公钥配置:
配置文件
~/.ssh/authorized_keys
添加对应的公钥
echo "
# 备注
xxxxxx(你的公钥)xxxxxx " >> ~/.ssh/authorized_keys
ssh服务
服务配置文件
/etc/ssh/sshd_config
密码认证(是否禁止密码登录)
PasswordAuthentication no
服务管理
service sshd restart
/bin/systemctl restart sshd.service
连接
ip=127.xx.xx.xx && ssh root@$ip -i /xxx/私钥
问题
权限问题 结合这篇文章解决 https://www.putyy.com/articles/71
限制人员权限可以新增linux用户,再切换到对应用户下执行公钥配置
注意:
1、 .ssh目录的权限必须是700
2、 .ssh/authorized_keys文件权限必须是600
以下错误: 遇到错误,大概是本地存储的信息和远程主机对不上,需要清理重新建立
# 错误
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:xxxrxxxxxxxeLkxxx.
Please contact your system administrator.
Add correct host key in /Users/xxx/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/xxx/.ssh/known_hosts:38
ECDSA host key for 127.x.x.x has changed and you have requested strict checking.
Host key verification failed.
# 执行清理, xxx === 你的用户名
ssh-keygen -f /Users/xxx/.ssh/known_hosts -R "127.x.x.x "