1、创建要远程登录的用户
#创建wqz用户
useradd wqz
#切换用户
su wqz
2、配置ssh公钥和私钥
#在要登录的服务器上配置ssh公钥和私钥
ssh-keygen -t rsa
#查看公钥和私钥是否配置成功
ll ~/.ssh
总用量 12
-rw------- 1 wqz wqz 906 4月 28 09:57 authorized_keys
-rw------- 1 wqz wqz 1675 4月 28 09:55 id_rsa
-rw------- 1 wqz wqz 409 4月 28 09:55 id_rsa.pub
3、配置公钥文件权限
#将公钥复制到authorized_keys
cp id_rsa.pub authorized_keys
#配置.ssh权限要不然登录还的需要输入密码
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
4、登录端配置登录公钥
#创建 公钥和私钥
MacBook-Air ~ % ssh-keygen -t rsa
#将个人的公钥文件 复制到 服务器上的 ~/.ssh/authorized_keys 里
#个人的公钥
MacBook-Air ~ % cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9yQDRbR94AKzuOm/iGB/dValpwsJQY/4NmkLDdZ8Jpj18WDeZd/GgWm7vheN2K6cUASbZZP+SaODpxx1E5JCY2kjhscJ3e3PJLcXkVkbCkOsN+GIQceCiJljSAXcJiJBqNugsAaTDIIASPN5+rZjrF7hALGbKWuNmx6AwVtMTdcFMFVJi1bhdga8Snxex/DrVBdvrcGkQP5EjNE3OdylootPOA5n+0Vl/G5Kl0zLViinkMKU3lXg3GZDWieB7cQKNY4/rT4tqEPWzEr8eYpYvGH7ZlBOq79fSL4IHZ4WoTHszDa8cnvO9mNNpVTuQzhMCAXDIvRhj2GikfFHix+yLVBDCrwBZKhgSNzgcrGMuk2f497Qd8TPv4UQijziwytErDCuPWbwEPRGtkjZiREeBFXokIaY7JdXjJx4rZPZVzDnVe9KSOQVmMYeY0Jd/O+6vPh53naOVtE/FB89+VdalCqpeTbdBVWCAEy/kvyOvuK+ECFYnJ61GsIpImHpzkEc= wangquanzhuang@bogon
#服务器记录公钥文件
znuZ ~]$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyKJI8xlZj3W2PNvwV5L8a/LQgwr7dX7snQd9WH+MNbcBW2EOIP3w8BAO/V2c1sIq+j4nftLOQN6SpA2TOFyNLh0n1o6LSaJShtxdGWLRfCe38MQF167qb0upzkvDmApdNAmYPDvmigyiUVKWrVA/aX1rwNvXhnttnT+q4L7fipqCODiBM1A9z4Jub91ZKEXRB7JHxmDH244wpNskRwOSR6OOn+yZyCTrHeQtV7GH7/RQaRBAEL1sP2Il71iBy6uMguQextJGq4nEJwDedMztyCel11Y35rwckavpa7XTgOUJJU07Rxircenf7iI6wB793OCNjVImB9hozsbT0MMir wqz@iZ2zej9i2j64gqfz0brznuZ
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9yQDRbR94AKzuOm/iGB/dValpwsJQY/4NmkLDdZ8Jpj18WDeZd/GgWm7vheN2K6cUASbZZP+SaODpxx1E5JCY2kjhscJ3e3PJLcXkVkbCkOsN+GIQceCiJljSAXcJiJBqNugsAaTDIIASPN5+rZjrF7hALGbKWuNmx6AwVtMTdcFMFVJi1bhdga8Snxex/DrVBdvrcGkQP5EjNE3OdylootPOA5n+0Vl/G5Kl0zLViinkMKU3lXg3GZDWieB7cQKNY4/rT4tqEPWzEr8eYpYvGH7ZlBOq79fSL4IHZ4WoTHszDa8cnvO9mNNpVTuQzhMCAXDIvRhj2GikfFHix+yLVBDCrwBZKhgSNzgcrGMuk2f497Qd8TPv4UQijziwytErDCuPWbwEPRGtkjZiREeBFXokIaY7JdXjJx4rZPZVzDnVe9KSOQVmMYeY0Jd/O+6vPh53naO
5、将服务器的私钥发送到本地
cd ~/.ssh
.ssh]$ sz id_rsa
#为了方便认知私钥最好 在本地登录端改下id_rsa名字
6、登录服务器
登录时选择
认证方式选择公钥
然后使用我刚刚从服务器哪的私钥进行登录
7、SSH 服务配置
#修改此文件,
vim /etc/ssh/sshd_config
#禁用密码登录方式,
#不禁用密码登录的时候也可以同时用证书登录;可先不禁用,以防止自己把自己关在服务器外面了
PasswordAuthentication no
ChallengeResponseAuthentication no
| 
