CentOS 7 上创建SSH密钥
在生成新的SSH密钥对之前,最好检查 CentOS 客户端计算机上的现有SSH密钥。
请运行以下命令,该命令将列出所有公钥
ls -l ~/.ssh/id_*.pub
如果命令的输出返回类似cannot access /root/.ssh/id_*.pub: No such file or directory,则意味着您的客户端计算机上没有SSH密钥,您可以继续执行下一步并生成SSH密钥对。
1、首先生成一个新的4096位SSH密钥对,并将您的电子邮件地址作为注释:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
2、系统将提示您指定文件名:
Enter file in which to save the key (/home/username/.ssh/id_rsa):
按Enter键接受默认文件位置和文件名。
3、系统会要求您输入安全密码。 是否要使用密码短语取决于您。 如果您选择使用密码,您将获得额外的安全层。
Enter passphrase (empty for no passphrase):
如果您不想使用密码短语,请按Enter键
# 整个交互过程:
[root@liulihui /]# ls -l ~/.ssh/id_*.pub
ls: cannot access /root/.ssh/id_*.pub: No such file or directory
[root@liulihui /]# ssh-keygen -t rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RpNQDtJe92E5qovCrKhoO4CiN4Jn0Y3LT6SPbTKFg4E [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| ..o.. . |
| ..+... = |
| . . .=. + o |
|E . .. .. . |
|. + +. S. |
|+ o =oo.. |
|= =.+.. . |
|=+= O=o . |
|**+o.*+ |
+----[SHA256]-----+
[root@liulihui /]#
查看生成SSH密钥
[root@liulihui /]# ls ~/.ssh/id_*
/root/.ssh/id_rsa /root/.ssh/id_rsa.pub
查看生成SSH私钥
[root@liulihui /]# cat /root/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIJKgIBAAKCAgEAxjHraoiyeyFSY82RQLonNtowp/z/dtuprWmX99FaD6Yp8wZ7
679xzDjkCS3pYvoyCGPQ7QdhuCH/WOl24Bb3C6Vl9n7iOIwCIKgdRxyCL54gJAQo
QumnhGIG2DrXpSIWCslNDmFtmXGfPO2jcVjg5d3KzzuuINorEkNbs62bUwDzz90u
pF3GqNXQlb9+5NtIwpalp6scwUtW2qhM4rBhsAA/CupIiJLtJcfk6CeOUO+ODR5t
ENFJGhrKT0Tr7yJaDUg+TVYVZxrWsk2N4wyCLx26i4ij5l+5zzT4iz/cW5z9Zgk1
Bs/kCj5kb2Tuzrm6UUWKm1E5ivpikT3KWlL0YHOigl4x84whcPASzPhmo9GKHyxM
p/ojYHFMAk31GV7gIsBaV6JeVJa+zeKHJssSde8D6MEQ/UOKppdvkxUyQ0F2TMzJ
8uax9dGfXkowSjJDD3q2Voh/z7sXcL/s9pSKWfJjnnOloRE8CHK9eC0qMd+dliBl
4cx+OzPdHX55Am22oVRUrr2j5eCcZUEXjHa6yh+OBJcVaPjP6cn+OX0+sSEfjltT
D4/CQ9bE0YF1b+GvR5I1c29+X4rOuYftNDmCl/PnMZcpFStS17LYyEOuUTQ/w693
HCB/HfoOrYMFNPsFn9VOuO9vdm18zd73CegVm6nORazjWEPiodRnXPXObIMCAwEA
AQKCAgEAn2UYYvaLLFGxNEjoT7kmvoud5Ayp3ApvnOK2cHzzRHCrfiMx2HiAafE7
HFLLR2nWgT7dkTOFmJPnC7e/fhuaFciwhxymjTm0oFT0LvOzk95FFRIu2xmVOven
b5FrSwht18DrcuxSO7zQhyzLbOZBAT1t1Vq3AP7U8vwvLQMrTwcODpdg4pn0omZL
OZPn1uCw1KZZlc4c8yvHL1V5eDrIZcbc7MddDFG13dO0uizN3TO797sHliXq986h
9DyGzyy+Zb47NPFNhz1je8S5nue5b3EmTP/YaPeFtSpx1XPHofpRJRW0isT5Lm/d
UGVJVgKy4JfgEGezsp0KVqruKdRbaiYzlaEfu8eu+GT9fx/lbNX/dpOsFjNIu+YW
0m+smCsSKzZhOrx8RByuE3Fuh0ypiQp7c54ku1CdjDY1PPsAR7zzRV0HslUD46Re
R7SfjOjRCpeySgeSB0LZpnAPygSblFY46akkrIEfGI8Y/cRDljgrgbWjSmmIP+KW
vFWHPNXmwWG+OUIvsO4iBAFd+itJ6djpIlAJflWesYo0fR0VQ0vquPXZki7lUY7+
