最近换上了MACBOOK PRO做开发,由于之前一直在WINDOWS下使用SSH客户端,不用每次都输入密码,更换到MACOS后没有好用的工具,最好用的还是Terminal, 因此想到配置SSH证书登录。
本地机器:MacOs
远程服务器:CentOS 7
一、本地生成公钥和私钥
[user1@computer1]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa):
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user1/.ssh/id_rsa.
Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
The key fingerprint is:
31:df:a5:73:4a:2f:a6:6c:1c:32:a2:f2:b3:c5:a7:1f user1@computer1
在当前用户的.ssh目录下生成了id_rsa, id_rsa.pub两个文件。
二、把公钥复制到本地和服务器
#sudo vim /etc/sshd_config
设置
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
服务器端设置:
scp ~/.ssh/id_rsa.pub server_user@ipaddress:/tmp
cat /tmp/id_rsa.pub >> /home/server_user/.ssh/authorized_keys
注:如果服务器端没有,ssh目录,需要单独创建此目录。
三、设置权限和设置禁用密码登录
服务器端权限配置
chmod 700 .ssh
chmod 640 .ssh/authorized_keys
禁用服务器端密码登录
vim /etc/ssh/sshd_config
修改如下:
修改PermitRootLogin,确认AuthorizedKeysFile
#LoginGraceTime
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
重启服务器SSH服务
systemctl restart sshd
ssh server_user@ipaddress
无需密码,直接登录