使用秘钥登录Linux主机

2022-01-10 15:38:28

公钥配置:

配置文件

~/.ssh/authorized_keys

添加对应的公钥

echo "
# 备注 
xxxxxx(你的公钥)xxxxxx " >> ~/.ssh/authorized_keys

ssh服务

服务配置文件

/etc/ssh/sshd_config

密码认证(是否禁止密码登录)

PasswordAuthentication no

服务管理

 service sshd restart
/bin/systemctl restart sshd.service  

连接

ip=127.xx.xx.xx && ssh root@$ip -i /xxx/私钥

问题

权限问题 结合这篇文章解决 https://www.putyy.com/articles/71

限制人员权限可以新增linux用户,再切换到对应用户下执行公钥配置
注意: 
1、 .ssh目录的权限必须是700 
2、 .ssh/authorized_keys文件权限必须是600

以下错误: 遇到错误,大概是本地存储的信息和远程主机对不上,需要清理重新建立

# 错误
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xxxrxxxxxxxeLkxxx.
Please contact your system administrator.
Add correct host key in /Users/xxx/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/xxx/.ssh/known_hosts:38
ECDSA host key for 127.x.x.x has changed and you have requested strict checking.
Host key verification failed.

# 执行清理, xxx === 你的用户名
ssh-keygen -f /Users/xxx/.ssh/known_hosts -R "127.x.x.x "
本文由"putyy"原创,转载无需和我联系,但请注明来自putyy
您的浏览器不支持canvas标签,请您更换浏览器