RHCE第三次作业

内容

使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户，server端的其他用户都不可被远程登录。

一、server端配置

1.在根下创建两个用户xiaoming xiaohei

[root@localhost ~]# useradd xiaoming
[root@localhost ~]# useradd xiaohei
[root@localhost ~]# echo redhat | passwd --stdin xiaoming
Changing password for user xiaoming.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo redhat | passwd --stdin xiaohei
Changing password for user xiaohei.
passwd: all authentication tokens updated successfully.

2.编辑配置文件

[root@localhost ~]# vim /etc/ssh/sshd_config

在port 22 下面写上 port 2000
将permitrootlogin yes 改为 no，并在下面加上想要允许远程登录的用户
allowusers xiaoming xiaohei

3.关闭防火墙,重启服务

[root@jing ~]# systemctl stop firewalld
[root@jing ~]# setenforce 0
[root@localhost ~]# systemctl restart sshd

二、client端配置

1.切换到用户xiaoming下，用命令生成密钥对

[root@localhost ~]# su - xiaoming
[xiaoming@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa): /home/xiaoming/.ssh/id_rsa

Created directory ‘/home/xiaoming/.ssh’.
Enter passphrase (empty for no passphrase):

Enter same passphrase again:
Your identification has been saved in /home/xiaoming/.ssh/id_rsa.
Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qzmLt7cqcP0x5s5LDtBxQ6jQAp63Xo3fNebptlY+7hs xiaoming@localhost.localdomain
The key’s randomart image is:
±–[RSA 3072]----+
|… . … |
|. + . … |
| o + … o |
| . o.oo . |
| …+…S + |
| o o.o =.+ o. |
| + .=o+ ooE |
| …oB+ .o o. |
| .oBooo++o |
±—[SHA256]-----+
[xiaoming@localhost ~]$ cd /home/xiaoming/.ssh
[xiaoming@localhost .ssh]$ ll
total 8
-rw-------. 1 xiaoming xiaoming 2675 Aug 4 04:55 id_rsa
-rw-r–r--. 1 xiaoming xiaoming 584 Aug 4 04:55 id_rsa.pub
[xiaoming@localhost ~]$ cd /home/xiaoming/.ssh
[xiaoming@localhost .ssh]$ ll
total 8
-rw-------. 1 xiaoming xiaoming 2675 Aug 4 04:55 id_rsa
-rw-r–r--. 1 xiaoming xiaoming 584 Aug 4 04:55 id_rsa.pub

2.将生成的公钥文件复制到服务端需要登录的用户家目录下

[xiaoming@localhost .ssh]$ ssh-copy-id xiaohei@192.168.18.129 -p 2000
[xiaoming@localhost .ssh]$ ssh-copy-id xiaohei@192.168.18.129 -p 2000

三 、server端创建一个xiaohong用户，并使用xiaohong用户远程连接是否成功

[root@localhost ~]# useradd xiaohong
[root@localhost ~]# echo redhat | passwd --stdin xiaohong
Changing password for user xiaohong.
passwd: all authentication tokens updated successfully.

[root@localhost ~]# ssh xiaohong@192.168.18.129 -p 2000
The authenticity of host ‘[192.168.18.129]:2000 ([192.168.18.129]:2000)’ can’t be established.
ECDSA key fingerprint is SHA256:W4FO/ZtSRA8dlXRNgvNffS/bA8FlJ2naLJxBw2lcErs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added ‘[192.168.18.129]:2000’ (ECDSA) to the list of known hosts.
xiaohong@192.168.18.129’s password:
Permission denied, please try again.
xiaohong@192.168.18.129’s password:
Permission denied, please try again.
xiaohong@192.168.18.129’s password:
xiaohong@192.168.18.129: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).