1、使用密碼登錄到需要使用祕鑰登錄的賬戶,然後在服務器創建祕鑰
[root@ecs-326c-0001 ~]# cd .ssh/
[root@ecs-326c-0001 .ssh]# ll -a
total 8
drwx------ 2 root root 4096 Jul 9 11:35 .
dr-xr-x---. 7 root root 4096 Mar 21 11:21 ..
-rw------- 1 root root 0 Jul 9 11:35 authorized_keys
[root@ecs-326c-0001 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:cf:d7:a9:91:fa:ec:c2:2e:ce:71:1e:b2:0a:c6:6f root@ecs-326c-0001
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . |
| S |
| . o o . |
| + o.= + o |
| . oE..*o= o |
| .oo+o++= |
+-----------------+
2、在服務器上安裝公鑰
[root@ecs-326c-0001 .ssh]# cat id_rsa.pub >> authorized_keys
3、爲了確保連接成功,需要設置文件權限
[root@ecs-326c-0001 .ssh]# chmod 600 authorized_keys
[root@ecs-326c-0001 .ssh]# chmod 700 ~/.ssh
4、設置ssh,打開祕鑰登錄功能
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
去掉註釋#
RSAAuthentication yes
PubkeyAuthentication yes
5、重啓ssh服務
[root@ecs-326c-0001 ~]# systemctl restart sshd
6、拷貝私鑰到PC端,使用軟件導入祕鑰,然後測試登錄
7、祕鑰測試登錄成功之後,可以禁用使用密碼登錄,提高服務器的安全性
[root@ecs-326c-0001 .ssh]# vim /etc/ssh/sshd_config
修改爲no
PasswordAuthentication no