作业:使用client端的xiaoming用户基于秘钥认证方式通过2000端口使用ssh登录server端的xiaoming和xiaohei用户,server端的其他用户都不可被远程登录。
步骤如下: 一、server端配置 1、关闭防火墙和selinux
[root@jing ~]# systemctl stop firewalld [root@jing ~]# setenforce 0 [root@jing ~]# getenforce Permissive2、创建用户xiaoming和xiaohei
useradd xiaoming useradd xiaohei echo "redhat" | passwd --stdin xiaoming echo "redhat" | passwd --stdin xiaohei3、修改sshd的配置文件/etc/ssh/sshd_config ①修改端口号为2000 编辑配置文件在“#Port 22”这行下面加上下面一行
Port 2000②不允许root用户远程登录 编辑配置文件将原来的“PermitRootLogin yes”修改为下面一行
PermitRootLogin no③允许特定用户(xiaoming、xiaohei)远程登录 编辑配置文件添加下面一行:
AllowUsers xiaoming xiaohei④保存配置文件并退出
4、重启sshd服务
systemctl restart sshd二、client端配置 1、添加用户xiaoming
useradd xiaoming echo "redhat" | passwd --stdin xiaoming2、切换到用户xiaoming下,用命令生成密钥对
su - xiaoming ssh-keygen -t rsa [xiaoming@jing ~]$ cd .ssh [xiaoming@jing .ssh]$ ll total 8 -rw-------. 1 xiaoming xiaoming 1679 Oct 5 20:06 id_rsa -rw-r--r--. 1 xiaoming xiaoming 405 Oct 5 20:06 id_rsa.pub3、将生成的公钥文件复制到服务端需要登录的用户家目录下
ssh-copy-id xiaoming@192.168.150.103 -p 2000 ssh-copy-id xiaohei@192.168.150.103 -p 2000三、测试 在客户端用户为xiaomin时,使用ssh远程登录服务端的xiaoming和xiaohei用户,端口号为2000
ssh xiaoming@192.168.150.103 -p 2000 Last login: Mon Oct 5 07:55:53 2020 from 192.168.150.1 logout ssh xiaohei@192.168.150.103 -p 2000 Last failed login: Mon Oct 5 08:11:50 EDT 2020 from 192.168.150.100 on ssh:notty在服务端创建一个xiaohong用户,看能否在服务端远程登录成功 server端:
useradd xiaohong echo "redhat" | passwd --stdin xiaohongclient端
ssh xiaohong@192.168.150.103 -p 2000 xiaohong@192.168.150.103's password: Permission denied, please try again. xiaohong@192.168.150.103's password: Permission denied, please try again. xiaohong@192.168.150.103's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).