1、生成密鑰
>ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
73:37:d0:8b:0f:9d:31:56:84:1d:fe:1e:bc:c1:5d:f2 username@mdt-9323e858fb8
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
73:37:d0:8b:0f:9d:31:56:84:1d:fe:1e:bc:c1:5d:f2 username@mdt-9323e858fb8
輸入ssh-keygen -t rsa表示生成RSA密碼,可以存放位置,如果不輸入位置,使用默認值,home下的本用戶名下的.ssh下,中間出現要求輸入密碼的,可以輸入,也可以不輸入,如果輸入則要記住該密碼
這樣在/home/username/.ssh/下生成兩個文件id_rsa及id_rsa.pub,其中id_rsa是私鑰,id_rsa.pub是公鑰,私鑰是客戶端用的,公鑰該名稱id_rsa.pub爲authorized_keys
另:用winscp裏的putty也可以生成公鑰和私鑰,圖形化界面生成,比較簡單。
2、修改openssh服務器端配置
在安裝位置的etc目錄下找到文件sshd_config,例如我的文件位置在/etc/sshd_config,修改以下兩項
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
第一個參數用於說明公鑰文件位置,第二個是強制使用密鑰訪問,而不是用戶名及密碼,當然第二個參數可以保持yes,這樣可以有兩種方式訪問。
3、重啓openss
net stop opensshd
net start opensshd