<<<第九单元练习>>>

1.在desktop主机中建立用户westos,并设定其密码为westoslinux

2.配置desktop中的sshd服务要求如下:

*)设定sshd服务只允许westos用户可以被访问使用

*)创建westos用户的key认证方式

*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式

实验过程如下:

在服务器端的虚拟机下,创建用户westos 并设置密码

wKioL1f97q-Q1oG3AAFONFEk4Rs219.png-wh_50

添加用户白名单,

#vim /etc/ssh/sshd_config

在100行位置更改系统文件

wKiom1f97rDD7XwsAAE87C8XQt0165.png-wh_50

切换到客户端的虚拟机登录

wKioL1f98FCRqdQ8AAEVfquwyq0722.png-wh_50

重启sshd.service

#systemctl restart sshd.service

结果:

root登录失败,westos登录成功。


# ssh-keygen

生成公钥和私钥

wKioL1f97rLyL3w6AAEDq6ZJeA4578.png-wh_50

查看文件

wKiom1f97rKQGz1wAAB4SjkZ_1U460.png-wh_50

发送密钥给客户端

wKiom1f98b2jzp-hAAEnHHtKb0s920.png-wh_50

wKioL1f97rPR0EUqAAEnHHtKb0s999.png-wh_50

进入#vim /ect/ssh/sshd_config

wKiom1f97rSgpTlYAAFD_0wxTt4469.png-wh_50

重启sshd

删除authorzied_keys

再在客户端中登录,

    




1.ssh的key认证

 

#######生成key###########

[test@foundation0 ~]$ ssh-keygen ###生成公钥和私钥的工具

Generating public/private rsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件,使用默认

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase): ###密码,必须大于4位

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_rsa.

Your public key has been saved in /home/test/.ssh/id_rsa.pub.

The key fingerprint is:###确认密码

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|      .*+        |

|      +. o .     |

|     .. . E .    |

|       o + + *   |

|        S + * +  |

|       . * . o   |

|        . .      |

|                 |

|                 |

+-----------------+

[test@foundation0 .ssh]$ pwd

/home/test/.ssh###生成密钥存放位置

[test@foundation0 .ssh]$ ls

id_rsa  id_rsa.pub####id_rsa位私钥,id_rsa.pub位公钥

 

#####################使用key加密目标主机的目标用户############

[test@foundation0 ~]$  ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100

 

The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

westos@172.25.254.100's password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh 'westos@172.25.254.100'"

and check to make sure that only the key(s) you wanted were added.

 

 

 

 

 

ssh-copy-id####上传key的工具

-i####指定使用的公钥

/home/test/.ssh/id_rsa.pub#####使用公钥的名称

westos####被管理的目标用户

172.25.254.100####被管理用户所在主机的ip

 

 

authorized_keys###此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。

 

 

 

2.sshd服务的简单配置

vim /etc/ssh/sshd_config###sshd服务的配置文件

 

48 PermitRootLogin yes|no###是否允许root用户通过sshd的认证

78 PasswordAuthentication yes|no###开启或关闭用户密码认证

AllowUsers student westos###用户白名单,只允许在名单中出现的用户使用sshd服务

systemctl restart sshd###从新加载配置