创建新用户
[root@localhost ~]# useradd cookie
设置cookie用户的密码
[root@localhost ~]# passwd cookie
新增窗口登录cookie用户
Xshell:\> ssh cookie@192.168.X.XX
权限测试
[root@localhost ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
root用户重启成功
[cookie@localhost ~]$ /etc/init.d/sshd restart
/etc/init.d/sshd: line 33: /etc/sysconfig/sshd: Permission denied
rm: cannot remove `/var/run/sshd.pid': Permission denied [FAILED]
Starting sshd: /etc/ssh/sshd_config: Permission denied
[FAILED]
[cookie@localhost ~]$ sudo /etc/init.d/sshd restart
cookie is not in the sudoers file. This incident will be reported.
cookie用户无权限,重启失败
修改/etc/sudoers配置
[root@localhost ~]# visudo -f /etc/sudoers
找到
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
修改为:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
cookie ALL=(ALL) ALL
保存,退出
cookie用户测试权限
[cookie@localhost ~]$ sudo /etc/init.d/sshd restart
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for cookie:
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
重启成功
在cookie用户中远程登录到root用户
在root用户下修改/etc/ssh/sshd_config文件
[root@localhost ~]# vi /etc/ssh/sshd_config
找到
#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
将PermitRootLogin yes 改为 PermitRootLogin no 并去掉前面的#
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
重启sshd服务器
完成