主機A使用ssh登入到主機B
- 1、主機A操作如下
[[email protected] .ssh]# ssh-keygen #生成秘鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #直接回車,預設存放路徑
Enter passphrase (empty for no passphrase): #設定秘鑰密碼,直接回車代表無
Enter same passphrase again: #再次設定秘鑰密碼,直接回車代表無
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l5zUtKOC1v7BAeG2O7m64ZVGBnye4gZTdVLzvovRpA8 [email protected]
The key's randomart image is:
+---[RSA ]----+
| +.+ . |
| . o + = . |
| + = . = |
| . B * = . |
| o + S B o |
| = = B = . |
| + O E o |
| o + + * . |
| +o. o o |
+----[SHA256]-----+
[[email protected] .ssh]# ssh-copy-id [email protected] #将秘鑰傳輸到主機B(root為主機B上的使用者,192.168.10.158為主機B的位址)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added:
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[[email protected] .ssh]# ssh [email protected] #使用ssh進行登入主機B
Enter passphrase for key '/root/.ssh/id_rsa': #因為我設定了秘鑰密碼,是以此處需要輸入秘鑰密碼,否則會直接進入系統
Last login: Sun Sep :: from
[[email protected] ~]#
- 2、主機B上進行檢視(/root/.ssh目錄下的authorized_keys檔案)
[[email protected] ~]# cd /root/
[[email protected] ~]# ll -a
總用量 40
dr-xr-x---. 6 root root 253 9月 1 19:29 .
dr-xr-xr-x. 17 root root 224 5月 14 12:45 ..
-rw-------. 1 root root 1783 5月 14 12:46 anaconda-ks.cfg
-rw-------. 1 root root 305 9月 1 19:59 .bash_history
-rw-r--r--. 1 root root 18 12月 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 12月 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 12月 29 2013 .bashrc
drwx------. 4 root root 31 5月 14 13:02 .cache
drwx------. 4 root root 30 5月 14 13:02 .config
-rw-r--r--. 1 root root 100 12月 29 2013 .cshrc
drwx------. 3 root root 25 5月 14 12:52 .dbus
-rw-r--r--. 1 root root 1831 5月 14 12:53 initial-setup-ks.cfg
drwx------. 2 root root 29 9月 2 14:29 .ssh
-rw-r--r--. 1 root root 129 12月 29 2013 .tcshrc
-rw-------. 1 root root 595 9月 1 19:16 .viminfo
-rw-------. 1 root root 108 5月 14 13:02 .xauthBwvZib
[[email protected] ~]# cd .ssh
[[email protected] .ssh]# ll -a
總用量 4
drwx------. 2 root root 29 9月 2 14:29 .
dr-xr-x---. 6 root root 253 9月 1 19:29 ..
-rw-------. 1 root root 402 9月 2 14:29 authorized_keys
- 擴充
1、隻許秘鑰驗證,拒絕傳統密碼驗證
[root@B .ssh]# vi /etc/ssh/ssh_config #修改主機B的ssh配置檔案
PasswordAuthentication yes #将yes修改為no
2、在主機B上将主機A登陸的會話踢除
[root@B ~]# w
:: up day, :, users, load average: , ,
USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
guest : : May18 ?xdm? : s /usr/libexec/g
guest pts/0 :0 14May18 111days 0.60s 4.02s /usr/libexec/g
root pts/ Sat11 s s s w
root pts/ : s s s -bash
[root@B ~]# pkill -kill -t pts/2 #将ssh登陸的使用者踢除
[root@B ~]# w
:: up day, :, users, load average: , ,
USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
guest : : May18 ?xdm? : s /usr/libexec/g
guest pts/0 :0 14May18 111days 0.60s 4.02s /usr/libexec/g
root pts/ Sat11 s s s w
[root@B ~]#