安全密匙验证ssh
作者:互联网
密匙验证
加密是对信息进行编码和解码的技术,通过一定的算法将原本能被直接阅读的明文信息转换成密文形式。密匙即是密文的钥匙,有私钥和公钥之分。传输数据时,可以选择先用公钥对数据加密处理,然后再进行传送。这样,只有掌握了私钥的用户才能解密这段数据。除此之外的其他人即便截获了数据,也很难将其破译。简要说:使用公钥对数据进行加密,拥有对应私钥才能解密。
配置了密钥验证方式,sshd服务将更加安全。
1. 生成密匙对
在客户端中生成密匙对。在客户端!
zxinlog@rhel8 ~
$ ssh-keygen [15:28:41]
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zxinlog/.ssh/id_rsa): 密钥的存储路径,为空则直接enter
Enter passphrase (empty for no passphrase): 密钥的密码,或直接enter
Enter same passphrase again: 重复
Your identification has been saved in /home/zxinlog/.ssh/id_rsa.
Your public key has been saved in /home/zxinlog/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e2gOZThp47/UYmKs+s8VnNsIrHkhGRjGnRCZNWNbFXY zxinlog@rhel8
The key's randomart image is:
+---[RSA 2048]----+
| .=B=...+.E |
| .++o= . . |
| . o |
| + + . |
| o X S |
| B B O |
| o B @ + |
| = X o |
| .oo.o +. |
+----[SHA256]-----+
2. 传递公钥文件
zxinlog@rhel8 ~
$ ssh-copy-id 192.168.0.114 (也可以用户@ip地址来指定用户)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/zxinlog/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zxinlog@192.168.0.114's password: 此处输入服务器用户,什么用户就什么密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'zxinlog@192.168.0.114'"
and check to make sure that only the key(s) you wanted were added.
3. 让服务器只允许密钥验证,取消密码验证
zxinlog@server:~
▶ sudo vim /etc/ssh/sshd_config
取消密码验证
PasswordAuthentication no
重启ssh服务
systemctl restart sshd
标签:zxinlog,验证,密匙,rsa,ssh,key,id 来源: https://www.cnblogs.com/Z-xing/p/15875744.html