[root@rhel7 ~]# ssh-keygen --在客户端主机中生成“密钥对” Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 81:ed:02:f4:f6:dc:12:0e:9a:6c:01:b0:f5:2e:80:07 root@rhel7.rusky.com The key's randomart image is: +--[ RSA 2048]----+ |E.o . | |.+ + . o | |+ . + = + | | o o * * + | | . * . S . | | o . . | | | | | | | +-----------------+ [root@rhel7 ~]# ssh-copy-id 192.168.1.8 --把公钥传送到远程服务器中 The authenticity of host '192.168.1.8 (192.168.1.8)' can't be established. ECDSA key fingerprint is 46:b8:f6:7c:39:21:bb:68:7d:3e:92:6a:80:a0:c1:e2. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.1.8's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.1.8'" and check to make sure that only the key(s) you wanted were added. [root@rhel7 ~]# ssh 192.168.1.8 --在客户端主机尝试登陆到服务端主机,此时无需输入密码口令也可直接验证登陆成功 Last login: Sun Aug 6 12:12:15 2017 from 192.168.1.99 [root@victory ~]#
另外,还可以设置服务器主机只允许密钥验证,拒绝传统口令验证方式,记得修改配置文件后保存并重启sshd服务程序。
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
#PasswordAuthentication yes
#systemctl restart sshd