基于秘钥的登录认证

ssh-keygen

ssh-keygen 是Unix和类Unix计算机系统上的安全外壳（SSH）协议套件的标准组件，用于通过使用各种加密技术在不安全的网络上建立远程计算机之间的安全shell会话。ssh-keygen实用程序用于生成，管理和转换身份验证密钥。

ssh-keygen能够使用三种不同的数字签字算法之一生成密钥。

在ssh-keygen工具的帮助下，用户可以为任何这些密钥类型创建密码（为了提供无人值守操作，密码可以保留为空，风险更高）。

这些密钥与相关工具 GNU Privacy Guard使用的密钥不同。

[[email protected] ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #按Enter
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y   #覆盖之前的秘钥对
Enter passphrase (empty for no passphrase): #输入秘钥密码
Enter same passphrase again: 　　　　　　　　　　#重复
Your identification has been saved in /root/.ssh/id_rsa. #私钥
Your public key has been saved in /root/.ssh/id_rsa.pub.  #公钥
The key fingerprint is:
SHA256:zrHfkb0+zCDc3/BKUvpILyHMwruqyhw8ZQy+CoFROWM [email protected]
The key‘s randomart image is:
+---[RSA 2048]----+
|  ..             |
| .E              |
|...o             |
|.o o             |
|o . +  .S+ .  .  |
| o +   ooo* +=.  |
|. =     +o o**o+ |
|.+ o    .. o.B=.o|
|. +........ oo*o |
+----[SHA256]-----+
[[email protected] ~]# 

ssh-copy-id

使用本地可用密钥来授权远程计算机上的登录

[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub [email protected]127.0.0.1     #通过ssh-copy-id 工具将秘钥对发送到服务器，这里我是本机测试，或者可以使用cat 命令直接重定向
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]127.0.0.1‘s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"
and check to make sure that only the key(s) you wanted were added.

[[email protected] .ssh]# 

Xshell 配置

测试可以正常登录，如果登录异常请检查 /etc/ssh/sshd_config 配置文件对应参数

原文地址：https://www.cnblogs.com/zy09/p/10784136.html