一、创建子账户
创建用户tomcat
useradd tomcat
给已创建的用户tomcat设置密码
passwd tomcat
至此,将在/home下创建tomcat的目录
切换用户
su tomcat
二、在远程服务器上创建密钥对
[songfayuan@iZbp12uuh ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/songfayuan/.ssh/id_rsa): # 路径默认,直接回车
Created directory '/home/songfayuan/.ssh'.
Enter passphrase (empty for no passphrase): # 设置密钥密码,直接回车,不用设置
Enter same passphrase again:#再次输入密码,直接回车
Your identification has been saved in /home/songfayuan/.ssh/id_rsa.
Your public key has been saved in /home/songfayuan/.ssh/id_rsa.pub.
The key fingerprint is:
38:f1:a4:6d:d3:0e:99:c8:fa:1d:1d:48:86:f0:fe:74 songfayuan@iZbp12uuh.server.world
The key's randomart image is:
[songfayuan@iZbp12uuh ~]$ mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys #将id_rsa.pub中的公钥复制到authorized_keys中
[songfayuan@iZbp12uuh ~]$ chmod 600 ~/.ssh/authorized_keys #修改authorized_keys权限为拥有者可读写
三、将远程服务器上的私钥下载到本地用于登录远程服务器
我这里是使用的Mac,Windows的话可以使用工具下载,工具连接即可。
[songfayuan@www ~]$ mkdir ~/.ssh #创建文件夹
[songfayuan@www ~]$ chmod 700 ~/.ssh #修改文件夹权限为拥有者可'读,写,执行'
# copy the secret key to local ssh directory
[songfayuan@www ~]$ scp songfayuan@10.0.0.30:/home/songfayuan/.ssh/id_rsa ~/.ssh/ #将远程的私钥下载到本地,这要注意路径,如果用root登录的,路径是:/root/.ssh/id_rsa
songfayuan@10.0.0.30's password: #输入远程服务器密码
id_rsa
[songfayuan@www ~]$ ssh -i ~/.ssh/id_rsa songfayuan@10.0.0.30 #现在就可以用这条命令登录远程服务器了
Enter passphrase for key '/home/songfayuan/.ssh/id_rsa': # 刚才密钥没设置密码,所以不会出现
Last login: Wed Jul 30 21:37:19 2014 from www.server.world
[songfayuan@dlp ~]$ # 登录成功
四、简化登录
本地机器执行下面代码:
vim ~/.ssh/config
加入下面一段内容:
Host lzdev #别名
HostName 172.16.0.12 #ip服务器地址
Port 22 #端口
User songfayuan #登录名
IdentityFile ~/.ssh/id_rsa #私钥文件的路径
#删掉#号后面的中文,包括这句
上面配置完了之后就可以通过ssh lzdev
或者ssh 172.16.0.12
来登录远程服务器了
或者使用如下命令登录:
ssh -i ~/.ssh/id_rsa songfayuan@172.16.0.12
五、关闭远程服务器密码验证登录
vim /etc/ssh/sshd_config
找到PasswordAuthentication
将其值改为no
PasswordAuthentication no
最后用systemctl restart sshd
或者service sshd restart
重启SSH服务