1.创建密钥对(私钥公钥、公钥给服务器私钥自己留着,私钥不能泄露)
2.把公钥给服务器 scp
3.把公钥放到指定用户的公钥数据库中.ssh/authorized_keys
4.客户端进行测试远程连接测试