ssh公有键认证
密钥生成
#生成密钥命令,加密算法为rsa,ssh-keygen -t rsa
csdn@MacBook-Pro .ssh % ssh-keygen -t rsa
Generating public/private rsa key pair.
#保存私钥的文件全路径
Enter file in which to save the key (/Users/csdn/.ssh/id_rsa):
#密码可以为空
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
#生成密钥对
Your identification has been saved in /Users/csdn/.ssh/id_rsa.
Your public key has been saved in /Users/csdn/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:f+YD4sIxCZFWeB3U+k9TwMGRvQ/i5RpssjNwx4u7Z5g csdn@MacBook-Pro.local
The key's randomart image is:
+---[RSA 3072]----+
| +.ooo oo= |
| = . . . = . |
| . o . . . |
| . . . = |
| . .S. + = o |
| + o.= X . .|
| . + +.%o= |
| o . E+B |
| . oB.. |
+----[SHA256]-----+
csdn@MacBook-Pro .ssh %
查看~/.ssh目录下生成的密钥对
csdn@MacBook-Pro .ssh % ls -la
total 32
drwx------ 8 csdn staff 256 10 13 18:36 .
drwxr-xr-x+ 68 csdn staff 2176 10 13 18:26 ..
drwxr-xr-x 3 csdn staff 96 10 12 10:27 AWS
drwxr-xr-x 3 csdn staff 96 5 6 18:33 amazonRanking
-rw-r--r-- 1 csdn staff 177 5 6 18:33 config
-rw------- 1 csdn staff 2622 10 13 18:33 id_rsa
-rw-r--r-- 1 csdn staff 585 10 13 18:33 id_rsa.pub
-rw-r--r-- 1 csdn staff 1141 10 11 22:53 known_hosts
csdn@MacBook-Pro .ssh %
公钥上传服务器
#此处可以在/etc/hosts配置IP对应的主机名,这里面直接使用了IP地址
csdn@MacBook-Pro .ssh % ssh-copy-id k8s@192.168.3.43
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/csdn/.ssh/id_rsa.pub"
The authenticity of host '192.168.3.43 (192.168.3.43)' can't be established.
ECDSA key fingerprint is SHA256:M58o0WuKAwUgutL1al6ByHUsr65bEZT9dk9SZcqEl+o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
k8s@192.168.3.43's password:
#上面一行输入服务器的密码,也是唯一的一次输入密码操作
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s@192.168.3.43'"
and check to make sure that only the key(s) you wanted were added.
csdn@MacBook-Pro .ssh %
#以上操作执行完之后,公钥文件内容会写到服务器中.ssh/authorized_keys文件里面.
文件权限
#服务器端.ssh目录的权限为700,文件authorized_keys的权限应该设置为600
k8s@k8s:~/.ssh$ll
total 12
drwx------ 2 k8s k8s 4096 Oct 11 08:36 ./
drwxr-xr-x 5 k8s k8s 4096 Oct 11 09:22 ../
-rw------- 1 k8s k8s 1154 Oct 13 09:40 authorized_keys
#私钥权限为600
csdn@MacBook-Pro .ssh % ls -la
total 32
drwx------ 8 csdn staff 256 10 13 18:40 .
drwxr-xr-x+ 68 csdn staff 2176 10 13 18:26 ..
drwxr-xr-x 3 csdn staff 96 10 12 10:27 AWS
drwxr-xr-x 3 csdn staff 96 5 6 18:33 amazonRanking
-rw-r--r-- 1 csdn staff 177 5 6 18:33 config
-rw------- 1 csdn staff 2622 10 13 18:33 id_rsa
-rw-r--r-- 1 csdn staff 585 10 13 18:33 id_rsa.pub
-rw-r--r-- 1 csdn staff 1315 10 13 18:40 known_hosts
csdn@MacBook-Pro .ssh %
通过密钥连接
# ssh -i <私钥相对路径> <用户名>@
csdn@MacBook-Pro .ssh % ssh -i ~/.ssh/id_rsa k8s@192.168.3.43
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-88-generic x86_64)
* documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed 13 Oct 2021 09:55:50 AM UTC
System load: 0.04
Usage of /: 33.9% of 18.57GB
Memory usage: 13%
Swap usage: 0%
Processes: 229
Users logged in: 1
IPv4 address for ens33: 192.168.3.43
IPv6 address for ens33: 240b:10:1a1:3800:20c:29ff:fe97:a180
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
28 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Last login: Wed Oct 13 09:55:09 2021 from 192.168.3.39
k8s@k8s:~$
配置~/.ssh/config文件
Host master#随意指定名称
HostName 192.168.3.43#目标服务器的IP地址
User k8s#目标服务器用户名
IdentityFile ~/.ssh/id_rsa#指定私钥
Port 22#默认22
TCPKeepAlive yes
Identitiesonly yes
通过指定的名称进行连接
csdn@MacBook-Pro .ssh % ssh master
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-88-generic x86_64)
* documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed 13 Oct 2021 10:00:27 AM UTC
System load: 0.0
Usage of /: 33.9% of 18.57GB
Memory usage: 13%
Swap usage: 0%
Processes: 225
Users logged in: 1
IPv4 address for ens33: 192.168.3.43
IPv6 address for ens33: 240b:10:1a1:3800:20c:29ff:fe97:a180
* Super-optimized for small spaces - read how we shrank the memory
footprint of MicroK8s to make it the smallest full K8s around.
https://ubuntu.com/blog/microk8s-memory-optimisation
28 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Last login: Wed Oct 13 09:58:23 2021 from 192.168.3.39
k8s@k8s:~$
