- 配置两台主机
主机一
[root@server100 ~]# vmset.sh 100 //设置主机一:IP为172.25.254.100
2.配置主机名
· 主机名: server.example.com
[root@server100 ~]# hostnamectl hostname server.example.com //配置命令
[root@server100 ~]# hostnamectl //查看命令
Static hostname: server.example.com //查看内容
Icon name: computer-vm //查看内容
3. 建立用户timinglee
[root@server100 ~]# useradd timeinglee //配置命令
[root@server100 ~]# ls /home/ //查看命令
timeinglee //查看内容
4. 设置timinglee
[root@server100 ~]# passwd timeinglee //配置命令
更改用户 timeinglee 的密码 //查看内容
新的密码:
无效的密码: 密码少于 8 个字符
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
主机二
1.配置网络环境
[root@server200 ~]# vmset.sh 200 //设置主机一:IP为172.25.254.200
2.配置主机名
· 主机名: client.example.com
[root@server100 ~]# hostnamectl hostname client.example.com //配置命令
[root@server100 ~]# hostnamectl //查看命令
Static hostname: client.example.com //查看内容
- 免密远程登陆
(免密操作需要在客户端操作,安全优化参数须在服务端配置)
1.免密操作
主机二(非交互生成密钥)
[root@server200 ~]# ssh-keygen -f /root/.ssh/id_rsa -P ""//配置命令
Your identification has been saved in /root/.ssh/id_rsa //私钥
Your public key has been saved in /root/.ssh/id_rsa.pub //公钥
The key fingerprint is:
SHA256:Jh9bFLFVU7flw3g66zSC2w9NoG9cHWfD3Tc1M2Z8ITQ root@client.example.com
The key's randomart image is:
+---[RSA 3072]----+
| o.oE+O*|
| + O+%|
| o. . XO|
| .. . +.B|
| . S.. = . |
| + ++ + o |
| o. * = |
| + = . |
| . ..o |
+----[SHA256]-----+
[root@server200 ~]#
2.上传密钥到服务器
[root@server200 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub timeinglee@172.25.254.100
//命令配置
timeinglee@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'timeinglee@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
[root@server200 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.100
//命令配置
timeinglee@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
2. 安全优化参数
主机一(设置白名单确保只有root用户和timinglee用户可以被登录)
[root@server100 ~]# vim /etc/ssh/sshd_config //修改配置文件路径
:set nu //显示行号命令
39 #LoginGraceTime 2m
40 #PermitRootLogin prohibit-password
41 PermitRootLogin yes
42 AllowUsers timeinglee root //设置白名单只允许timeinglee和root登录
43 #StrictModes yes
44 #MaxAuthTries 6
45 #MaxSessions 10