1. Generate a public/private key pair
Command to generate public/private key pair (Windows/Linux):
ssh-keygen -b 4096 -C 张三 -N password -f ./zhangsan-key
Parameter Description:
-
-b 4096
: indicates the length of the key, starting from 4096 is recommended. -
-C 张三
: Add a comment at the end of the public key, the table name is whose public key is this. -
-N password
: Set the private key password. This parameter can be omitted if you want to enter the password during the generation process. -
-f [file]
: Set the name of the generated key to save the file, after successful generation, you will get[file]
and[file].pub
two files.
public key and private key
ssh-keygen
command will generate two text files, one with .pub ending with only one line, which is the public key; the other without .pub ending, with many lines, which is the private key. The public key and the private key are an absolutely unique pair, in which the content of the public key can be made public, while the content of the private key needs to be carefully kept.
2. Use public/private key pair for SSH login
- Add the public key to the server's
.authorized_key
file. The format of the file is one public key per line. For example, if you want to log in the user user through the private key, append the content of the public key to the/home/user/.ssh/.authorized_key
file. - Add your private key to your SSH client (usually SSH clients can manage multiple private keys), and in the login settings, set the account name to user and the login mode to private key.
3. Save your private key
Your private key is very important, please keep it safe. It's just a text file, so it can be saved to your online notes. Be careful not to disclose the contents of your private key file, and do not let others copy your private key away.
In case your private key is copied
But others cannot use your private key directly. The last line of defense is the password you set when you created the private key to open the private key. Someone who stole your private key cannot open the private key without the password. But through brute force cracking, it is still possible to guess your password within a certain period of time.
So in case your private key is exposed, the safest way to deal with it is to regenerate the public/private key pair (of course you can't continue to use the original private key password!), then go to the server and replace you with the new public key existing public key.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用
。你还可以使用@
来通知其他用户。