RHCE(网络)——桥接、免密登录、拒绝远程登陆

桥接：

[root@localhost ~]# nmcli c add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.15.222/24 ipv4.gateway 192.168.15.2 ipv4.dns 114.114.114.114 ipv4.method manual 
Connection 'br1' (de5a13ef-056a-4e8c-abd7-eb6bcb6bc825) successfully added.

[root@localhost ~]# nmcli connection add type bridge-slave con-name br1-port1 ifname ens224 master br1
Connection 'br1-port1' (1a5465f7-921a-4231-9a28-0c5072f6b492) successfully added.
[root@localhost ~]# nmcli c up br1-port1 
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/24)
[root@localhost ~]# nmcli c up br1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)

在windows上用CMD ping ：

断开ens160

[roo@localhost ~]$ nmcli d disconnect ens160
Device 'ens160' successfully disconnected.

使网桥只在ens224上，ping windows:

免密登录

如果家目录下没有 .ssh 文件，可以先执行一下操作：

[root@localhost ~]# ssh localhost

现在就有了

进入 .ssh

[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
known_hosts

产生公钥和私钥：

[root@localhost ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 此处不要输入密码，我是试验输入了密码
Enter same passphrase again: 123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RbOBLAkVCwIa9Fz9VCpCdZ4JEt1jA7KWMEXVHE6dW5U root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|+o.o=@OO==B.. ...|
|..o.=.B+OX+* . E |
|.  o =.o+*= o    |
|    . . .o .     |
|        S        |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

开启另一台虚拟机，ping一下通不通，然后用SSH登录（本是直接登录上的，因为此前输入过密码，所以此处需要密码）

[root@localhost ssh]# ssh root@192.168.15.130
The authenticity of host '192.168.15.130 (192.168.15.130)' can't be established.
ECDSA key fingerprint is SHA256:uaCrIib8FEIgsmJCack2K1d/dv8gre/T1KzJv3tXvbU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.15.130' (ECDSA) to the list of known hosts.
root@192.168.15.130's password: 
Last login: Mon Nov 22 21:52:28 2021
[root@localhost ~]# exit

输入 ​ssh-keygen -t rsa ，产生

                               公钥: id_rsa.pub

                               私钥: id_rsa

[root@localhost ssh]# cd ~
[root@localhost ~]# cd .ssh
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub  known_hosts

将公钥写入authorized_keys => 将公钥传递给远端的服务器

[root@localhost .ssh]# ssh-copy-id localhost
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@localhost's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'localhost'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

将authorized_keys拷贝到远端: /root/.ssh/

[root@localhost .ssh]# scp authorized_keys 192.168.15.130:~/.ssh/
root@192.168.15.130's password: 
authorized_keys                                   

登录远端服务器（不需密码直接登录）（此处有密码是因为前边输过）

[root@localhost .ssh]# ssh root@192.168.15.130
Enter passphrase for key '/root/.ssh/id_rsa': 
Last login: Mon Nov 22 22:09:48 2021 from ::1

在另一台虚拟机上同样的步骤

拒绝远程用户登录：
首先进入到 /etc/ssh , ls 可以看到sshd_config 的配置文件

[root@localhost ~]# cd /etc/ssh
[root@localhost ssh]# ls
moduli      ssh_config.d  ssh_host_ecdsa_key      ssh_host_ed25519_key      ssh_host_rsa_key
ssh_config  sshd_config   ssh_host_ecdsa_key.pub  ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub
[root@localhost ssh]# vim sshd_config

用VIM打开 ，将PermitRootLogin yes 的yes修改为no，就可以拒绝了