1)配置ssh远程登录服务器
默认最小的CentOS&RHEL都安装了OpenSSH,所以我们不需要安装。
我们可以使用密码身份验证登录,但是不安全的很!
接下来增加安全级别。
[root@localhost ~]# vim /etc/ssh/sshd_config //ssh主配置文件
PermitRootLogin no //禁止Root通过SSh登录
PermitEmptyPasswords no //不保存密码
PasswordAuthentication yes //密码验证开启
[root@localhost ~]# systemctl restart sshd //重启服务
[root@localhost ~]# firewall-cmd --add-service=ssh --permanent //设置防火墙允许SSH通过
success
[root@localhost ~]# firewall-cmd --reload
success
2)设置SSH客户端
一般普通安装是拥有SSH的
[root@localhost ~]# yum -y install openssh-clients //如果系统没有,安装一个客户端
[root@localhost ~]# ssh root@172.25.0.1 //连接Linux,要求输入密码。(小伙伴不要用Root连)
The authenticity of host '172.25.0.1 (172.25.0.1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes //创建秘钥,是否继续yes
Warning: Permanently added '172.25.0.1' (ECDSA) to the list of known hosts.
root@172.25.0.1's password: //连接用户密码
Last failed login: Sun Jan 7 20:22:08 CST 2018 from 172.25.0.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Dec 28 20:14:09 2017 from 172.25.0.2
[root@localhost ~]#
也可以写主机名链接
[root@localhost ~]# ssh root@localhost //连接Linux,要求输入密码。(小伙伴不要用Root连)
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Last login: Sun Jan 7 20:22:15 2018 from 172.25.0.1
[root@localhost ~]#
我们可以检查cat /etc/passwd用户是否可以登录系统shell
root:x:0:0:root:/root:/bin/bash //默认/bin/bash是可登陆系统
tcpdump:x:72:72::/:/sbin/nologin //不可登录是sbin/nologin
创建用户不允许登录shell
useradd -s /sbin/nologin <user>