1,首先设置服务端与客户端。
服务端:192.168.109.133
客户端:192.168.109.132
2,修改ssh服务的端口号
[root@server ~]# vim /etc/ssh/sshd_config
关闭服务端的防火墙和getenforce
[root@server ~]# systemctl stop firewalld #关闭防火墙
[root@server ~]# setenforce 0 #关闭强制匹配 0关1开
[root@server ~]# getenforce #查看关闭状态
Permissive
[root@server ~]# systemctl restart sshd #修改配置文件需要重启该程序生效
3,拒绝root用户远程登录
[root@server ~]# vim /etc/ssh/sshd_config
4,允许特定用户ssh登录,其他用户无法登录
5,公钥验证 免密登录
1.客户端生成一对公私钥
[root@client ~]# ssh-keygen -t rsa #--生成非对称秘钥,-t指定算法,rsa一种非对称算法
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #enter默认在该文件下创建
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #免密登录直接回车
Enter same passphrase again: #再次确认直接enter
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:PxURTLA772Rf9iskfzhSNIMn/n/EV9eBbPoWQkS/PBA root@client
The key's randomart image is:
+---[RSA 3072]----+
| +E=.. |
| o+= . |
| o.=. o|
| *oB. +|
| S + B++.o|
| . * =. +|
| o @ ..+|
| * B +o|
| o *o+|
+----[SHA256]-----+
2.查看创建的公私钥文件
[root@client ~]# ll .ssh/
total 8
-rw-------. 1 root root 2610 Jan 9 15:56 id_rsa#私钥
-rw-r--r--. 1 root root 576 Jan 9 15:56 id_rsa.pub #公钥
3.将公钥发送给服务端
[root@client ~]# ssh-copy-id 192.168.109.133
#把当前主机.ssh/id_rsa.pub 文件发送到133主机的~/.ssh/authorized_keys
或#scp .ssh/id_rsa.pub 192.168.10.130:/root/.ssh/authorized_keys
4.查看服务器下是否受到公钥信息
[root@server ~]# ll .ssh/
总用量 4
-rw-------. 1 root root 565 1月 18 10:44 authorized_keys
5.验证发起ssh来凝结不要任何验证
[root@client ~]# ssh 192.168.109.133
[root@server ~]#