通过ssh的公钥/私钥方式远程登录linux

一、通过 ssh-keygen命令创建认证文件

# ssh-keygen -b 1024 -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa):  Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: ............................... The key's randomart image is: .............................

如果没有更改路径的话，会在<userHome>/.ssh/目录下产生：id_dsa和id_dsa.pub两个文件。其中id_dsa是要加载到ssh客户端的，id_dsa.pub是服务器端的匹配文件。

二、使用ssh-copy-id命令将生成服务器端认证文件加载到对应服务器

# ssh-copy-id -i <认证文件保存的目录>/id_dsa.pub <user>@<host> The authenticity of host '192.168.1.202 (192.168.1.202)' can't be established. RSA key fingerprint is 46:8f:d3:43:db:52:b1:c2:16:99:cd:03:9b:3f:0c:e8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.202' (RSA) to the list of known hosts. <user>@<host>'s password:  <服务器口令> Now try logging into the machine, with "ssh '<user>@<host>'", and check in:   .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.

三、修改服务器的ssh配置文件

RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys

四、将id_dsa加载到客户端

ssh客户端很多，这里只介绍Xshell（免费的为啥不用啊，\(^o^)/~）

properties -> Authentication -> method改成“Public key”，在Userkey中载入对应的认证文件

ok啦~不必再用用户名、口令登录了，方便了不少，安全了不少~