4-2·Linux密码认证与SSH

1）配置ssh远程登录服务器

默认最小的CentOS&RHEL都安装了OpenSSH，所以我们不需要安装。

我们可以使用密码身份验证登录，但是不安全的很！

接下来增加安全级别。

[root@localhost ~]# vim /etc/ssh/sshd_config                   //ssh主配置文件

PermitRootLogin no                          //禁止Root通过SSh登录
PermitEmptyPasswords no                     //不保存密码
PasswordAuthentication yes                  //密码验证开启

[root@localhost ~]# systemctl restart sshd     //重启服务

[root@localhost ~]# firewall-cmd --add-service=ssh --permanent         //设置防火墙允许SSH通过
success
[root@localhost ~]# firewall-cmd --reload
success

2）设置SSH客户端

一般普通安装是拥有SSH的

[root@localhost ~]# yum -y install openssh-clients             //如果系统没有，安装一个客户端

[root@localhost ~]# ssh root@172.25.0.1                        //连接Linux，要求输入密码。（小伙伴不要用Root连）
The authenticity of host '172.25.0.1 (172.25.0.1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes      //创建秘钥，是否继续yes
Warning: Permanently added '172.25.0.1' (ECDSA) to the list of known hosts.
root@172.25.0.1's password:                                 //连接用户密码
Last failed login: Sun Jan  7 20:22:08 CST 2018 from 172.25.0.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Dec 28 20:14:09 2017 from 172.25.0.2
[root@localhost ~]# 

也可以写主机名链接

[root@localhost ~]# ssh root@localhost                     //连接Linux，要求输入密码。（小伙伴不要用Root连）
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password: 
Last login: Sun Jan  7 20:22:15 2018 from 172.25.0.1
[root@localhost ~]# 

我们可以检查cat /etc/passwd用户是否可以登录系统shell

root:x:0:0:root:/root:/bin/bash         //默认/bin/bash是可登陆系统
tcpdump:x:72:72::/:/sbin/nologin            //不可登录是sbin/nologin 

创建用户不允许登录shell

useradd -s /sbin/nologin <user>