一.配置两台主机
主机1.
主机名: server.example.com
[root@server100 ~]# hostnamectl hostname server.example.com
ip: 172.25.254.100
[root@server ~]# ifconfig eth0 172.25.254.100 netmask 255.255.255.0
[root@server ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::89a4:b684:8fa9:e02c prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:17:dd:cd txqueuelen 1000 (Ethernet)
RX packets 7613 bytes 2241218 (2.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6470 bytes 716815 (700.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
建立用户timinglee,其密码为timinglee
[root@server ~]# useradd timinglee
[root@server ~]# passwd timinglee
更改用户 timinglee 的密码 。
新的密码:
无效的密码: 密码包含用户名在某些地方
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
主机2
主机名:client.example.com
[root@server200 ~]# hostnamectl hostname client.example.com
ip: 172.25.254.200
[root@client ~]# ifconfig eth0 172.25.254.200 netmask 255.255.255.0
[root@client ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::d117:f05:e6b3:9cc7 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:b1:02:c8 txqueuelen 1000 (Ethernet)
RX packets 15532 bytes 2881134 (2.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12620 bytes 1303203 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
......
2.安需求完成项目
172.25.254.200 在远程登录172.25.254.100的root用户时需要免密连接
[root@client ~]# ssh-keygen
[root@client .ssh]# ssh-copy-id -i id_rsa.pub root@172.25.254.100
......
root@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
[root@client .ssh]# ssh -i root 172.25.254.100
Warning: Identity file root not accessible: No such file or directory.
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Apr 22 09:19:22 2024 from 172.25.254.1
[root@server ~]#
确保只有root用户和timinglee用户可以被登录
[root@server ~]# vim /etc/ssh/sshd_config
Port 22222
PermitRootLogin yes
[root@server ~]# systemctl restart sshd
[root@server ~]# netstat -antlupe | grep sshd
tcp 0 0 0.0.0.0:22222 0.0.0.0:* LISTEN
......
[root@client .ssh]# ssh -i root 172.25.254.100 -p 22222
Warning: Identity file root not accessible: No such file or directory.
ssh: connect to host 172.25.254.100 port 22222: No route to host
[root@client .ssh]#