任务:使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
1.在server端创建xiaoming和xiaohei用户配置密码
[root@Server ~]# useradd xiaoming
[root@Server ~]# useradd xiaohei
[root@Server ~]# echo redhat | passwd --stdin xiaoming
[root@Server ~]# echo redhat | passwd --stdin xiaohei
2.在server端进入配置修改端口和允许登录
[root@Server ~]# vim /etc/ssh/sshd_config
18 Port 2000
150 allowusers xiaoming xiaohei
3.在客户端添加用户和密码
[root@client ~]# passwd xiaoming
[root@client ~]# echo redhat | passwd --stdin xiaoming
4.在客户端创建秘钥文件
[root@client ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:PY9UwsQci5dPxMhKmY/gn7qmr9zsOrpe9OBwQSc+TYY root@client
The key's randomart image is:
+---[DSA 1024]----+
| o.+ *o+. |
| oE*. ++=+. |
| +..o.+* o |
| o. oo.= |
| . + .S.+ . |
| = o o. + |
| o .. . . |
| o.oo |
| .+o=O*. |
+----[SHA256]-----+
5.可以在客户端上查看密钥文件是否存在
[root@client ~]# cd .ssh/
[root@client .ssh]# ll
total 12
-rw-------. 1 root root 1369 Aug 8 14:19 id_dsa
-rw-r--r--. 1 root root 601 Aug 8 14:19 id_dsa.pub
-rw-r--r--. 1 root root 177 Aug 8 14:19 known_hosts
6.将客户端上的公钥信息传递给服务端的两个用户
[xiaoming@client .ssh]$ ssh-copy-id xiaoming@192.168.175.129
[xiaoming@client .ssh]$ ssh-copy-id xiaohei@192.168.175.129
7.传递过去之后再服务端查看密钥信息
[root@Server ~]# ll /home/xiaoming/.ssh/
total 4
-rw-------. 1 xiaoming xiaoming 1170 Aug 8 14:35 authorized_keys
[root@Server ~]# ll /home/xiaohei/.ssh/
total 4
-rw-------. 1 xiaohei xiaohei 569 Aug 8 14:36 authorized_keys
8.在服务端ssh配置信息中修改密码登录为no
[root@Server ~]# vim /etc/ssh/sshd_config
74 PasswordAuthentication no
9.可以在客户端测试登录上服务端的xiaoming,xiaohei用户
[xiaoming@client .ssh]$ ssh xiaohei@192.168.175.129 -p 2000 -i id_rsa
Enter passphrase for key 'id_rsa':
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Aug 8 12:35:53 2021
[xiaohei@Server ~]$
登录配置完成,任务也完成。
感谢观看,希望对你也有帮助。