当前位置:   article > 正文

centos8修改服务器密码,教你在CentOS8中设置SSH密钥

centos8 ssh libvirtd.server的密码是哪个密码

原标题:教你在CentOS8中设置SSH密钥

最流行的两种SSH身份验证机制是基于密码的身份验证和基于公钥的身份验证。使用SSH密钥通常比传统的密码身份验证更安全和方便。

eb3c9b6503d75998310ac6b2a265a862.png

环 境

客户端:CentOS8 192.168.43.137

服务端:CentOS8 192.168.43.139

创建SSH公私钥

通过输入以下命令,生成新的4096位的SSH密钥对:

[root @localhost~]# ssh-keygen -t rsa -b 4096

Generating public/ privatersa key pair.

Enter file in which to save the key(/root/.ssh/id_rsa):

Enter passphrase(empty forno passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your publickey has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:ycOtSDK8ud2kd6EH7OxoQuc1BFb1HJ3T/kvAQJt0LrI root@localhost.localdomain

The key's randomart image is:

+---[RSA 4096]----+

| ...oo.o o |

| o .+ =.+ .|

| . . . +=. o |

| . o.oo .o .|

| + .oSE. . .|

| .*..=o. ..|

| .oo.+o+ . . .|

| .oo== o . |

| .o+ooo |

+----[SHA256]-----+

想要验证是否生成了新的SSH密钥对,使用ls -l命令查看~/.ssh目录是否有刚才生成的文件:

[root @localhost~]# ll ~/.ssh/

total 8

-rw------- 1root root 3389May 1308: 26id_rsa

-rw-r--r-- 1root root 752May 1308: 26id_rsa.pub

将公钥复制到远程服务器,使用ssh-copy-id实用程序,输入远程服务器的root密码:

[root @localhost~]# ssh-copy-id root@ 192.168.43.139

/usr/bin/ssh-copy-id: INFO: Source of key(s)to be installed: "/root/.ssh/id_rsa.pub"

The authenticity of host '192.168.43.139 ( 192.168.43.139)' can't be established.

ECDSA key fingerprint is SHA256:7O1oIOooh4NZG87aC3v1Zz/vcTXkjOhQBnlkY0CD4y0.

Are you sure you want to continueconnecting(yes/no)? yes

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s)remain to be installed -- ifyou are prompted now it is to install the new keys

Password:

Number of key(s)added: 1

Now trylogging into the machine, with: "ssh 'root@192.168.43.139'"

and check to make sure that only the key(s)you wanted were added.

6c0d3cf399bdfc6e5914a5a68f451ece.png

也可以使用以下命令复制公钥:

[root @localhost.ssh]# cat ~/.ssh/id_rsa.pub | ssh root@ 192.168.43.139 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

使用密钥登录服务器

使用以下命令登录ssh服务器:

[root @localhost~]# ssh 192.168.43.139

Last login: Tue May 1212: 33: 412020from 192.168.43.137

14b1c827a60eb8154a6e0b9b774d952a.png

关闭密码认证

登录服务器端,关闭密码认证:

[root @localhost~]# ssh 192.168.43.139

Last login: Tue May 1212: 33: 412020from 192.168.43.137

[root @localhost~]# vim /etc/ssh/sshd_config

搜索一下三条,将选项改为No

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM no

5f432dcbe2cfb1302f420828904c7d86.png

重启sshd服务:

[root @localhost~]# systemctl restart sshd

总 结

可以使用同一密钥管理多个远程服务器。默认情况下,SSH的端口是TCP 22。更改默认SSH端口可降低自动攻击的风险。

责任编辑:

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/weixin_40725706/article/detail/492092
推荐阅读
相关标签
  

闽ICP备14008679号