标签:phrase ide image key 编辑 == centos6.5 add exec
服务器A:192.168.1.104 sund CentOS release 6.5 (Final)
1、熟悉默认sshd_config配置
[root@sund ~]# egrep -v "#|^$" /etc/ssh/sshd_config 默认配置
Protocol 2
SyslogFacility AUTHPRIV
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-server
2、服务端创建.ssh目录
[root@sund ~]# useradd test
[root@sund ~]# passwd test
Changing password for user test.
New password:
[root@sund ~]# su - test
[test@sund ~]$ ssh-keygen -t rsa 直接enter,不需要输入密码
[test@sund ~]$ rm -fr .ssh/*
3、客户端创建密钥
[root@testone ~]# ls .ssh/
[root@testone ~]# ssh-keygen -t rsa 直接输入enter,不需要输入密码
[root@testone ~]# ssh-copy-id -i .ssh/id_rsa.pub test@192.168.1.104
Now try logging into the machine, with: "ssh ‘test@192.168.1.104‘"
and check to make sure that only the key(s) you wanted were added.
[root@testone ~]# ssh root@192.168.1.104
root@192.168.1.104‘s password:
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@testone ~]# ssh test@192.168.1.104
Last login: Sat Aug 11 19:56:27 2018 from 192.168.1.121
[test@sund ~]$ exit
logout
Connection to 192.168.1.104 closed.
自此,完成了密码、秘钥两种方式访问服务器。
==============
4、服务端查看属性权限
[root@sund ~]# ls -al /home/wang/
drwx------ 2 wang wang 4096 Aug 11 19:42 .ssh 700
[root@sund ~]# ls -al /home/wang/.ssh/
-rw------- 1 wang wang 393 Aug 11 19:42 authorized_keys 600
5、关闭密码使用秘钥登录
编辑sshd_config配置文件,重启服务。
[root@sund ~]# /etc/init.d/sshd restart 重启之后,退出,不能直接远程密码登录了。
[root@sund ~]# exit
logout
The client has disconnected from the server. Reason:
Unable to authenticate using any of the configured authentication methods.
6、客户端访问
[root@testone ~]# ssh -i .ssh/id_rsa root@192.168.1.104
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@testone ~]# ssh -i .ssh/id_rsa test@192.168.1.104
Last login: Sat Aug 11 19:57:07 2018 from 192.168.1.121
[test@sund ~]$
将公钥拷贝到window电脑,sercureCRT客户端远程连接。
[root@testone .ssh]# sz id_rsa 下载私钥证书远程连接服务器
参考:https://www.2cto.com/os/201301/184051.html
使用xshell客户端访问。配置私钥id_rsa。
参考:https://blog.csdn.net/qjc_501165091/article/details/51278696
登录成功,
自此,秘钥登录完毕。
====
xshell配置,配置新增私钥密码,是在客户端生成私钥过程中执行的。
服务端开启密码认证,远程重新拷贝公钥,
[root@testone ~]# ssh-copy-id -i .ssh/id_rsa.pub test@192.168.1.104
[root@testone ~]# ssh test@192.168.1.104
Enter passphrase for key ‘/root/.ssh/id_rsa‘: 12345
Last login: Sat Aug 11 20:35:02 2018 from 192.168.1.4
测试通过。
标签:phrase ide image key 编辑 == centos6.5 add exec
原文地址:https://www.cnblogs.com/sunnyyangwang/p/9461442.html
