Linux下SSH配置密钥key登录禁用密码登录

首先需要在ROOT用户下

操作步骤如下

1 创建用户haoduck

1. useradd haoduck

2 创建haoduck用户ssh密钥文件夹

1. mkdir -p /home/haoduck/.ssh/
2. chmod 700 /home/haoduck/.ssh/

3 创建公钥文件

公钥文件一般从自己的电脑上生成，诸如XShell、MobaXterm等工具都是可以生成的。这里就不赘述了

1. vim /home/haoduck/.ssh/authorized_keys
2. chmod 600 /home/haoduck/.ssh/authorized_keys
3. chown -R haoduck /home/haoduck/.ssh/ #设置文件所有者为新用户haoduck

4 配置sudo权限(可选)

在最后添加一行haoduck ALL=(ALL) ALL或者haoduck ALL=(ALL) NOPASSWD: ALL，后者可以免密码使用sudo

1. chmod u+w /etc/sudoers
2. vim /etc/sudoers
3. chmod u-w /etc/sudoers

5 修改sshd配置

1. vim /etc/ssh/sshd_config

密钥登录：找到以下内容去掉签名的#号
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

禁用密码和ROOT登录：
找到以下内容
PasswordAuthentication yes
PermitRootLogin yes
改为
PasswordAuthentication no
PermitRootLogin no

重启sshdsystemctl restart sshd或systemctl restart ssh或service sshd restart或service ssh restart

一键脚本

1. #!/bin/bash
2. #username=${1:="haoduck"}
3. #pubkey=${2:="ssh-xxxxx"}
4. username="haoduck"
5. #pubkey="$(wget -qO- https://直链)"
6. pubkey="ssh-xxxxx"
7. #yum install -y sudo
8. #apt-get install -y sudo
9. useradd ${username}
10. mkdir -p /home/${username}/.ssh/
11. chmod 700 /home/${username}/.ssh/
12. echo $pubkey > /home/${username}/.ssh/authorized_keys
13. chmod 600 /home/${username}/.ssh/authorized_keys
14. chown -R ${username} /home/${username}/.ssh/
15. #sudo配置
16. chmod u+w /etc/sudoers
17. echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
18. #echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
19. #sshd配置
20. sshd_file="/etc/ssh/sshd_config"
21. cp -n $sshd_file /etc/ssh/sshd_config.bak
22. sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
23. sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
24. sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
25. #sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
26. #sed -i "s|#\?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
27. systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart

如果只需要用ROOT用户，可以省略添加用户的步骤，一键脚本如下：

1. #pubkey="$(wget -qO- https://直链)"
2. pubkey="ssh-xxxxx" #这里改成你的公钥
3. mkdir -p /root/.ssh/
4. chmod 700 /root/.ssh/
5. echo $pubkey > /root/.ssh/authorized_keys
6. chmod 600 /root/.ssh/authorized_keys
7. sshd_file="/etc/ssh/sshd_config"
8. cp -n $sshd_file /etc/ssh/sshd_config.bak
9. sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
10. sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
11. sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
12. sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
13. sed -i "s|#\?PermitRootLogin.*|PermitRootLogin yes|" $sshd_file
14. systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart