安全密钥验证

1、在客户端主机中生成“密钥对”并把公钥传送到远程服务器中：[root@linuxprobe ~]# ssh-keygenGener锾攒揉敫ating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):直接敲击回车或设置密钥的存储路径 Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): 直接敲击回车或设置密钥的密码Enter same passphrase again: 再次敲击回车或设置密钥的密码Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@linuxprobe.comThe key's randomart image is:+--[ RSA 2048]----+|+*..o . ||*.o + ||o* . ||+ . . ||o.. S ||.. + ||. = ||E+ . ||+.o |+-----------------+

2、把客户端主机中生成好的公钥文件传送至远程主机：[root@linuxprobe ~]# ssh-copy-id 192.168.10.10皈其拄攥The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established.ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.10.10's password:此处输入远程服务器主机密码Number of key(s) added: 1Now try logging into the machine, with: "ssh '192.168.10.10'"and check to make sure that only the key(s) you wanted were added.

3、设置服务器主机只允许密钥验证，拒绝传统口令验证方式，记得修改配置文件后保存并重启sshd服务程序哦~：[root@linuxprobe ~]# vim /etc/ssh/sshd_config………………省略部分输出信息………………7475 # To disable tunneled clear text passwords, change to no here!76 #PasswordAuthentication yes 77 #PermitEmptyPasswords no78 PasswordAuthentication no79………………省略部分输出信息………………[root@linuxprobe ~]# systemctl restart sshd

4、在客户端主机尝试登陆到服务端主机，此时无需输入密码口令也可直接验证登陆成功：[root@linuxprobe ~]# ssh 192.168.10.10Last login: Mon Apr 13 19:34:13 2017