简单私钥认证方式练习

题目：使用client的xiaoming用户基于秘钥认证方式使用ssh登录server端的xiaoming用户和xiaohei用户。

首先按照题目要求创建测试用户

[root@server1 ~]# useradd xiaoming
[root@server1 ~]# useradd xiaohei
[root@server1 ~]# echo 123456 | passwd --stdin xiaoming
Changing password for user xiaoming.
passwd: all authentication tokens updated successfully.
[root@server1 ~]# echo 123456 | passwd --stdin xiaohei
Changing password for user xiaohei.
passwd: all authentication tokens updated successfully.

登录xiaoming用户创建密钥并远程登陆client端的xiaoming用户和小黑用户

[root@server1 ~]# su - xiaoming
[xiaoming@server1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa): 
Created directory '/home/xiaoming/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/xiaoming/.ssh/id_rsa.
Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vaYk0s8dSrBPxtQ3KUOx2dmU9xOlG8RWhtCoZ2rDphs xiaoming@server1.local
The key's randomart image is:
+---[RSA 3072]----+
|          . .=o+=|
|           =.=*+.|
|          +.o.+.o|
|         +. o. +.|
|      . S.=++ . .|
|     . =  *= .   |
|    . + E++.     |
|     . X.* .     |
|        B..      |
+----[SHA256]-----+

秘钥创建完成，进行下一步，复制公钥到远程主机

[xiaoming@server1 ~]$ cd .ssh/
[xiaoming@server1 .ssh]$ ll
total 8
-rw-------. 1 xiaoming xiaoming 2655 Nov 14 13:24 id_rsa
-rw-r--r--. 1 xiaoming xiaoming  576 Nov 14 13:24 id_rsa.pub
[xiaoming@server1 .ssh]$ ssh-copy-id xiaoming@192.168.210.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xiaoming/.ssh/id_rsa.pub"
The authenticity of host '192.168.210.129 (192.168.210.129)' can't be established.
ECDSA key fingerprint is SHA256:OOwgHCMX8Vls1DSTffYRjffcRbnEiNGQ4bJwj3DvqOQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
xiaoming@192.168.210.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'xiaoming@192.168.210.129'"
and check to make sure that only the key(s) you wanted were added.

[xiaoming@server1 .ssh]$ ssh-copy-id xiaohei@192.168.210.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xiaoming/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
xiaohei@192.168.210.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'xiaohei@192.168.210.129'"
and check to make sure that only the key(s) you wanted were added.

公钥复制完毕，进行远程登录

[xiaoming@server1 .ssh]$ ssh xiaoming@192.168.210.129
Enter passphrase for key '/home/xiaoming/.ssh/id_rsa': 
hello!
4.18.0-348.el8.x86_64
server1.local
/bin/bash
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Mon Nov 14 13:23:25 2022
[xiaoming@server1 ~]$ exit
logout
Connection to 192.168.210.129 closed.
[xiaoming@server1 .ssh]$ ssh xiaohei@192.168.210.129
Enter passphrase for key '/home/xiaoming/.ssh/id_rsa': 
hello!
4.18.0-348.el8.x86_64
server1.local
/bin/bash
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

[xiaohei@server1 ~]$ exit
logout
Connection to 192.168.210.129 closed.
[xiaoming@server1 .ssh]$