题目:让lufei用户将公钥密钥传递给服务器的namei ,这样让lufei可以以namei用户身份登录上服务器。
一、关闭防火墙、关闭核心防护
[root@server1 ~]# systemctl stop firewalld
[root@server1 ~]# setenforce 0
[root@server2 ~]# systemctl stop firewalld
[root@server2 ~]# setenforce 0
二、创建用户
[root@server1 ~]# useradd namei
[root@server1 ~]# passwd namei
更改用户 namei 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@server1 ~]#
[root@server2 ~]# useradd lufei
[root@server2 ~]# passwd lufei
更改用户 lufei 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
三、将客户机的用户lufei加入wheel组,并生成密码对
[root@server2 ~]# gpasswd -a lufei wheel
正在将用户“lufei”加入到“wheel”组中
[root@server2 ~]# su lufei
[lufei@server2 root]$ ssh-keygen -t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/home/lufei/.ssh/id_rsa):
Created directory '/home/lufei/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lufei/.ssh/id_rsa.
Your public key has been saved in /home/lufei/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PSq71so1yj3GSPVxomKbBf6jEGwY2/yVG9TrOKOa5xc lufei@server2
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| . . . |
| B ...oo.. |
| o *. oSo++ |
| . o=.E*.. |
| .ooXO.. |
| =*BO+ |
| o=@*.o |
+----[SHA256]-----+
四、将公钥对上传至服务器
[lufei@server2 root]$ cd /home/lufei/.ssh/
[lufei@server2 .ssh]$ sudo /usr/bin/scp id_rsa.pub namei@192.168.111.10:/tmp
The authenticity of host '192.168.111.10 (192.168.111.10)' can't be established.
ECDSA key fingerprint is SHA256:LCKq40JLJHerOEOjx7xuCqKdFUHO44vxmxSyOQJofWg.
ECDSA key fingerprint is MD5:0f:db:96:69:2e:15:1b:b2:59:e0:38:05:5c:bb:ca:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.111.10' (ECDSA) to the list of known hosts.
namei@192.168.111.10's password:
id_rsa.pub 100% 395 378.1KB/s 00:00
[root@server1 ~]# cd /tmp/
[root@server1 tmp]# ls -lh
总用量 16K
-rw-r--r--. 1 namei namei 395 9月 9 19:20 id_rsa.pub
五、服务器上将公钥导入特定账户的公钥数据库管理
[root@server1 ~]# mkdir /home/namei/.ssh
[root@server1 ~]# cat /tmp/id_rsa.pub >> /home/namei/.ssh/authorized_keys
六、客户机用服务器里的特定账户登录
[lufei@server2 ~]$ ssh namei@192.168.111.10
The authenticity of host '192.168.111.10 (192.168.111.10)' can't be established.
ECDSA key fingerprint is SHA256:LCKq40JLJHerOEOjx7xuCqKdFUHO44vxmxSyOQJofWg.
ECDSA key fingerprint is MD5:0f:db:96:69:2e:15:1b:b2:59:e0:38:05:5c:bb:ca:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.111.10' (ECDSA) to the list of known hosts.
[namei@server1 ~]$