密匙验证

加密是对信息进行编码和解码的技术，通过一定的算法将原本能被直接阅读的明文信息转换成密文形式。密匙即是密文的钥匙，有私钥和公钥之分。传输数据时，可以选择先用公钥对数据加密处理，然后再进行传送。这样，只有掌握了私钥的用户才能解密这段数据。除此之外的其他人即便截获了数据，也很难将其破译。简要说：使用公钥对数据进行加密，拥有对应私钥才能解密。

配置了密钥验证方式，sshd服务将更加安全。

1. 生成密匙对

在客户端中生成密匙对。在客户端！

zxinlog@rhel8 ~
$ ssh-keygen                                                                                         [15:28:41]
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zxinlog/.ssh/id_rsa):  密钥的存储路径，为空则直接enter
Enter passphrase (empty for no passphrase): 密钥的密码，或直接enter
Enter same passphrase again: 重复
Your identification has been saved in /home/zxinlog/.ssh/id_rsa.
Your public key has been saved in /home/zxinlog/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:e2gOZThp47/UYmKs+s8VnNsIrHkhGRjGnRCZNWNbFXY zxinlog@rhel8
The key's randomart image is:
+---[RSA 2048]----+
| .=B=...+.E      |
| .++o= . .       |
|  . o            |
|     + + .       |
|    o X S        |
|     B B O       |
|    o B @ +      |
|     = X o       |
|  .oo.o +.       |
+----[SHA256]-----+

2. 传递公钥文件

zxinlog@rhel8 ~
$ ssh-copy-id 192.168.0.114 （也可以用户@ip地址来指定用户）
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/zxinlog/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zxinlog@192.168.0.114's password: 此处输入服务器用户，什么用户就什么密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'zxinlog@192.168.0.114'"
and check to make sure that only the key(s) you wanted were added.

3. 让服务器只允许密钥验证，取消密码验证

zxinlog@server:~                                                                                                  
▶ sudo vim /etc/ssh/sshd_config

取消密码验证
	PasswordAuthentication no
	
重启ssh服务
systemctl restart sshd