1.主机1(server)
[root@server ~]$hostnamectl hostname server.example.com
[root@server ~]$reboot
[root@server ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.171.128 netmask 255.255.255.0 broadcast 192.168.171.255
[root@server ~]# useradd timinglee
[root@server ~]# passwd timinglee
更改用户 timinglee 的密码 。
新的密码:
无效的密码: 密码少于 8 个字符
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
2.主机2(client)
[zyq@client ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.171.130 netmask 255.255.255.0 broadcast 192.168.171.255
3.免密连接
[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): yes
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in yes
Your public key has been saved in yes.pub
The key fingerprint is:
SHA256:kaWM7zwwf1XQRc2OfAs5qyOpBK9IRo3AF3h5Rtjh9ig root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
| ..=o. . .. ++|
|.. +o+ o + .. o|
| o..oo. = .oo |
| o + o. . =o o|
| E +o.S . +..|
| . . o* . . . |
| o o= o . |
| o . o = o |
| . . .. . . |
+----[SHA256]-----+
4.测试
[root@client ~]$ ssh -l root 192.168.171.128
The authenticity of host '192.168.171.128 (192.168.171.128)' can't be established.
ED25519 key fingerprint is SHA256:1PZszx0MV2/P2Xg5kpTukarygvPpzc0MRGFDT6TI1/o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.171.128' (ED25519) to the list of known hosts.
root@192.168.171.128's password:
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Apr 22 00:02:40 2024
5.确保只有root 和timinglee用户可以被登录
[root@server ~]# vim /etc/ssh/sshd config
#PermitRootLogin prohibit-password
PermitRootLogin yes
AllowUsers timinglee
AllowUsers root
#StrictModes yes
[root@server ~]#systemctl restart sshd
6.测试
(1)root用户登录
[zyq@client ~]$ ssh -l root 192.168.171.128
root@192.168.171.128's password:
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last failed login: Mon Apr 22 00:42:38 CST 2024 from 192.168.171.130 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Mon Apr 22 00:07:01 2024 from 192.168.171.130
(2)timinglee用户登录
[root@client ~]# ssh -l timinglee 192.168.171.128
The authenticity of host '192.168.171.128 (192.168.171.128)' can't be established.
ED25519 key fingerprint is SHA256:1PZszx0MV2/P2Xg5kpTukarygvPpzc0MRGFDT6TI1/o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.171.128' (ED25519) to the list of known hosts.
timinglee@192.168.171.128's password:
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Apr 22 00:46:42 2024 from 192.168.171.130
以上就是今天的内容,谢谢大家的观看!!!