Linux设置证书登录
通过 SSH(Secure Shell)登录 Linux 服务器常见的认证方式有密码和证书两种,但是我们一般是采用密码登录,但是就安全角度来说,密码登录比较证书登录安全性的确是要稍微弱那么一点点,本文章记录主要记录配置证书登录的方法,拒绝密码登录。
一、生成密钥
登录到root用户,在root终端执行如下命令
#生成密钥,提示文件名及路径,若是直接回车后,默认生成路径及名称为*.ssh/id_rsa*,提示输入私钥密码,若是私人电脑可以直接回车,若是公司或者需要多设备登陆,最好是生成个带密码的证书。
ssh-keygen -t rsa
#上述操作完成后,会在用户目录下生成了公钥和私钥,将生成的公钥id_rsa.pub的内容追加到.ssh/authorized_keys中
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
#我们需要将私钥下载到本地,如果安装lrzsz 的话可以直接通过下面命令进行下载
sz ~/.ssh/id_rsa
#私钥下载完毕后,将服务器上的公钥与私钥删除
rm -rf ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
1.1)Ssh服务配置
修改/etc/ssh/sshd_config文件,修改如下参数,如果没有则新增
PasswordAuthentication no
#禁止密码登录,改为noRSAAuthentication yes
#允许密钥认证PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
#默认公钥存放位置
1.2)重启sshd任务使其生效
systemctl restart sshd #重启ssh服务
二、通过Xshell登录服务器
Xshell->工具->用户密钥管理者->导入->选择上面下载下来的id_rsa
私钥文件,如果有密码的话需要输入密码。
![](https://cdn.hlhasd.com/wp-content/uploads/2022/02/d2b5ca33bd970f64a6301fa75ae2eb22-1.png)
导入成功后登录服务器,可以看到密码栏已经变为不可编辑,需要证书登录,在用户密钥栏内选择我们刚刚导入的密钥,登录即可,如果设置了密码需要输入密码,密钥设置为空的可以直接点击登录。
![](https://cdn.hlhasd.com/wp-content/uploads/2022/02/d2b5ca33bd970f64a6301fa75ae2eb22-2.png)
以后就是ssh设置证书登录的方法及步骤!
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/cy.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/hanx.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/huaix.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/tx.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/se.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/wx.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/zk.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/shui.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/kuk.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/lh.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/gz.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/ku.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/kel.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/yiw.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/yun.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/jy.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/dy.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/gg.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/fn.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/fendou.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/shuai.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/kl.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/pj.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/fan.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/lw.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/qiang.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/ruo.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/ws.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/ok.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/gy.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/qt.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/cj.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/aini.gif)
![](https://cdn.hlhasd.com/wp-content/themes/tow/images/smilies/bu.gif)