远程连接的公私钥加密

环境，准备俩台主机

172.25.254.100 服务器

172.25.254.200 客户端

首先在客户端上面输入

交互型

[root@server200 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):（保存密钥的文件名称，这里我现在直接选择默认，回车）
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):（密码）
Enter same passphrase again:（再输入一般密码）
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:zDC/MMgAp9vZolZebcoUPKzmvGN8raRFjS1dXItiHuc root@server200.timinglee.org
The key's randomart image is:
+---[RSA 3072]----+
|. .        .     |
| +  o   . o .    |
|. .  =o+ = .     |
| o =..@**        |
|. +++*oBSE       |
| .*.= +o .       |
|...+ =. .        |
|.  +=. .         |
|  .oo..          |
+----[SHA256]-----+
​

非交互型

[root@server200 ~]# ssh-keygen -f /root/.ssh/id_rsa -P ""
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:5kMNq4lFfqfK1uqRtMnVhhT1U/evFWT0qvdpdgqsfe4 root@server200.timinglee.org
The key's randomart image is:
+---[RSA 3072]----+
|        ...   o+.|
|         . . .o.o|
|      . o   o  .o|
|     o . *   . .o|
|      + S =   . o|
|     = % + . . o |
|    . O.+   + o  |
|     ..o.. o o.+o|
|     o=.  . .+Eoo|
+----[SHA256]-----+
​

以上俩种任选

给服务器的root用户上锁

[root@server200 ~]# cd /root/.ssh/
[root@server200 .ssh]# ls
id_rsa  id_rsa.pub
[root@server200 .ssh]#  ssh-copy-id -i id_rsa.pub root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ED25519 key fingerprint is SHA256:KozacypCDmg9DYyvYj/i2vpMwHujpC5ehRpKS33a+Ws.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:
​
Number of key(s) added: 1
​
Now try logging into the machine, with:   "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
​

查看服务器生成的密钥

[root@server100 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzhf9QdXqUcI7HZxqe6hEzpq/SlEPqutvwtpoko+ENN/UlOb2d2b307BRkr+aKdiQVqJy2QgFm77DosYskehVNAfyiv0UmCUMdkbJfN/j1W+JzLzDlNnPaisyTMCkz6IOHZyS9IigUBnqE9gVuyaCxzc3bHGCI2mLAStkyE5bP5qkWb59P/BHvu4+bT9gOXyKLmDthOPRpB8YqLxjXYyBCwCfG280aDwi055/JBVGdOAfsz29hkFmgFSrtB12LNoSIcsr07CZ0wquYYP7XapLXEnSSjPT0k/ccwVpoyX0aEOFPWsss3WcT/7S6JP+tOJbrds4TKFhXq7gJZSBzeQ7+mwOgQC4GH4EfiCm64LqpT/yRfPWOvtenie4G/JdpVXlJWGkTHkgjViOISCqVhQRMzlXm+IVZTTd5/Prre/YW+xKZnslS0LyAHLhcvkC/ktW3XtLUr9l/UYE/w7SBNgl3ifQNf+VtIqepNA24Qp2Gk3rg6k2NW4SwybpO0AM/td0= root@server200.timinglee.org

查看客户端的公钥

[root@server200 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCzhf9QdXqUcI7HZxqe6hEzpq/SlEPqutvwtpoko+ENN/UlOb2d2b307BRkr+aKdiQVqJy2QgFm77DosYskehVNAfyiv0UmCUMdkbJfN/j1W+JzLzDlNnPaisyTMCkz6IOHZyS9IigUBnqE9gVuyaCxzc3bHGCI2mLAStkyE5bP5qkWb59P/BHvu4+bT9gOXyKLmDthOPRpB8YqLxjXYyBCwCfG280aDwi055/JBVGdOAfsz29hkFmgFSrtB12LNoSIcsr07CZ0wquYYP7XapLXEnSSjPT0k/ccwVpoyX0aEOFPWsss3WcT/7S6JP+tOJbrds4TKFhXq7gJZSBzeQ7+mwOgQC4GH4EfiCm64LqpT/yRfPWOvtenie4G/JdpVXlJWGkTHkgjViOISCqVhQRMzlXm+IVZTTd5/Prre/YW+xKZnslS0LyAHLhcvkC/ktW3XtLUr9l/UYE/w7SBNgl3ifQNf+VtIqepNA24Qp2Gk3rg6k2NW4SwybpO0AM/td0= root@server200.timinglee.org

进行登录验证

[root@server200 .ssh]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socket
​
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Wed May 21 14:06:36 2025 from 172.25.254.200