Hao's Blog
关闭linux主机弱口令密码登录添加ssh密钥对登录

ssh-keygen是命令
-b后边接要采用的字节长度;一般为1024,最短也要768。
-t即为加密的方式,我们选择RSA,还有其他的这里略过不讲

rot.com:~ r0uter$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
//提示正在生成密钥对
Enter file in which to save the key (/Users/r0uter/.ssh/id_rsa):
//这个在登录的时候也要输的密码短语,相当于多一遍验证。把私钥转化为ppk格式的也要输入这个密码
//接下来输入两次你的密码;①留空按回车则为免密码登录啦!
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/r0uter/.ssh/id_rsa.
Your public key has been saved in /Users/r0uter/.ssh/id_rsa.pub.
The key fingerprint is://你的key指纹
e0:e0:f0:40:8d:0f:c0:e0:00:12:c8:00:1e:fc:1d:4f r0uter@logcg.com
The key's randomart image is:
+--[ RSA 2048]----+
'                 '
'                 '
'.. .    .        '
'.o0 .. 0 .       '
'.o0000000        '
' . ..0000 .      '
'    .00000       '
'     000000      '
'     00000       '
+-----------------+

然后在服务器上,把这个** id_rsa.pub** 文件复制到ssh的相应目录里,然后改名为authorized_keys。

想要这对密钥登录哪个账户,就放到哪个账户下,比如我要自动登录root

mkdir ~/.ssh //如果当前用户目录下没有 .ssh 目录,就先创建目录
chmod 700 ~/.ssh
mv id_rsa.pub ~/.ssh
cd .ssh
mv id_rsa.pub authorized_keys
chmod 600 authorized_keys

关闭SSH弱口令登录

//ssh的配置文件
/etc/ssh/sshd_config

//修改其中的内容为
PasswordAuthentication no

//重启ssh服务
/etc/init.d/ssh restart

//为了避免Write failed: Broken pipe错误
ClientAliveInterval 60

多主机免密

将登录鸡的公钥复制到对应的服务器

ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.18.185