W3Cschool
恭喜您成為首批注冊用戶
獲得88經(jīng)驗值獎勵
加密是對信息進(jìn)行編碼和解碼的技術(shù),它通過一定的算法(密鑰)將原本可以直接閱讀的明文信息轉(zhuǎn)換成密文形式。密鑰即是密文的鑰匙,有私鑰和公鑰之分。在傳輸數(shù)據(jù)時,如果擔(dān)心被他人監(jiān)聽或截獲,就可以在傳輸前先使用公鑰對數(shù)據(jù)加密處理,然后再行傳送。這樣,只有掌握私鑰的用戶才能解密這段數(shù)據(jù),除此之外的其他人即便截獲了數(shù)據(jù),一般也很難將其破譯為明文信息。
一言以蔽之,在生產(chǎn)環(huán)境中使用密碼進(jìn)行口令驗證終歸存在著被暴力破解或嗅探截獲的風(fēng)險。如果正確配置了密鑰驗證方式,那么sshd服務(wù)程序?qū)⒏影踩?。我們下面進(jìn)行具體的配置,其步驟如下。
第1步:在客戶端主機(jī)中生成“密鑰對”。
[root@linuxprobe ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):按回車鍵或設(shè)置密鑰的存儲路徑
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):直接按回車鍵或設(shè)置密鑰的密碼
Enter same passphrase again:再次按回車鍵或設(shè)置密鑰的密碼
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@linuxprobe.com
The key's randomart image is:
+--[ RSA 2048]----+
|+*..o . |
|*.o + |
|o* . |
|+ . . |
|o.. S |
|.. + |
|. = |
|E+ . |
|+.o |
+-----------------+
第2步:把客戶端主機(jī)中生成的公鑰文件傳送至遠(yuǎn)程主機(jī):
[root@linuxprobe ~]# ssh-copy-id 192.168.10.10
The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established.
ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.10's password:此處輸入遠(yuǎn)程服務(wù)器密碼
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.10.10'"
and check to make sure that only the key(s) you wanted were added.
第3步:對服務(wù)器進(jìn)行設(shè)置,使其只允許密鑰驗證,拒絕傳統(tǒng)的口令驗證方式。記得在修改配置文件后保存并重啟sshd服務(wù)程序。
[root@linuxprobe ~]# vim /etc/ssh/sshd_config
………………省略部分輸出信息………………
74
75 # To disable tunneled clear text passwords, change to no here!
76 #PasswordAuthentication yes
77 #PermitEmptyPasswords no
78 PasswordAuthentication no
79
………………省略部分輸出信息………………
[root@linuxprobe ~]# systemctl restart sshd
第4步:在客戶端嘗試登錄到服務(wù)器,此時無須輸入密碼也可成功登錄。
[root@linuxprobe ~]# ssh 192.168.10.10
Last login: Mon Apr 13 19:34:13 2017
Copyright©2021 w3cschool編程獅|閩ICP備15016281號-3|閩公網(wǎng)安備35020302033924號
違法和不良信息舉報電話:173-0602-2364|舉報郵箱:jubao@eeedong.com
掃描二維碼
下載編程獅App
編程獅公眾號
聯(lián)系方式:
更多建議: