1.实现ssh免密登录
主机client免密登录主机server
(1)保证sshd服务开启
[root@client .ssh]# systemctl start sshd [root@client .ssh]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pre> Active: active (running) since Tue 2022-07-26 21:02:26 CST; 9min ago
(2)在/root/.ssh/目录下生成一对私钥和公钥
[root@client .ssh]# ssh-keygen -t rsa #生成一对私钥和公钥 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): #默认,回车 Enter passphrase (empty for no passphrase): #默认,回车 Enter same passphrase again: #默认,回车 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:/coLWhCCXteokxoqGQEXqZcMBM6QluWORcRrgkE/YsA root@client The key's randomart image is: +---[RSA 3072]----+ |X+B* | |XE=o o | |+X.*+ + . | |++O+.= . . | |.o=.+ . S . | | + o . . . | |+ . o . | |. o o . | | . +. | +----[SHA256]-----+ [root@client .ssh]# ll /root/.ssh total 8 -rw-------. 1 root root 2602 Jul 26 21:19 id_rsa -rw-r--r--. 1 root root 565 Jul 26 21:19 id_rsa.pub
(3)将client的公钥写入server的/root/.ssh/authorized_keys文件中
[root@client .ssh]# ssh-copy-id root@192.168.5.128 # 若没有/root/.ssh/authorized_keys文件则会自动创建 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.5.128 (192.168.5.128)' can't be established. ECDSA key fingerprint is SHA256:DfhFDt2EwYv+iqoMPJSjQ7AcULIMg+o3BDENpQrTioQ. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes # 输入yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.5.128's password: # 输入server主机root用户的密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.5.128'" and check to make sure that only the key(s) you wanted were added.
(4)在client登录server主机——无需输入密码,实现免密登录
[root@client .ssh]# ssh 192.168.5.128 Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register Last login: Tue Jul 26 21:06:12 2022 from 192.168.5.1 [root@server ~]# [root@server ~]# ll /root/.ssh total 4 -rw------- 1 root root 565 Jul 26 21:26 authorized_keys
ssh设置只允许student1, student2用户登录
(1)创建student1、student2用户
[root@server ssh]# useradd student1 -p redhat [root@server ssh]# useradd student2 -p redhat
(2)修改配置文件/etc/ssh/sshd_config
[root@server ssh]# vim sshd_config ………… # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server AllowUsers student1 student2 #在最后一行添加此内容
(3)重启sshd服务
[root@server ssh]# systemctl restart sshd
(4)登录测试
[C:\~]$ ssh student1@192.168.5.128 #登录成功 Connecting to 192.168.5.128:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register Last failed login: Tue Jul 26 21:49:08 CST 2022 from 192.168.5.1 on ssh:notty There were 8 failed login attempts since the last successful login. /usr/bin/xauth: file /home/student1/.Xauthority does not exist [student1@server ~]$ [C:\~]$ ssh student2@192.168.5.128 #登录成功 Connecting to 192.168.5.128:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. Activate the web console with: systemctl enable --now cockpit.socket This system is not registered to Red Hat Insights. See https://cloud.redhat.com/ To register this system, run: insights-client --register /usr/bin/xauth: file /home/student2/.Xauthority does not exist [student2@server ~]$ [C:\~]$ ssh redhat@192.168.5.128 #其他用户如redhat无法登录 Connecting to 192.168.5.128:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. Connection closing...Socket close. Connection closed by foreign host. Disconnected from remote host(192.168.5.128:22) at 21:57:32. Type `help' to learn how to use Xshell prompt. [C:\~]$ ssh root@192.168.5.128 #root用户也无法登录 Connecting to 192.168.5.128:22... Connection established. To escape to local shell, press 'Ctrl+Alt+]'. Connection closing...Socket close. Connection closed by foreign host. Disconnected from remote host(192.168.5.128:22) at 21:56:06. Type `help' to learn how to use Xshell prompt.
