1、创建公私钥
[root@module ~]# ssh-keygen #创建公私钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:59oCwejzMbYMP1IBjSUvpYPpnqWWn6FRe4eqkeKcCjs root@module
The key's randomart image is:
+---[RSA 2048]----+
| .+o |
| oo=. |
| o ++. |
| . .o+ |
| ..o oS . |
| . B+.*. o |
|o X oOo=. . |
|E+.=.=*..o |
|+=o.+. .... |
+----[SHA256]-----+
[root@module ~]# ls /root/.ssh/id_rsa #查看有无创建公私钥
id_rsa id_rsa.pub
#此时在/root/.ssh/目录下生成了2个文件,id_rsa为私钥,id_rsa.pub为公钥。私钥自己下载到本地电脑妥善保存(丢了服务器可就没法再登陆了),为安全,建议删除服务器端的私钥。公钥则可以任意公开。
[root@module ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys #将公钥导入到VPS2、修改SSH配置文件/etc/ssh/sshd_config
[root@module ~]# vim /etc/ssh/sshd_config #修改配置文件
找到如下行改成如下配置
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
修改完成后保存退出,重启ssh服务
[root@module ~]# systemctl restart sshd
#此时VPS已经支持使用SSH私钥证书登录3、关闭root用户使用密码用户登录
使用SSH Key登录验证成功后,还是为了安全,建议你关闭root用户使用密码登陆,关闭的方法如下:
[root@module ~]# vim /etc/ssh/sshd_config #修改配置文件
PasswordAuthentication no
[root@module ~]# systemctl restart sshd #重启服务
