openssh中使用公钥验证 -[转]
默认的情况下ssh是要输密码的,当然ssh也提供其他的验证方法,公钥认证就是其中的一种。
1. 首先,在客户端生成一个对钥:
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fa:49:6c:0a:90:0e:0f:57:2e:21:79:f6:65:7f:8d:42
这里我们用的是rsa算法,我们也可以使用dsa算法:
ssh-keygen -t dsa
从上面可以看到,提示输入私钥的保护密码,我们也可以不选,直接ENTER就行了!
现在密钥已经生成:
id_rsa(私钥) id_rsa.pub(公钥)
如果是dsa算法生成的话:
id_dsa id_dsa.pub
2. 我们将公钥传到服务器的.ssh目录下.
scp id_rsa.pub user@hostname:/home/user/.ssh/authorized_keys
3. 将/etc/ssh/sshd_config
中的rsa认证功能打开.(去掉注释)
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
然后重新启动sshd就行了.
如果是dsa算法的话同理.
4. 将/etc/ssh/ssh_config中的如下选项打开:
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
其中第4步是原作者忘了写的,我给加上了。
1. 首先,在客户端生成一个对钥:
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fa:49:6c:0a:90:0e:0f:57:2e:21:79:f6:65:7f:8d:42
这里我们用的是rsa算法,我们也可以使用dsa算法:
ssh-keygen -t dsa
从上面可以看到,提示输入私钥的保护密码,我们也可以不选,直接ENTER就行了!
现在密钥已经生成:
id_rsa(私钥) id_rsa.pub(公钥)
如果是dsa算法生成的话:
id_dsa id_dsa.pub
2. 我们将公钥传到服务器的.ssh目录下.
scp id_rsa.pub user@hostname:/home/user/.ssh/authorized_keys
3. 将/etc/ssh/sshd_config
中的rsa认证功能打开.(去掉注释)
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
然后重新启动sshd就行了.
如果是dsa算法的话同理.
4. 将/etc/ssh/ssh_config中的如下选项打开:
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_dsa
其中第4步是原作者忘了写的,我给加上了。
