ssh-keygen -t rsa -b 2048 #-t 指定使用rsa加密,-b 指定key的大小,單位bit,key越大越安全,但會影響建立連線的初始時間
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa): <---詢問key存放位置
Enter passphrase (empty for no passphrase): <---輸入用來加密的密碼,不建議空白
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
3b:db:27:1e:d4:a8:7a:d5:3c:05:cb:09:3a:76:1c:a1 user1@ubuntu
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| .o . |
| Eo + + |
| + oo+ . |
| .Sooo.. |
| +. + |
| +.. . |
| ..+... |
| ....oo |
+-----------------+
2.指令會在使用者使用者家目錄下的.ssh內產生兩個檔案:id_rsa與id_rsa.pub,另外需注意,.ssh目錄權限必須為700,id_rsa檔案為600。
3.檢視ssh 伺服器上的sshd_config內AuthorizedKeysFile的設定值,這是設定公鑰要放置的位置與檔案名稱,一般應為%h/.ssh/authorized_keys,將公鑰放至指定的位置
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
必須確定.ssh目錄與authorized_keys檔案的擁有者與群組都必須與登入帳號吻合!
4.將id_rsa.pub檔案傳送到工作端上想登入ssh server的帳號家目錄.ssh資料夾下,可以使用scp來達成
cd ~
mkdir .ssh
chmod 700 .ssh
scp user@server:~/.ssh/id_rsa ~/.ssh/
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
必須確定.ssh目錄與authorized_keys檔案的擁有者與群組都必須與登入帳號吻合!
4.將id_rsa.pub檔案傳送到工作端上想登入ssh server的帳號家目錄.ssh資料夾下,可以使用scp來達成
cd ~
mkdir .ssh
chmod 700 .ssh
scp user@server:~/.ssh/id_rsa ~/.ssh/
5.測試可採用金鑰登入後,可取消ssh的密碼驗證,增加安全性
sudo vim /etc/ssh/sshd_config
PasswordAuthentication no
sudo vim /etc/ssh/sshd_config
PasswordAuthentication no
