通过公钥远程登录sshd认证

一、root账号使用ssh-keygen 生成密匙

[root@vmware ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a8:::::::cf:c7::3c:bd:::2b: root@vmware
The key's randomart image is:
+--[ RSA ]----+
|        oooE.  o.|
|       o + o.. .+|
|      + o +.+.++.|
|       = . ..o..o|
|      o S      . |
|     o           |
|    .            |
|                 |
|                 |
+-----------------+
[root@vmware ~]#

二、发布公钥  -i 指定本地公钥存放路径

[root@vmware ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.113 -p36000
The authenticity of host '[10.0.1.113]:36000 ([10.0.1.113]:36000)' can't be established.
ECDSA key fingerprint is :6b::8a::4c::d8:ff:c6:::::d1:ff.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.1.113's password:   

Number of key(s) added: 

Now try logging into the machine, with:   "ssh -p '36000' 'root@10.0.1.113'"
and check to make sure that only the key(s) you wanted were added.

三、直接登录

[root@vmware ~]# ssh root@10.0.1.113 -p36000
Last login: Thu May  ::  from 10.0.5.134
[root@yzh-jkb-privatization ~]#

四、直接查看拷贝过去的文件，会将id_dsa.pub 重命名为：

[root@yzh-jkb-privatization /]# ls /root/.ssh/authorized_keys
/root/.ssh/authorized_keys

[root@yzh-jkb-privatization .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/mi0jrbM13E8f89yFy+Mro2u+VYoSAiXgoOMrm2eZlss6nHdp8oV/qGTGucNPPVGGB6rHm6fvl/Z75u2CExJWUw3bSvevHieV3dfHngPHANDnxM6JXtr6DBjKVcKm3Bv+QlpvUJ/LJixnsTE4rgX4G1OWCP92q77eM0LEhD8eZllXCC/AkLxxxxxxxxxVNZehmR5BhJ/d4/Ad26idABX67dsQHZ1BxAha1AFF9uwZeNw1oJWqahkXFY8l+3YEWkrqBZsDZ67A81DmTBV7bbqwcqicHejHbScN101tg973XACGkXQxugPkGJxozn64CCs0dIt+Dk7qe4HYbTtE37
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCntTKU2jJhHWNt3PfMM2443B+t5R4mrgVQ3UoqRoSaSVMaLkSOpxl9NW2KPYf0U3MueV0rPpW1MnzL1YYITKqvhvrq0ae5ByRsdoEJK62tJc5RrPt2RHRdN1hrImz3Bmpc5mC9bAvqESzeTvMRhHZe/rL1WDZ4qDV1DGKCaxxxxxxxxEflwNVzUTAGXPQcKg54adnF4GYCEArzFd1PbGK6M24pjlQ3lBEyvMtZf2N8Jl/Q8bScbMCO2Fm/bjHyB33ix2RjCfvdF8hWY0weVgtdC6U+uRf1EGjTsEjU16EyfkmaoD+IYnlqF/ffSBHsr128cQaZhv+Af admin@steven.local
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDK5fz2aaIL3FgYETzFemnzoemZhJ6VBE/+HfDvrNgAqkjr/FlPrJWO1iObpIBLgxxxxxxxg6X1l6oTONXc8W1G4bFDnAuw1r/ZY1uVPi/sadqEl7jPE8XLqeV70L7E5wDyrkq2H2sZr8rA4hQ/f+l12jLaG0b3pd2U7rA7ylazsd3eYxpik5B4/arepf/exy/zEyTQkTXo7OVbFae0fWn/yThlu6UA1cqIankYsX3toy5FhO1LO21dEFiWgJ+wcykQiE7fndErX+Ht9vX1T80oPqNSBFFRELUVHGP42R4JtVzFdjlrcwpAcdFJ9Ry8LutUEdGGl2xHM9Ki7Ld9+Z root@vmware

五、普通用户登录

1、本机创建用户  useradd username

2、echo xxx密码   | passwd --stdin username

3、ssh-copy-d -i /root/.ssh/id_rsa.pub username@10.0.1.113

六、把文件从远程主机 copy 到当前系统

[root@vmware ~]# scp -P36000 root@10.0.1.113:/jkb-install-.tar.gz /
jkb-install-.tar.gz                              %   47MB   .3MB/s   : ETA

拷贝目录  加 -r 参数

七、服务端配置

[root@vmware ~]# cat /etc/ssh/sshd_config

1、说明

#Port           # 默认  不是注释
Port         # 可以添加多个端口号

#ListenAddress 0.0.0.0   #设置sshd服务器绑定的ip地址，0.0.0.0 表示监听多有地址
ListenAddress 10.0.1.119  # 只允许此ip访问

#Protocol       # 协议，如果用1，在后面添加      ,

#LogLevel INFO            # 日志记录登记 info级别以上
#PermitRootLogin yes   # 默认允许root用户登录

PasswordAuthentication yes   # 密码验证
#PermitEmptyPasswords no   # 允许密码为空  no

#LoginGraceTime 2m             # 登录时输入密码时间，如果超过改时间，强迫断线，无单位时为s

#PrintMotd yes    # 登录后是否显示一些信息，打印的是/etc/motd 这个文档的内容。

#UseDNS yes   #判断客户端来源是否正常合法，因此会使用DNS反查客户主机名，如果在内网连接，设置为no  联机速度会快一些

UsePrivilegeSeparation sandbox
# 是否权限较低的程序提供用户操作，当普通用户登录，这个值会让sshd产生一个属于自己的sshd程序来使用，而不是root的程序，相对系统来说较为安全。

2、日志存放目录/var/log/secure

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

3、