环境:一台为客户端,一台为服务器,两个tcp连接正常。
服务器ip:192.168.10.40 普通用户名:lufoserver
客户机ip:192.168.10.20 用户名:lufoclient
步骤一:配置普通用户可以登陆ssh
切换到root权限后,通过vim打开vim /etc/ssh/sshd_config
#lufoserver为服务器的普通用户
# Authentication:
#LoginGraceTime 2m
AllowUsers lufoserver
步骤二:重启服务器ssh
[root@lufoserver lufoserver]# systemctl restart sshd.service
[root@lufoserver lufoserver]# systemctl enable sshd.service
步骤三:在客户端生成ssh-key,并通过ssh-copy-id将生成的公钥传到服务器
此步骤可以在普通用户下进行,实验采用lufoclient
[lufoclient@lufoclient ~]$ ssh-keygen #生成公钥
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lufoclient/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lufoclient/.ssh/id_rsa.
Your public key has been saved in /home/lufoclient/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BiezuJbreSWO3fF9UtIX4tFMLcrN/itte5Oas+28kD0 lufoclient@lufoclient.com
The key's randomart image is:
+---[RSA 2048]----+
| .|
| ...|
| + . . ++. |
| . * ooo+ |
| . . S .oo .|
| o..o ..* .|
| ++ + o . =.E.|
| ..o+ . . oo*=+|
| .+. *BB*|
+----[SHA256]-----+
[lufoclient@lufoclient ~]$ ssh-copy-id lufoserver@192.168.10.40 #连接远程服务器发送公钥
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
lufoserver@192.168.10.40's password:#输入服务器密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'lufoserver@192.168.10.40'"
and check to make sure that only the key(s) you wanted were added.
步骤四:在服务器端修改ssh配置,禁用密码登陆
vim /etc/ssh/sshd_config 修改如下后,进行重启
[root@lufoserver lufoserver]# vim /etc/ssh/sshd_config
[root@lufoserver lufoserver]# systemctl restart sshd.service
[root@lufoserver lufoserver]# systemctl enable sshd.service
#sshd_config配置文件
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
PermitEmptyPasswords no
#禁用采用密码进行输入
PasswordAuthentication no
步骤五:在客户端登陆,此时不用再次输入密码了
#登陆到远程
[lufoclient@lufoclient ~]$ ssh lufoserver@192.168.10.40
Last login: Fri Oct 4 13:47:40 2019 from 192.168.10.20 #登陆成功
#叉开lufoserver的home目录
[lufoserver@lufoserver ~]$ ls
Desktop Documents Downloads Music Pictures Public Templates Videos