修改vps密码登录为更为安全的密钥登录笔记。
生成密钥
登录远程Linux VPS/服务器,执行:
ssh-keygen -t rsa -m PEM
预计的返回结果,密码可以缺省。
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): //直接回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): //输入密钥密码
Enter same passphrase again: //重复密钥密码
Your identification has been saved in /root/.ssh/id_rsa. //提示公钥和私钥已经存放在/root/.ssh/目录下
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
15:23:a1:41:90:10:05:29:4c:d6:c0:11:61:13:23:dd [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|=&@Bo+o o.o |
|=o=.E o . o |
| . . . |
| . |
| S |
| |
| |
| |
| |
+-----------------+
生成的id_rsa和id_rsd.pub就是私钥和公钥,id_rsa妥善保存到本地,至于id_rsd.pub执行以下操作
mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
将密钥应用在ssh中
修改sshd_config文件vi /etc/ssh/sshd_config
修改下面几处:
PubkeyAuthentication yes #启用PublicKey认证。
AuthorizedKeysFile /root/.ssh/authorized_keys #PublicKey文件路径。
完成后执行service sshd restart
,关闭ssh客户端,尝试使用密钥能否登录。
若能登录成功,将密码登录关闭。
修改sshd_config文件vi /etc/ssh/sshd_config
PasswordAuthentication no #禁止使用密码认证登录。
完成后执行service sshd restart
。