背景
服务器如果是密码登录很容易被人攻破,为了避免这种情况,可以采取密钥的登录方式并且把密码登录给关闭掉。
参考文章
服务器上生成密钥对将私钥给客户端
#生成密钥对
[root@czf ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 、
---密钥对默认下载路径,想改可以在这改
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pc4vl2AustUwtS0fmZXCT56h8b6v48TPEn+laDxHuy4 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| . . |
| . = = |
| . = % o |
| o S * = |
| *oo +. . .|
| .o+..o+= o.|
| ... o.o.E+= .|
| .o . o.o+X*o |
+----[SHA256]-----+
# 进入密钥存放的文件夹
[root@czf ~]# cd /root/.ssh
[root@czf .ssh]# ll
总用量 8
-rw-------. 1 root root 1675 10月 27 20:10 id_rsa
-rw-r--r--. 1 root root 390 10月 27 20:10 id_rsa.pub
[root@czf .ssh]# ls
id_rsa id_rsa.pub
# 将公钥添加到 authorized_keys 文件
[root@czf .ssh]# cat id_rsa.pub >> authorized_keys
# 进入sshd_config 文件的所在文件夹
[root@czf .ssh]# cd /etc/ssh
[root@czf ssh]# ls
moduli ssh_config sshd_config ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
#修改配置文件,将其修改为密码不可以登录 PasswordAuthentication no;注意一定在确认密钥可以成功登录之后再改这个配置
[root@czf ssh]# vim sshd_config
# 刷新配置
[root@czf ssh]# systemctl restart sshd