使用密钥文件登录及免密登录服务器方法

使用密钥文件登录

首先将密钥应用到主机，然后下载密钥，将密钥拷贝到要访问主机的电脑上，最后通过此文件不需要密码可直接访问到主机

[deployer@Bigcolud ~]$ ssh -i ~/dyd/csb-dyd.pem root@10.166.66.66
The authenticity of host '10.166.66.66 (10.166.66.66)' can't be established.
ECDSA key fingerprint is SHA256:P2ydg2DT+NDMdYv8C8S8RpWE62znCn0OWiQJkqI6TBh.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.166.66.66' (ECDSA) to the list of known hosts.
You have logged onto a secured server..All accesses logged
Authorized users only. All activity may be monitored and reported
.----..-.  .-..----. 
| {}  \\ \/ / | {}  \
|     / }  {  |     /
`----'  `--'  `----' 
Welcome to BigCloud Enterprise Linux 8 (GNU/Linux 4.19.0-193.1.3.el8.bclinux.x86_64 x86_64)

System information as of Thu Jun 11 20:36:37 CST 2021

  * System CPU load:    0.30 0.24 0.10        * System   uptime:         20:36:37 up 2 min
  * Active sessions:    1                     * Memory    usage:         547 / 838 MB
  * Processes count:    101

  * Get Support  :

  * Ask Questions:
        http://forum.bclinux.org
  * Contact US   :
        MAIL : support@bclinux.org / TEL : 400-1234567-8
[root@csb-dyd611 ~]#

若出现以下警告并让输入密码登录，说明使用密钥文件登录失败

[deployer@Bigcolud ~]$ ssh -i ~/dyd/csb-dyd.pem root@10.166.66.66
The authenticity of host '10.166.66.66 (10.166.66.66)' can't be established.
ECDSA key fingerprint is SHA256:P2ydg2DT+NDMdYv8C8S8RpWE62znCn0OWiQJkqI6SBg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.166.66.66' (ECDSA) to the list of known hosts.
You have logged onto a secured server..All accesses logged
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/deployer/dyd/csb-dyd.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/deployer/dyd/csb-dyd.pem": bad permissions
root@10.166.66.66's password:

出现此情况是由于文件权限问题造成的，修改文件权限即可

chmod 600 ~/dyd/csb-dyd.pem # 将权限修改为600
ssh -i ~/dyd/csb-dyd.pem root@10.166.66.66 # 再次使用密钥即可登录成功

免密登录

在两台主机上都生成密钥对，执行以下命令

ssh-keygen -t rsa

将一台主机做为客户端，将公钥导入到认证文件中

cat .ssh/id_rsa.pub >> .ssh/authorized_keys

将认证文件authorized_keys上传到另一台主机(即服务端)的.ssh目录下

此处的.ssh目录若非通过命令ssh-keygen -t rsa创建，而是通过命令mkdir .ssh创建，则需要更改权限

chmod 700 .ssh/
chmod 600 .ssh/authorized_keys

最后，在客户端即可直接登录到服务器，或者通过私钥id_rsa访问服务端

ssh root@192.166.66.22
ssh -i .ssh/id_rsa root@192.166.66.22