RHCE第二次作业

简介: RHCE第二次作业

1.实现ssh免密登录

主机client免密登录主机server

(1)保证sshd服务开启

[root@client .ssh]# systemctl start sshd
[root@client .ssh]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pre>
   Active: active (running) since Tue 2022-07-26 21:02:26 CST; 9min ago

(2)在/root/.ssh/目录下生成一对私钥和公钥

[root@client .ssh]# ssh-keygen -t rsa                     #生成一对私钥和公钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):       #默认,回车
Enter passphrase (empty for no passphrase):                    #默认,回车
Enter same passphrase again:                                   #默认,回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/coLWhCCXteokxoqGQEXqZcMBM6QluWORcRrgkE/YsA root@client
The key's randomart image is:
+---[RSA 3072]----+
|X+B*             |
|XE=o   o         |
|+X.*+ + .        |
|++O+.= . .       |
|.o=.+ . S .      |
| + o . .   .     |
|+ .     o   .    |
|.      o o .     |
|      .   +.     |
+----[SHA256]-----+
 
[root@client .ssh]# ll /root/.ssh
total 8
-rw-------. 1 root root 2602 Jul 26 21:19 id_rsa
-rw-r--r--. 1 root root  565 Jul 26 21:19 id_rsa.pub 

(3)将client的公钥写入server的/root/.ssh/authorized_keys文件中

[root@client .ssh]# ssh-copy-id root@192.168.5.128    # 若没有/root/.ssh/authorized_keys文件则会自动创建
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.5.128 (192.168.5.128)' can't be established.
ECDSA key fingerprint is SHA256:DfhFDt2EwYv+iqoMPJSjQ7AcULIMg+o3BDENpQrTioQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes    # 输入yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.5.128's password:             # 输入server主机root用户的密码
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@192.168.5.128'"
and check to make sure that only the key(s) you wanted were added.

(4)在client登录server主机——无需输入密码,实现免密登录

[root@client .ssh]# ssh 192.168.5.128
Activate the web console with: systemctl enable --now cockpit.socket
 
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
 
Last login: Tue Jul 26 21:06:12 2022 from 192.168.5.1
[root@server ~]# 
 
[root@server ~]# ll /root/.ssh
total 4
-rw------- 1 root root 565 Jul 26 21:26 authorized_keys


ssh设置只允许student1, student2用户登录

(1)创建student1、student2用户

[root@server ssh]# useradd student1 -p redhat
[root@server ssh]# useradd student2 -p redhat

(2)修改配置文件/etc/ssh/sshd_config

[root@server ssh]# vim sshd_config 
…………
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
AllowUsers student1 student2        #在最后一行添加此内容

(3)重启sshd服务

[root@server ssh]# systemctl restart sshd

(4)登录测试

[C:\~]$ ssh student1@192.168.5.128            #登录成功
 
 
Connecting to 192.168.5.128:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
 
Activate the web console with: systemctl enable --now cockpit.socket
 
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
 
Last failed login: Tue Jul 26 21:49:08 CST 2022 from 192.168.5.1 on ssh:notty
There were 8 failed login attempts since the last successful login.
/usr/bin/xauth:  file /home/student1/.Xauthority does not exist
[student1@server ~]$ 
 
[C:\~]$ ssh student2@192.168.5.128                #登录成功
 
 
Connecting to 192.168.5.128:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
 
Activate the web console with: systemctl enable --now cockpit.socket
 
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
 
/usr/bin/xauth:  file /home/student2/.Xauthority does not exist
[student2@server ~]$ 
 
[C:\~]$ ssh redhat@192.168.5.128                    #其他用户如redhat无法登录
 
 
Connecting to 192.168.5.128:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Connection closing...Socket close.
 
Connection closed by foreign host.
 
Disconnected from remote host(192.168.5.128:22) at 21:57:32.
 
Type `help' to learn how to use Xshell prompt.
 
[C:\~]$ ssh root@192.168.5.128                    #root用户也无法登录
 
 
Connecting to 192.168.5.128:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Connection closing...Socket close.
 
Connection closed by foreign host.
 
Disconnected from remote host(192.168.5.128:22) at 21:56:06.
 
Type `help' to learn how to use Xshell prompt.
 
相关文章
|
8月前
|
测试技术
第二次使用脚本后想学点东西:grep
第二次使用脚本后想学点东西:grep
49 0
|
7月前
|
运维 Serverless 数据处理
函数计算产品使用问题之遇到生成没有反应、中止也不行,以及刷新后队列积累的问题,该怎么办
函数计算产品作为一种事件驱动的全托管计算服务,让用户能够专注于业务逻辑的编写,而无需关心底层服务器的管理与运维。你可以有效地利用函数计算产品来支撑各类应用场景,从简单的数据处理到复杂的业务逻辑,实现快速、高效、低成本的云上部署与运维。以下是一些关于使用函数计算产品的合集和要点,帮助你更好地理解和应用这一服务。
|
5月前
|
监控 Linux Shell
但凡我早点知道这个Linux批量ping的脚本,也不至于现在还单身!
但凡我早点知道这个Linux批量ping的脚本,也不至于现在还单身!
121 1
|
8月前
|
Linux 网络安全
Rhce 第二次作业
Rhce 第二次作业
55 3
|
8月前
|
数据安全/隐私保护
Rhce 第三次作业
Rhce 第三次作业
48 2
|
8月前
rhce第五次作业
rhce第五次作业
52 1
|
8月前
|
缓存 网络协议
RHCE第四次作业
RHCE第四次作业
36 1
|
8月前
|
Linux 开发工具
RHCE第一次作业
RHCE第一次作业
50 2
|
8月前
|
调度 开发工具
Rhce 作业1
Rhce 作业1
57 1
|
8月前
|
网络安全
RHCE第5次作业
RHCE第5次作业
39 1

热门文章

最新文章

下一篇
开通oss服务