@实验要求:使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
- 11作为服务端,28作为客户端
一、服务端首先安装服务
[root@localhost ~]# yum install openssh-server -y //安装openssh-server
[root@localhost ~]# vi /etc/ssh/sshd_config //修改服务端的配置文件
添加 port 2000 的端口
allowusers xiaoming xiaohei //添加白名单
[root@localhost ~]# useradd xiaoming //添加用户xiaoming
[root@localhost ~]# useradd xiaohei
[root@localhost ~]# echo redhat | passwd --stdin xiaoming //更改用户xiaoming的密码
Changing password for user xiaoming.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo redhat | passwd --stdin xiaohei
Changing password for user xiaohei.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# systemctl stop firewalld //关闭防火墙
[root@localhost ~]# setenforce 0
[root@localhost ~]# getenforce //更改permissive
Permissive
[root@localhost ~]# systemctl restart sshd //重启sshd服务
二、客户端配置
[root@localhost ~]# useradd xiaoming //添加用户xiaoming
[root@localhost ~]# echo redhat | passwd --stdin xiaoming
[root@localhost .ssh]# su - xiaoming //切换到xiaoming
Last login: Wed Oct 13 23:34:35 EDT 2021 on pts/0
[xiaoming@localhost ~]$ cd /home/xiaoming/.ssh //切到xiaoming用户的/home/xiaoming/.ssh下,创建秘钥对。
- 切换到xiaoming下,生成密钥对
[xiaoming@localhost .ssh]$ ssh-keygen -t rsa
- 查看创建的秘钥对
-
将xiaoming家目录下的公钥传到将要登录的服务端的xiaoming的家目录下的.ssh下
-
远程登录到服务端的xiaoming用户,查看家目录下是否有authrerized.keys文件,如果有则表明公钥传输成功。
[xiaoming@localhost .ssh]$ ssh xiaoming@192.168.126.129 -p 2000 //远程登陆到服务端的xiaoming用户
Last failed login: Thu Oct 14 09:07:21 EDT 2021 from 192.168.126.130 on ssh:notty
There were 3 failed login attempts since the last successful login.
[xiaoming@localhost ~]$ ll /home/xiaoming/.ssh //此时已经是服务端的xiaoming,查看家目录下是否有.keys的文件
total 4
-rw-------. 1 xiaoming xiaoming 584 Oct 14 09:09 authorized_keys
- 同上,将客户端的xiaoming用户下的公钥传到要登录的服务端的xiaohei用户的家目录下
[xiaoming@localhost .ssh]$ ssh-copy-id xiaohei@192.168.126.129 -p 2000 //远程登陆到服务端的xiaohei用户
[xiaoming@localhost .ssh]$ ssh xiaohei@192.168.126.129 -p 2000
[xiaohei@localhost ~]$ ll /home/xiaohei/.ssh //此时已经是服务端的xiaohei,查看家目录下是否有.keys的文件
- 因为root用户不在白名单中,所以没有权限登陆。