centos下ssh 普通用户安全密钥登陆

最新推荐文章于 2022-11-14 20:27:52 发布

CPriLuke

最新推荐文章于 2022-11-14 20:27:52 发布

阅读量1.7k

点赞数

分类专栏： Linux 文章标签： ssh rsa

本文链接：https://blog.csdn.net/CPriLuke/article/details/102000729

版权

Linux 专栏收录该内容

25 篇文章 0 订阅

订阅专栏

环境：一台为客户端，一台为服务器，两个tcp连接正常。
服务器ip:192.168.10.40 普通用户名：lufoserver
客户机ip:192.168.10.20 用户名：lufoclient

步骤一：配置普通用户可以登陆ssh

切换到root权限后，通过vim打开vim /etc/ssh/sshd_config

#lufoserver为服务器的普通用户
# Authentication:
#LoginGraceTime 2m
AllowUsers lufoserver

步骤二：重启服务器ssh

[root@lufoserver lufoserver]# systemctl restart sshd.service 
[root@lufoserver lufoserver]# systemctl enable sshd.service

步骤三：在客户端生成ssh-key,并通过ssh-copy-id将生成的公钥传到服务器

此步骤可以在普通用户下进行，实验采用lufoclient

[lufoclient@lufoclient ~]$ ssh-keygen #生成公钥
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lufoclient/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/lufoclient/.ssh/id_rsa.
Your public key has been saved in /home/lufoclient/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BiezuJbreSWO3fF9UtIX4tFMLcrN/itte5Oas+28kD0 lufoclient@lufoclient.com
The key's randomart image is:
+---[RSA 2048]----+
|                .|
|              ...|
|      + .  . ++. |
|     . *    ooo+ |
|    . . S   .oo .|
|     o..o   ..* .|
|    ++ + o . =.E.|
|   ..o+ . . oo*=+|
|   .+.       *BB*|
+----[SHA256]-----+
[lufoclient@lufoclient ~]$ ssh-copy-id lufoserver@192.168.10.40 #连接远程服务器发送公钥
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
lufoserver@192.168.10.40's password:#输入服务器密码 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'lufoserver@192.168.10.40'"
and check to make sure that only the key(s) you wanted were added.

步骤四：在服务器端修改ssh配置，禁用密码登陆

vim /etc/ssh/sshd_config 修改如下后，进行重启

[root@lufoserver lufoserver]# vim /etc/ssh/sshd_config 
[root@lufoserver lufoserver]# systemctl restart sshd.service 
[root@lufoserver lufoserver]# systemctl enable sshd.service 

#sshd_config配置文件
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no
#禁用采用密码进行输入
PasswordAuthentication no

步骤五：在客户端登陆，此时不用再次输入密码了

#登陆到远程
[lufoclient@lufoclient ~]$ ssh lufoserver@192.168.10.40
Last login: Fri Oct  4 13:47:40 2019 from 192.168.10.20 #登陆成功

#叉开lufoserver的home目录
[lufoserver@lufoserver ~]$ ls
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos