远程连接服务

一.配置两台主机
主机1.
主机名: server.example.com
ip: 172.25.254.100
建立用户timinglee，其密码为timinglee

vmset.sh 100
[root@ntpserver ~]# hostnamectl hostname server.example.com
[root@ntpserver ~]# reboot

建立用户timinglee，其密码为timinglee
[root@server ~]# id timinglee
id: “timinglee”：无此用户
[root@server ~]# useradd timinglee
[root@server ~]# id timinglee
用户id=1005(timinglee) 组id=1005(timinglee) 组=1005(timinglee)
[root@server ~]# echo timinglee | passwd --stdin timinglee
更改用户 timinglee 的密码 。
passwd：所有的身份验证令牌已经成功更新。

主机2
主机名：client.example.com
ip: 172.25.254.200

 vmset.sh 200                             
[root@rever ~]# hostnamectl hostname client.example.com
[root@rever ~]# reboot

2.安需求完成项目
172.25.254.200 在远程登录172.25.254.100的root用户时需要免密连接
并确保只有root用户和timinglee用户可以被登录
（1）首先 主机172.25.254.100 为服务器端
开启远程连接ssh

[root@server .ssh]# ssh -l root 172.25.254.100 -p 22
root@172.25.254.100's password:
Permission denied, please try again.
root@172.25.254.100's password:
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr 20 13:21:33 2024 from 172.25.254.100

断开ssh连接：
[root@server ~]# exit
注销
Connection to 172.25.254.100 closed.

（1）设置交互式秘钥：（任选一种）
[root@server ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Q687FBN7kfNNsBHI5t4R2UTcY6hHtaqK4Nhll6nLwfw root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|         . o+O=o |
|        . B o=+oo|
|        .= +++...|
|       .+.o.o.o  |
|        S=...o   |
|      o .o+ o    |
|     . B.+ .     |
|    + = B..      |
|   . o =oE       |
+----[SHA256]-----+

（2）设置非交互式秘钥：（任选一种）
[root@server .ssh]# ssh-keygen -f /root/.ssh/id_rsa -P ""
Generating public/private rsa key pair.
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:/UdpZ+wzQLlbAhS33sZBgI1wmbL6pO6cbZcU7jH+Im0 root@server.example.com
The key's randomart image is:
+---[RSA 3072]----+
|         ..+Bo.. |
|         .o=..+  |
|          o. + . |
|         o .+ +o.|
|        S o .=+=+|
|       . . * o*+ |
|        + = =..o.|
|      ..o+ E .  o|
|      o=..+ o.   |
+----[SHA256]-----+

上传密钥到服务器
[root@server .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ED25519 key fingerprint is SHA256:tZ4VZB8seVa5KudOoZW1WhacpbI9wp9bRdQhy0pheyg.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: 172.252.254.128
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.

root用户测试结果：

[root@server .ssh]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr 20 13:23:53 2024 from 172.25.254.100

[root@server .ssh]# vim /etc/ssh/sshd_config

Port 2222

重启服务
[root@server .ssh]# systemctl restart sshd

更改端口后的root用户测试结果：

[root@server ~]# ssh -l root 172.25.254.100 -p 2222
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr 20 13:42:22 2024 from 172.25.254.100

编写白名单：
[root@server .ssh]# vim /etc/ssh/sshd_config

 36
 37 # Authentication:
 38
 39 #LoginGraceTime 2m
 40 #PermitRootLogin prohibit-password
 41 PermitRootLogin yes
 42 AllowUsers timinglee
 43 #StrictModes yes
 44 #MaxAuthTries 6
 45 #MaxSessions 10

重启服务
[root@server .ssh]# systemctl restart sshd

测试白名单：

[root@server ~]# ssh -l timinglee 172.25.254.100 -p 2222
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr 20 13:53:27 2024 from 172.25.254.100