一、配置SSH的配置文件,
----------------------默认安装完以后用VI打开 /etc/ssh/sshd_config 修改几行内容就可以了
#ServerKeyBits 768 注释取消,将768改为1024
#PermitRootLogin yes 注释取消,将yes改为no 禁止root登录
#PermitEmptyPasswords no 取消注释,禁止空密码登录
#PasswordAuthentication no 取消注释,禁止使用密码方式登录,有密钥谁还用密码啊
/etc/ssh/ssh_config
#配置ssh_config
#vi /etc/ssh/ssh_config
Host *
ForwardAgent no
ForwardX11 no
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
FallBackToRsh no
UseRsh no
BatchMode no
CheckHostIP yes
StrictHostKeyChecking no
IdentityFile ~/.ssh/identity
Port 22
Cipher blowfish
EscapeChar ~
------------------
/etc/ssh/sshd_config
#vi /etc/ssh/sshd_config
Port 22
ListenAddress 192.168.1.1
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 1024
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
PrintMotd yes
SyslogFacility AUTH
LogLevel INFO
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no
AllowUsers admin
保存退出。如果想做到最大化安全链接,可以考虑在配置有双网卡的服务器上设置只允许内网链接SSH,方法很简单,在/etc/hosts.deny文件最后一行添加一句sshd: ALL 然后在/etc/hosts.allow的最后一行加上一句sshd: 192.168.0. 然后保存退出。
重启一下SSH服务 service sshd restart 就OK了
二。生成密钥
#ssh-keygen -b 1024 -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
(密钥对将要存的路径,括号内为默认)
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
(输入口令)
Enter same passphrase again:
(再次输入口令)
执行命令后生成下面两人文件,一个是私钥、一个是公钥。
/root/.ssh/id_dsa.
(你的私钥)
/root/.ssh/id_dsa.pub.
(你的公钥)