最近換上了MACBOOK PRO做開發(fā),由于之前一直在WINDOWS下使用SSH客戶端,不用每次都輸入密碼,更換到MACOS后沒有好用的工具,最好用的還是Terminal, 因此想到配置SSH證書登錄。
本地機(jī)器:MacOs
遠(yuǎn)程服務(wù)器:CentOS 7
一、本地生成公鑰和私鑰
[user1@computer1]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
31:df:a5:73:4a:2f:a6:6c:1c:32:a2:f2:b3:c5:a7:1f user1@computer1
在當(dāng)前用戶的.ssh目錄下生成了id_rsa, id_rsa.pub兩個文件。
二、把公鑰復(fù)制到本地和服務(wù)器
#sudo vim /etc/sshd_config
設(shè)置
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
服務(wù)器端設(shè)置:
scp ~/.ssh/id_rsa.pub server_user@ipaddress:/tmp
cat /tmp/id_rsa.pub >> /home/server_user/.ssh/authorized_keys
注:如果服務(wù)器端沒有,ssh目錄,需要單獨(dú)創(chuàng)建此目錄。
三、設(shè)置權(quán)限和設(shè)置禁用密碼登錄
服務(wù)器端權(quán)限配置
chmod 700 .ssh
chmod 640 .ssh/authorized_keys
禁用服務(wù)器端密碼登錄
vim /etc/ssh/sshd_config
修改如下:
修改PermitRootLogin,確認(rèn)AuthorizedKeysFile
#LoginGraceTime
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
重啟服務(wù)器SSH服務(wù)
systemctl restart sshd
ssh server_user@ipaddress
無需密碼,直接登錄