[root@rhel7 ~]# ssh-keygen --在客户端主机中生成“密钥对”
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
:ed::f4:f6:dc::0e:9a:6c::b0:f5:2e:: root@rhel7.rusky.com
The key's randomart image is:
+--[ RSA ]----+
|E.o . |
|.+ + . o |
|+ . + = + |
| o o * * + |
| . * . S . |
| o . . |
| |
| |
| |
+-----------------+
[root@rhel7 ~]# ssh-copy-id 192.168.1.8 --把公钥传送到远程服务器中
The authenticity of host '192.168.1.8 (192.168.1.8)' can't be established.
ECDSA key fingerprint is :b8:f6:7c:::bb::7d:3e::6a::a0:c1:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.8's password: Number of key(s) added: Now try logging into the machine, with: "ssh '192.168.1.8'"
and check to make sure that only the key(s) you wanted were added. [root@rhel7 ~]# ssh 192.168.1.8 --在客户端主机尝试登陆到服务端主机,此时无需输入密码口令也可直接验证登陆成功
Last login: Sun Aug :: from 192.168.1.99
[root@victory ~]#
另外,还可以设置服务器主机只允许密钥验证,拒绝传统口令验证方式,记得修改配置文件后保存并重启sshd服务程序。
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
#PasswordAuthentication yes
#systemctl restart sshd