[root@localhost ~]# vim /etc/ssh/sshd_config
PermitRootLogin no //禁止用root用户登录
87 systemctl restart sshd
88 systemctl status sshd
[root@localhost ~]# !87
systemctl restart sshd
[root@rootroom9pc01 ~]# ssh -X root@192.168.4.4
root@192.168.4.4's password:
Permission denied, please try again.
可以用普通用户登录后用su 和 sudo命令切换root用户权限
[root@localhost ~]# su - sudoadm
上一次登录:一 7月 16 09:34:33 CST 2018pts/0 上
[sudoadm@localhost ~]$ sudo -l
[sudo] sudoadm 的密码:
匹配 %2$s 上 %1$s 的默认条目:
!visiblepw, always_set_home, match_group_by_gid, env_reset,
env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, logfile=/var/log/sudo
用户 sudoadm 可以在 localhost 上运行以下命令:
(ALL) ALL
[sudoadm@localhost ~]$ su -
密码:
上一次登录:一 7月 16 09:59:05 CST 2018tty1 上
最后一次失败的登录:一 7月 16 10:03:57 CST 2018从 192.168.4.254ssh:notty 上
最有一次成功登录后有 1 次失败的登录尝试。
[root@localhost ~]#
[sudoadm@localhost ~]$ su -
密码:
上一次登录:一 7月 16 10:05:06 CST 2018pts/0 上
[root@localhost ~]# whoami
root
[root@localhost ~]# vim /etc/ssh/sshd_config
PermitRootLogin yes
[root@localhost ~]# systemctl restart sshd //重启sshd服务
[root@rootroom9pc01 ~]# ssh -X root@192.168.4.4 //测验root用户可以登录
root@192.168.4.4's password:
Last login: Mon Jul 16 10:07:01 2018
[root@localhost ~]#
其他参数
vim /etc/ssh/sshd_config
Protocol 2 //SSH协议第二版本
PermitRootLogin no //禁止root用户登录
PermitEmptyPasswords no //禁止密码为空的用户登录
UserDNS no //不解析客户机地址
LoginGraceTime 1m //登录限时
MaxAuthTries 3 //每连接最多认证次数
最后重启sshd服务 systemctl restart sshd
将服务器上用户mat用户(如无该账户先创建)的密码设置为空,尝试SSH登录,也会失败
[root@localhost ~]# useradd mat
[root@localhost ~]# passwd mat
更改用户 mat 的密码 。
新的 密码:
无效的密码: 密码是一个回文
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@localhost ~]# passwd -d mat
清除用户的密码 mat。
passwd: 操作成功
[root@localhost ~]#
[root@rootroom9pc01 ~]# ssh -X mat@192.168.4.4
mat@192.168.4.4's password:Permission denied, please try again.
mat@192.168.4.4's password:
Permission denied, please try again.
mat@192.168.4.4's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@rootroom9pc01 ~]#
[root@localhost ~]# vim /etc/ssh/sshd_config
AllowUsers zhangsan tom useradm@192.168.4.0/24 //定义账户白名单
##DenyUsers USER1 USER2 //定义账户黑名单
##DenyGroups GROUP1 GROUP2 //定义组黑名单
##AllowGroups GROUP1 GROUP2 //定义组白名单
[root@localhost ~]# systemctl restart sshd
[root@rootroom9pc01 ~]# ssh useradm@192.168.4.4
useradm@192.168.4.4's password:
[useradm@localhost ~]$
[root@rootroom9pc01 ~]# ssh root@192.168.4.4root@192.168.4.4's password:
Permission denied, please try again.
root@192.168.4.4's password:
Permission denied, please try again.
root@192.168.4.4's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@rootroom9pc01 ~]#
[root@localhost ~]# vim /etc/ssh/sshd_config
#AllowUsers zhangsan tom useradm@192.168.4.0/24
[root@rootroom9pc01 ~]# ssh root@192.168.4.4root@192.168.4.4's password:
Last failed login: Mon Jul 16 11:26:59 CST 2018 from 192.168.4.254 on ssh:notty
There were 3 failed login attempts since the last successful login.
Last login: Mon Jul 16 11:23:13 2018 from 192.168.4.254
[root@localhost ~]#