[test@foundation0 ~]$ ssh-copy-id -i /home/test/.ssh/id_rsa.pub
westos@172.25.254.100
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'westos@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
ssh-copy-id ####上传key的工具
-i ####指定使用的公钥
/home/test/.ssh/id_rsa.pub #####使用公钥的名称
westos ####被管理的目标用户
172.25.254.100 ####被管理用户所在主机的ip
authorized_keys ###此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。
##########利用key加密sshd服务##############
1. ssh-copy-id -i id_rsa.pub
test@172.25.254.250 #######此造作在sshd服务器上进行
指定加密文件 加密文件 目标用户@目标主机
2. 在配置文件中若将通过密码登陆改为 no 主机就不能通过输入密码登陆,则需要
scp id_rsa
root@172.25.254.1:/root/.ssh/ ######此操作在sshd服务器上进行
远程推送解密文件到客户主机的超级用户下
这时在主机就可以再次登陆了
3. [iyunv@foundation1 .ssh]# ssh
test@172.25.254.250 ######此操作在客户机中进行
Enter passphrase for key '/root/.ssh/id_rsa': ######密钥密码
scp
root@172.25.11.10:/home/test/.ssh/id_rsa /home/test/.ssh
######################
sshd服务的简单配置
vim /etc/ssh/sshd_config ###sshd服务的配置文件
48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务