2.2.2安全秘钥验证

1.在客户机中生成“密钥对”。

[root@dsrw ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 回车或设置密钥的存储路径
Enter passphrase (empty for no passphrase): 回车或设置密钥的密码
Enter same passphrase again: 回车或设置密钥的密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:F1BVC+wHgHma4L4nJ9Bb4ApigBgE2KYCagkl5zolS4k root@dsrw.cn
The key's randomart image is:
+---[RSA 2048]----+
|*+o     .+o+o..  |
|*++   . o.. o. . |
|E*+  . . +.. ..  |
|OB    o o  .. .  |
|B    + .S .  .   |
|.o. . + ..       |
|.. . o +         |
|    . = o        |
|       =         |
+----[SHA256]-----+

2.把客户机中生成的的公钥文件传送至远程服务器

[root@dsrw ~]# ssh-copy-id 192.168.10.2
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.2's password: 在此输入服务器管理员密码
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '192.168.10.2'"
and check to make sure that only the key(s) you wanted were added.

3.对服务器进行设置,只允许密钥验证,拒绝传统的密码验证方式,记得重启sshd服务。

[root@dsrw ~]# vim /etc/ssh/sshd_config
 73 PasswordAuthentication no
 74 
 75 # Change to no to disable s/key passwords
[root@dsrw ~]# systemctl restart sshd

4.客户机登录服务器,无须输入密码也可以登录成功。

[root@dsrw ~]# ssh 192.168.10.2
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Dec 18 20:45:17 2022 from 192.168.10.4

5.win7客户机登录服务器

图片[1]-2.2.2安全秘钥验证-大赛人网
图2-13 putty登录失败
© 版权声明
THE END
喜欢就支持一下吧
点赞13 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容