实现目的:
1、配置普通账号通过密钥验证远程SSH登录服务器
2、禁用root账号通过远程SSH登录服务器
3、禁用所有账号通过密码验证远程SSH登录服务器
具体操作:
使用root来示例
1、生成ssh密钥
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
Last login: Tue Jan 13 09:04:53 2015 from 192.168.16.107 [root@wlzs ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): <font color="#ff0000">#在此输入通行短语</font> Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 42:d4:6c:1e:2f:a5:f7:93:ac:ad:5a:1b:49:57:89:5b root@wlzs.com The key's randomart image is: +--[ RSA 2048]----+ | .o | | . = . . . | | .o = . E | | . + o + | | . So.oo. | | . . o= | | +o . | | ..o. | | ..o. | +-----------------+ |
2、创建验证文件(authorized_keys)
|
1 2 3 4 |
[root@wlzs ~]# cd .ssh/ [root@wlzs .ssh]# ls id_rsa id_rsa.pub [root@wlzs .ssh]# mv id_rsa.pub authorized_keys |
3、将生成的验证文件下载到主机
|
1 2 3 |
[root@wlzs .ssh]# sz id_rsa rz zmodem trl+C ? 100% 1 KB 1 KB/s 00:00:01 0 Errors |
4、使用secure crt连接
快速连接----写上主机名-----用户名------将公钥移到最顶端-----点选公钥------属性
使用会话公钥设置-----找到下载的id_rsa文件-----确定
5、连接时,输入通行短语即可
二〇一五年一月十三日 10:40:45
