文章介绍了如何在Linux系统中为root和普通用户设置SSH免密登录,包括使用ssh-keygen生成密钥对,ssh-copy-id复制公钥到远程节点,以及通过编辑/etc/sudoers文件来授予普通用户执行特定命令的权限。
root下免密登陆
[root@server ~]# ssh-keygen -t RSA
# ssh-copy-id -i node1 //发送密钥
# ssh-copy-id -i node2
验证:
[root@server /]# ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 17:41:23 2022
[root@node1 ~]#
[root@server /]# ssh node1 hostname
node1.example.com
普通用户的免密登陆实现
[zx@server ~]$ ssh-keygen -t RSA
$ ssh-copy-id -i node1
$ ssh-copy-id -i node2
验证:
[zx@server /]$ ssh node1
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Fri Dec 30 18:51:37 2022 from 192.168.157.100
[zx@node1 ~]$
[zx@server /]$ ssh node1 hostname
node1.example.com
实现特权指定操作:
[zx@server /]$ ssh node1 sudo useradd user1
此时会报错,因为受控主机中没有该普通用户的权限
修改权限:
[root@node1 zx]# vim /etc/sudoers
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
zx ALL=(ALL) NOPASSWD: ALL //添加部分
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
[zx@server /]$ ssh node1 sudo useradd user1
[zx@server /]
[root@node1 zx]# id user1
uid=1001(user1) gid=1001(user1) groups=1001(user1)
扫一扫
4822
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
