Linux服务

SSH认证配置

• server6生成公钥和私钥，将公钥放到IP为116.196.xx.xxx（你希望无密码登录的主机IP）主机对应文件中，即可实现，server6无密码访问
• 正常ssh登录，输入密码

-

[root@server6 ~]# ssh 116.196.xx.xxx
The authenticity of host '116.196.xx.xxx (116.196.82.222)' can't be established.
ECDSA key fingerprint is d3:5b:4a:ef:8e:00:41:a0:5e:80:ef:75:76:8a:a3:49.
Are you sure you want to continue connecting (yes/no)?** yes**
Warning: Permanently added '116.196.xx.xxx' (ECDSA) to the list of known hosts.
root@116.196.xx.xxx's password: 
Last login: Fri Sep  1 14:17:51 2017 from 111.204.243.7
Welcome to JCLOUD Elastic Compute Service

• 生成公钥私钥

-

[root@server6 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
12:94:ea:89:5a:e3:a4:3d:84:45:04:2a:ca:cc:87:e3 root@server6.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|.o.   ..         |
|. .  ..          |
|o.   ..          |
|* o .  .         |
|.O + .. S        |
|o O o  .         |
| E .             |
|o +              |
|   .             |
+-----------------+

-

[root@server6 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@server6 .ssh]# pwd
/root/.ssh

• 将公钥拷贝到116的机子上

-

[root@server6 ~]# ssh root@116.196.xx.xxx 'cat >>~/.ssh/authorized_keys'<~/.ssh/id_rsa.pub
root@116.196.xx.xxx's password: 

• 成功

-

[root@server6 ~]# ssh 116.196.xx.xxx
Last failed login: Fri Sep  1 14:24:52 CST 2017 from 111.204.243.7 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Fri Sep  1 14:21:22 2017 from 111.204.243.7
Welcome to JCLOUD Elastic Compute Service

• 假设你有这条命令:ssh-copy-id

-

[root@server6 ~]# ssh-copy-id 116.196.xx.xxx
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@116.196.xx.xxx's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '116.196.xx.xxx'"
and check to make sure that only the key(s) you wanted were added.

[root@server6 ~]# ssh 116.196.xx.xxx
Last login: Fri Sep  1 14:38:52 2017 from www.quberry.cn
Welcome to JCLOUD Elastic Compute Service
[root@liu ~]# 

sshd服务的简单配置

vim /etc/ssh/sshd_config    ###sshd服务的配置文件
 PermitRootLogin yes|no     ###是否允许root用户通过sshd的认证,48行
 PasswordAuthentication yes|no ###开启或关闭用户密码认证，78行
AllowUsers student westos   ###用户白名单，只允许在名单中出现的用户使用sshd服务
systemctl restart sshd      ###从新加载配置