RSA key
一般建议不使用密码,而是使用RSA 证书进行登录,并且 RSA证书本身再加密
将有权限登入的公钥添加到 authorized_keys
代码语言:javascript复制[saops@check-list ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/saops/.ssh/id_rsa):
Created directory '/home/saops/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/saops/.ssh/id_rsa.
Your public key has been saved in /home/saops/.ssh/id_rsa.pub.
The key fingerprint is:
3f:05:e8:af:c8:f3:42:3b:0b:d5:c6:63:75:a9:9c:6d saops@check-list
The key's randomart image is:
--[ RSA 2048]----
| |
| . . |
| . o o |
| o * |
| . S E |
| ..o o |
| .. . |
| o=. . . |
| *o |
-----------------
[saops@check-list ~]$
[saops@check-list ~]$ cd .ssh/
[saops@check-list .ssh]$ ls
id_rsa id_rsa.pub
[saops@check-list .ssh]$ vim authorized_keys
[saops@check-list .ssh]$ ll authorized_keys
-rw-rw-r--. 1 saops saops 1209 Mar 29 17:11 authorized_keys
[saops@check-list .ssh]$ chmod 600 authorized_keys
[saops@check-list .ssh]$ ll
total 12
-rw-------. 1 saops saops 1209 Mar 29 17:11 authorized_keys
-rw-------. 1 saops saops 1675 Mar 29 17:07 id_rsa
-rw-r--r--. 1 saops saops 395 Mar 29 17:07 id_rsa.pub
[saops@check-list .ssh]$ 参数调整
可以调整部分参数使系统有较好的表现,或放开某些因为安全考虑而显得过于保守的设置,还有一些是基于特定应用场景的定向调优
