最近換上了MACBOOK PRO做開發,由于之前一直在WINDOWS下使用SSH客戶端,不用每次都輸入密碼,更換到MACOS后沒有好用的工具,最好用的還是Terminal, 因此想到配置SSH證書登錄。
本地機器:MacOs
遠程服務器:CentOS 7
一、本地生成公鑰和私鑰
[user1@computer1]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
31:df:a5:73:4a:2f:a6:6c:1c:32:a2:f2:b3:c5:a7:1f user1@computer1
在當前用戶的.ssh目錄下生成了id_rsa, id_rsa.pub兩個文件。
二、把公鑰復制到本地和服務器
#sudo vim /etc/sshd_config
設置
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
服務器端設置:
scp ~/.ssh/id_rsa.pub server_user@ipaddress:/tmp
cat /tmp/id_rsa.pub >> /home/server_user/.ssh/authorized_keys
注:如果服務器端沒有,ssh目錄,需要單獨創建此目錄。
三、設置權限和設置禁用密碼登錄
服務器端權限配置
chmod 700 .ssh
chmod 640 .ssh/authorized_keys
禁用服務器端密碼登錄
vim /etc/ssh/sshd_config
修改如下:
修改PermitRootLogin,確認AuthorizedKeysFile
#LoginGraceTime
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
重啟服務器SSH服務
systemctl restart sshd
ssh server_user@ipaddress
無需密碼,直接登錄