HEvfwEkG6BaeQ0F3YN9IiCNSuvtHA4zwcILDZzxfLVxnC0AwYJtlPZN0bHm16Sir
8O4rpFeRpux1iNUt/1u17uF1nTGGoqnm6t2mF71PY2mjp/yRSBkCggEBAPtw0Qdr
dO8YVf6rIOHDsOgR9VGEiVutFU9DgbKJ+klX/UmcKux59QOJLO03yfGbaPsfBN1R
5hRjScHqrbvYUgTDi997uGjgeIaQuDYxUEqGZVHEk+aKh/7QGy0DzXMR9g8LA0BH
f6swP+oMuk6MjbwDpNqn76Zgc+zIXOK69LVWIuYmffWr1QPYKGna6Wmw/c/HHOOH
Ebp55Q4cO5IUjwmhE3BD+Ssjep7dF31I3uJTQmw1bcBgSz3vtI8F4RnK3wOmpQX6
cwckyLY1I/GEjAA2ZERvnnZF1JbNxzRrZklxlGzVV0eWUbb1EGACiqWqVQrIelbF
P0Y4o0grEvdxfH0CggEBAMnJ7/3IbZtdr3O4Se959O4y3YVN5ww8giZFGKPG+oCk
eeBkHCi7X0YvhdlAQ3I7/E67oRBHaS8U4edQKX866Xb31rCd1+PeVoSoQJS9hSef
Me4XmlHk91td1yRELSVFOzOcwsQNbDjpV/dcOFpqR82VoUf4qtG7VD1NAwguyKIN
FSHYIO97NJO4x3utSJyO/Le989VcqUOHLkCcaIrcusMhzbaf5mN+76pKQo63T9Oq
IqSHdN4snWHVCoATXyjbz6F8TtQLajuoJrhszEEgYLeSIyw/RjndLun8wKAl0ZyZ
zDoo+MTu2M8A4bLJeGQTBcRyuqZTsXOO7+YZoYpo3P8CggEBAKtSDTrO/tfCbyWc
mET7v1gAlHQ8qBKs9i4RwxdRaBX9O/mhzKVf24/TMadYMeLLj1Y7pmbeXLRbim/0
ZPfuxsO0MWPOurHK8JRPmxRhuWFt/S8fj96vWUZHqZycUKos/Mj3KfnsPZL4xzPE
BFVs80299d9+OY3VfmdBhfh+hingTNsgMwbnU7bQ24h0vkFjdSzTcF2fNHcogueA
WR6Jn4RiGgqOZgH8pJoF7vFQa30uWb29EdDYS6wh3Zbt3JhkYFvuedZ+9U1SxOdR
gfIX7ARhCySOIRxZLCasgyS2YPV9zDHzkwqV44uTotqoIKwMSPGV87WXpCtGgAq2
PrAWxUkCggEAByr9M26jNhml2d56Ad+7K5ry84FI685acTGTJn4y987f5XCo72l4
gO2/O3Bk9PHcjI9tsT5YJiv/uk/GqZZWJLu5DJ0OxjFnsV6orJ/u0vF8vJBqEu6n
Or+inM8vK1vCNpsi8APqDDt9vHOyLMQJuOvPxta2eqzE2UibCvdeeSMt1P3wbZFa
1MSDkYkeQzFxGLXOq42XFab/pZvousYMfFH/FLWpYW9o5AuvQZKRa1tnz6BgLmQ3
UvpWXSZTAwiL35ii1DVzmJrohTSYLNgRl3PBfBjjTbrlp7oqvYWaZI2yC37ZF2XE
ndXSLp+pfySN1+SbbL0cWJaDPxE6A8il0QKCAQEAym74/0nG3sdLPZ4Q+vmGqFq8
8fih1a0mcDbPrCnMQ/GzQpQ/ky5Gtk0MBTn2nSeM1q+zYfsmkl1JJzNAK2v5s0O7
3MkRLPBopcjLaQkOPJg8mLmEn3c4o5bmSVgs3ggtcgxUkLkAVBrtFxlmJTSJF/ue
kex71pBw3EZf7MX2uslArEfqcjgLLUUB0hOuqg/stZK5eZiNrRaLe7/7mrjMSuag
rCoTlMJFQ0bCaPigWbnQ57RqRfBSMZvuRnQUwdDFqVEqMH0VXEE3bbh3ptedPhfO
Q258R8FtSMC9Ye10wIAtATgshjQFbvLGOQvCTZc42ZXpaTgdZnt1fOuXlX/txg==
-----END RSA PRIVATE KEY-----
既然已生成SSH密钥对,下一步是将公钥复制到要管理的服务器。
将公钥复制到远程服务器的最简单和推荐的方法是使用名为ssh-copy-id的实用程序。 在您的本地机器终端类型:
[root@liulihui /]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
如果本地计算机上没有ssh-copy-id实用程序,请使用以下命令复制公钥:
cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
使用SSH密钥登录服务器
完成上述步骤后,您应该能够登录到远程服务器而不会被提示输入密码。
要验证它,请尝试通过SSH登录到您的服务器:
ssh [email protected]
如果您没有为私钥设置密码,则会立即登录。 否则,系统将提示您输入密码。
# 测试
[root@liulihui ~]# ssh [email protected]
Last login: Thu Jan 5 00:56:46 2023 from 192.168.133.128
[root@liulihui ~]#