其他分享
首页 > 其他分享> > 安全密匙验证ssh

安全密匙验证ssh

作者:互联网

密匙验证

加密是对信息进行编码和解码的技术,通过一定的算法将原本能被直接阅读的明文信息转换成密文形式。密匙即是密文的钥匙,有私钥和公钥之分。传输数据时,可以选择先用公钥对数据加密处理,然后再进行传送。这样,只有掌握了私钥的用户才能解密这段数据。除此之外的其他人即便截获了数据,也很难将其破译。简要说:使用公钥对数据进行加密,拥有对应私钥才能解密。

配置了密钥验证方式,sshd服务将更加安全。

1. 生成密匙对

在客户端中生成密匙对。在客户端!

zxinlog@rhel8 ~
$ ssh-keygen                                                                                         [15:28:41]
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zxinlog/.ssh/id_rsa):  密钥的存储路径,为空则直接enter
Enter passphrase (empty for no passphrase): 密钥的密码,或直接enter
Enter same passphrase again: 重复
Your identification has been saved in /home/zxinlog/.ssh/id_rsa.
Your public key has been saved in /home/zxinlog/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e2gOZThp47/UYmKs+s8VnNsIrHkhGRjGnRCZNWNbFXY zxinlog@rhel8
The key's randomart image is:
+---[RSA 2048]----+
| .=B=...+.E      |
| .++o= . .       |
|  . o            |
|     + + .       |
|    o X S        |
|     B B O       |
|    o B @ +      |
|     = X o       |
|  .oo.o +.       |
+----[SHA256]-----+

2. 传递公钥文件

zxinlog@rhel8 ~
$ ssh-copy-id 192.168.0.114 (也可以用户@ip地址来指定用户)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/zxinlog/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zxinlog@192.168.0.114's password: 此处输入服务器用户,什么用户就什么密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'zxinlog@192.168.0.114'"
and check to make sure that only the key(s) you wanted were added.

3. 让服务器只允许密钥验证,取消密码验证

zxinlog@server:~                                                                                                  
▶ sudo vim /etc/ssh/sshd_config

取消密码验证
	PasswordAuthentication no
	
重启ssh服务
systemctl restart sshd

标签:zxinlog,验证,密匙,rsa,ssh,key,id
来源: https://www.cnblogs.com/Z-xing/p/15875744.html