SSH-只用密钥登录

补充更新：

centos更新openssh后不再支持ssh 第一版协议，所以第一版协议的配置信息也不需要了。

#这些配置信息都属于第一版协议，现在已经不需要了。
RSAAuthentication yes 
#指定公钥数据库文件
AuthorsizedKeysFile .ssh/authorized_keys

提示：
密钥会生成两个文件 [私钥 (id_rsa) 与公钥 (id_rsa.pub)] ，建议设置并牢记passphrase密码短语。

Linux：

ssh-keygen -t rsa

Windows：SecurCRT/Xshell/PuTTY

SSH-2 RSA 2048

一、创建密钥

#生成SSH密钥对
ssh-keygen -t rsa
Generating public/private rsa key pair.
#建议直接回车使用默认路径
Enter file in which to save the key (/root/.ssh/id_rsa): 
#输入密码短语（留空则直接回车）
Enter passphrase (empty for no passphrase): 
#重复密码短语
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
aa:8b:61:13:38:ad:b5:49:ca:51:45:b9:77:e1:97:e1 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|    .o.          |
|    ..   . .     |
|   .  . . o o    |
| o.  . . o E     |
|o.=   . S .      |
|.*.+   .         |
|o.*   .          |
| . + .           |
|  . o.           |
+-----------------+

二、复制密钥对

#复制公钥到无密码登录的服务器上,22端口改变可以使用下面的命令
#ssh-copy-id -i ~/.ssh/id_rsa.pub “-p 10022 user@server”
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

或者也可以手动在服务器端建立目录和authorized_keys，注意修改权限。
也或者, you can paste in the keys using SSH （下面是一行命令）

cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

No matter which command you chose, you should see something like:
The authenticity of host ‘12.34.56.78 (12.34.56.78)’ can’t be established.
RSA key fingerprint is b1:2d:33:67:ce:35:4d:5f:f3:a8:cd:c0:c4:48:86:12.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘12.34.56.78’ (RSA) to the list of known hosts.
[email protected]’s password:
Now try logging into the machine, with “ssh ‘[email protected]′”, and check in:

  ~/.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

三、修改SSH配置文件 （测试效果 成功）
提示:
1、RSAAuthentication    yes;这个配置好像没有了
2、PermitRootLogin     yes; 表示 root 用户 可以 通过 SSH 登录：不是一定要修改的。

#编辑sshd_config文件
vim /etc/ssh/sshd_config
#禁用密码验证
PasswordAuthentication no
#启用密钥验证
RSAAuthentication   yes
PubkeyAuthentication   yes
#指定公钥数据库文件
AuthorsizedKeysFile  .ssh/authorized_keys

其实可以直接用命令行 来修改 ssh 的配置值。

sed -i "s/^PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config
sed -i "s/^#RSAAuthentication.*/RSAAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
sed -i "s/^#AuthorizedKeysFile.*/AuthorizedKeysFile .ssh\/authorized_keys/g" /etc/ssh/sshd_config