Documentation of filesite.io.
https://filesite.io
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.1 KiB
65 lines
1.1 KiB
2 years ago
|
|
||
|
|
# CentOS 7如何如何配置证书连接ssh及禁用密码登陆?
|
||
|
|
|
||
|
|
|
||
|
|
## ssh-keygen生成证书
|
||
|
|
|
||
|
|
```
|
||
|
|
ssh-keygen -t rsa -b 4096
|
||
|
|
```
|
||
|
|
|
||
|
|
连续回车使用默认值即可在~/.ssh/目录下生成两个证书文件:
|
||
|
|
|
||
|
|
> id_rsa 私钥
|
||
|
|
|
||
|
|
> id_rsa.pub 公钥
|
||
|
|
|
||
|
|
|
||
|
|
## 配置公钥
|
||
|
|
|
||
|
|
把公钥文件改名为authorized_keys:
|
||
|
|
```
|
||
|
|
cd ~/.ssh/
|
||
|
|
mv id_rsa.pub authorized_keys
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
## 禁用密码登陆
|
||
|
|
|
||
|
|
修改/etc/ssh/sshd_config文件,找到```PasswordAuthentication yes```,
|
||
|
|
把其中的yes改为no后保存。
|
||
|
|
|
||
|
|
```
|
||
|
|
vim /etc/ssh/sshd_config
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
## 复制私钥到本地
|
||
|
|
|
||
|
|
把~/.ssh/id_rsa的内容复制到本地保存,
|
||
|
|
下面以保存路径~/.ssh/为例。
|
||
|
|
|
||
|
|
|
||
|
|
## 重启sshd服务
|
||
|
|
|
||
|
|
在执行这个操作之前,请务必仔细确认修改正确,建议同时保持两个窗口连入服务器,
|
||
|
|
避免因为修改有误重启sshd服务后退出当前登陆就无法再次连进服务器。
|
||
|
|
|
||
|
|
```
|
||
|
|
systemctl restart sshd
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
## 在新命令行窗口登陆验证
|
||
|
|
|
||
|
|
保持修改配置的这个窗口连接状态不要退出,
|
||
|
|
在新的命令行窗口执行ssh远程登陆命令:
|
||
|
|
|
||
|
|
```
|
||
|
|
ssh -i ~/.ssh/id_rsa root@你的服务器ip
|
||
|
|
```
|
||
|
|
|
||
|
|
|
||
|
|
## 参考
|
||
|
|
> https://www.ssh.com/academy/ssh/keygen
|