桥接，ssh免密登录

最新推荐文章于 2024-06-10 10:47:33 发布

XWX的博客

最新推荐文章于 2024-06-10 10:47:33 发布

阅读量621

点赞数

文章标签： linux ssh

本文链接：https://blog.csdn.net/m0_55753980/article/details/121527655

版权

本文介绍了如何在Linux中创建并配置桥接网络，包括设置桥接设备、分配IP地址，以及如何通过SSH实现用户权限管理和免密登录。还展示了SSH配置和权限设置的过程，以及在SSH免密登录过程中遇到的问题和解决方案。

摘要由CSDN通过智能技术生成

1.桥接

桥接就是把一台机器上的若干个网络接口连接起来，其结果是，其中一个网卡收到的报文会被复制给其他网卡发送出去。以使得网口之间的报文能够互相转发。
#创建一个桥接设备和会话

[root@localhost ~]# nmcli connection add type bridge con-name br1 ifname br1
#配置软件桥接网卡的IP地址、网关和地址获取方式
[root@localhost ~]# nmcli connection modify br1 ipv4.addresses 192.168.171.151/24
[root@localhost ~]# nmcli connection modify br1 ipv4.gateway 192.168.171.2
[root@localhost ~]# nmcli connection modify br1 ipv4.method manual
#添加从设备和会话到桥接设备
[root@localhost ~]# nmcli connection add type bridge-slave con-name br1-port0 ifname eno33554984 master br1
#启动从设备会话
[root@localhost ~]# nmcli connection up br1-port0 
#启动桥接会话
[root@localhost ~]# nmcli connection up br1

2.ssh：拒绝用户远程登录

[root@localhost ~]# vi /etc/ssh/sshd_config
#修改参数为no
PermitRootLogin no
#重启服务后生效，使用时使用普通用户进行登陆，需要使用root用户时再切换
[root@localhost ~]# service sshd restartsystemctl restart sshd.service

3.ssh免密登录

客户端

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cfYVGznusJVh6AsUzibcGrqAj5SQbjvwK7qrbEuta78 root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|          .. .o. |
| .     . +. . =+ |
|o       =.B. oo+ |
|.. o   . O..o.+  |
|.o+ . . S  ..*   |
|oooo . .    o .  |
| +o.. .          |
|+oo.             |
|XO=E.            |
+----[SHA256]-----+
[root@localhost ~]# ssh 192.168.145.135
The authenticity of host '192.168.145.135 (192.168.145.135)' can't be established.
ECDSA key fingerprint is SHA256:hBns1U2NVfd3ZJpTsYlnD78SlNqmJ/E1W/Mjml3FhjM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.145.135' (ECDSA) to the list of known hosts.
root@192.168.145.135's password: 
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Fri Nov 26 04:18:15 2021 from 192.168.145.

服务端

[root@localhost ~]# scp /root/.ssh/id_rsa.pub root@192.168.145.131:/root/.ssh/authorized_keys
The authenticity of host '192.168.145.131 (192.168.145.131)' can't be established.
ECDSA key fingerprint is SHA256:UQsHUboKtKIrMf4B/96XyS9RW/TQb8oN9QcD7buCKkU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.145.131' (ECDSA) to the list of known hosts.
root@192.168.145.131's password: 
Permission denied, please try again.
root@192.168.145.131: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
[root@localhost ~]# ssh 192.168.145.131
root@192.168.145.131's password: 
Permission denied, please try again.
root@192.168.145.131: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]# ssh 192.168.145.131
root@192.168.145.131's password: 
Permission denied, please try again.
root@192.168.145.131's password: 
root@192.168.145.131: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

如有错误，多多指正。