部署环境
| Name | Version |
|---|---|
| CentOS 7 | 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux |
创建普通用户:
# tail -n2 /etc/passwd
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
# useradd user01
# tail -n2 /etc/passwd
chrony:x:998:996::/var/lib/chrony:/sbin/nologin
user01:x:1000:1000::/home/user01:/bin/bash修改普通用户密码:
# passwd user01
更改用户 user01 的密码 。
新的 密码:
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
# tail -n2 /etc/shadow
chrony:!!:17747::::::
user01:$6$gjFGJMEm$2JReki/pYBzsJqj0qkIExnEx7Q/u...xex3w/fxJ6JI05mOPMmLXf4QdsLvTBhfm5SnZnTetKAVtOkD2xfDnr1:17750:0:99999:7:::所有服务器要求只能普通用户登录,root只能普通用户sudo:
更改配置文件,搜索Root那行更改如下内容:
# vi /etc/ssh/sshd_config
把#PermitRootLogin yes改为PermitRootLogin no禁止root远程登录,保存并退出改完配置文件要重启服务:
# systemctl restart sshd.service密钥登录:
SSH登录是用的RSA非对称加密的,在SSH登录的时候就可以使用RSA密钥登录,SSH有专门创建SSH密钥的工具ssh-keygen。
执行命令ssh-keygen创建密钥对,执行过程中有交互过程,可以输入密钥密码也可以为空直接三次回车即可。
[root@zyshanlinux-04 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4odZd916XMzHfVl6wd18TsM/aaPzJX2znzIfN5N87pU root@zyshanlinux-04
The key's randomart image is:
+---[RSA 2048]----+
| |
| o.o|
| =B|
| . OX|
| . S . . o*&|
| . = . . +=O|
| + . ooEX|
| . oo+&|
| +*=|
+----[SHA256]-----+
密钥对生成后,会在/root/.ssh/目录下多次两个文件id_rsa私钥和id_rsa.pub公钥
[root@zyshanlinux-04 ~] # ls /root/.ssh
id_rsa id_rsa.pub接着把生成的公钥拷贝到需要登录的远程服务器上,这里可以使用ssh-copy-id命令,这时需要目标服务器的登录密码
[root@zyshanlinux-04 ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected] ##该命令需要在根目录上执行,如果在非根目录上执行则是:ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
拷贝公钥完成后,远程连接目标服务器,这时就不需要登录密码
[root@zyshanlinux-04 ~]# ssh '[email protected]'
Last login: Tue Aug 7 21:13:09 2018 from 192.168.106.132
[root@zyshanlinux-03 ~]#