实验环境

　　系统：CentOS 6.5

　　加密算法：RSA

　　两台服务器：服务端、客户端

　　服务端用户名：lisi

　　客户端用户名：zhangsan

　　让两台服务器互相登录不需要密码登录，实现直接免密登录。
 

双向公钥和私钥验证图

　　OpenSSH安装包

　　默认安装Linux系统时自动安装，若未安装，安装光盘中的如下rpm包：

　　openssh-clients-5.3p1-94.el6.x86_64

　　openssh-askpass-5.3p1-94.el6.x86_64

　　openssh-server-5.3p1-94.el6.x86_64

　　openssh-5.3p1-94.el6.x86_64

　　服务名称：sshd

　　服务端主程序：/usr/sbin/sshd

　　服务端配置文件：/etc/ssh/sshd_config

　　客户端配置文件：/etc/ssh/ssh_config

　　28.128配置创建公钥和私钥对

　　在客户端创建公钥私钥

　　[root@localhost ~]# useradd zhangsan

　　[root@localhost ~]# passwd zhangsan

　　更改用户 zhangsan 的密码 。

　　新的 密码：

　　无效的密码： WAY 过短

　　无效的密码： 过于简单

　　重新输入新的 密码：

　　passwd： 所有的身份验证令牌已经成功更新。

　　[root@localhost ~]# su - zhangsan

　　[zhangsan@localhost ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/zhangsan/.ssh/id_rsa): #提示文件放到这里行不行，不修改回车就行。
Created directory '/home/zhangsan/.ssh'.
Enter passphrase (empty for no passphrase):   #回车
Enter same passphrase again:   #回车
Your identification has been saved in /home/zhangsan/.ssh/id_rsa.       #私钥位置
Your public key has been saved in /home/zhangsan/.ssh/id_rsa.pub.    #公钥位置
The key fingerprint is:
3e:57:cf:9a:d6:6f:1d:36:71:c1:f4:3a:94:9d:61:40 zhangsan@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|            .E++ |
|              .=+|
|              o.+|
|             . o.|
|        S   . o o|
|       .   . o = |
|        o .  .+ +|
|         o  .o. o|
|           .o  o.|
+-----------------+
 

[zhangsan@localhost ~]$ ssh-copy-id -i /home/zhangsan/.ssh/id_rsa.pub lisi@192.168.28.128
The authenticity of host '192.168.28.128 (192.168.28.128)' can't be established.
RSA key fingerprint is e2:e9:fc:57:50:d3:2d:16:4a:a1:9c:15:08:0d:70:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.28.128' (RSA) to the list of known hosts.
lisi@192.168.28.128's password:   #输入用户密码
Now try logging into the machine, with "ssh 'lisi@192.168.28.128'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
 

　　开启密钥验证配置文件/etc/ssh/sshd_config

　　#RSAAuthentication yes #启用RSA算法

　　#PubkeyAuthentication yes #启用密钥对验证

　　#AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置

　　服务端：

　　[lisi@www ~]$ ll .ssh/

　　总用量 4

　　-rw-------. 1 lisi lisi 412 5月 28 20:53 authorized_keys

　　[lisi@www ~]$ cat .ssh/authorized_keys

　　ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqWHpmYbHdB5G8yb0CtbowBHNPKi8o9SwDNLfmy0C0sG/tROvM2yHTbwQiFpan4yiRYOHGPCajMnsuywFo0waxT2CkhkZB3k9bvDKkfuUhvA/O7zl2GRh4yKSsGmAMU/OEA80oPv2AeSu41LNCgQ3FeItZwLwzq7EvD40yOJLuzCM7EG8gwsg5RF8OCJAIA7oJSyEhg3+HUppmtf6QJX6dNnb/uvoalAbjLrN+aJuiokaFi76OiMVKQYYw82Wof3p/XJre+tkm2DLhZSyZpvBfsZhPiKMxTVOnKyhx7z2wkQkh9bdHo+9uG7HTgeUN2blg90rhq9hpBwwZnMzz+SB2w== zhangsan@localhost.localdomain

　　28.100服务器配置生成公钥和私钥

　　[root@www ~]# useradd lisi

　　[root@www ~]# passwd lisi

　　更改用户 lisi 的密码 。

　　新的 密码：

　　无效的密码： WAY 过短

　　无效的密码： 过于简单

　　重新输入新的 密码：

　　passwd： 所有的身份验证令牌已经成功更新。

　　[root@www ~]# su - lisi

[lisi@www ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lisi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lisi/.ssh/id_rsa.
Your public key has been saved in /home/lisi/.ssh/id_rsa.pub.
The key fingerprint is:
b3:55:1b:8f:5f:47:e7:6f:e3:0c:e9:ef:30:2b:bc:2e lisi@www
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|            o   o|
|           . = o.|
|        S . o . +|
|         +   ...o|
|        . .  =..o|
|         E o. B..|
|          ooooo= |
+-----------------+

[lisi@www ~]$ ssh-copy-id -i /home/lisi/.ssh/id_rsa.pub zhangsan@192.168.28.100
zhangsan@192.168.28.100's password:
Now try logging into the machine, with "ssh 'zhangsan@192.168.28.100'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
 

　　开启密钥验证配置文件/etc/ssh/sshd_config

　　#RSAAuthentication yes #启用RSA算法

　　#PubkeyAuthentication yes #启用密钥对验证

　　#AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置

　　测试

　　[zhangsan@localhost ~]$ ssh lisi@192.168.28.128

　　Last login: Mon May 28 20:57:32 2018 from 192.168.28.100

　　[lisi@www ~]$

　　[lisi@www ~]$ ssh zhangsan@192.168.28.100

　　[zhangsan@localhost ~]$

本文由 帝一博客 原创发布。用户在本站发布的原创内容（包括但不仅限于回答、文章和评论），著作权均归用户本人所有。独家文章转载，请联系邮箱：17762131@qq.com。获得授权后，须注明本文地址： https://bubukou.com/linuxyunwei/1985.html