提前准备使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
- 准备两台虚拟机,一台作为Client,一台作为Server
[root@localhost ~]# yum install openssh-server -y编辑服务器端ssh配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config
添加2000端口
添加白名单用户 xiaoming、xiaohei
root@localhost ~]# su - xiaoming 上一次登录:四 9月 30 19:24:20 CST 2021pts/1 上 [xiaoming@localhost ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa): Created directory '/home/xiaoming/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xiaoming/.ssh/id_rsa. Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Egd04lj2kQKqA/mgGUAypp6CvcMOTg0UqOe++83LBy8 xiaoming@localhost.localdomain The key's randomart image is: +---[RSA 3072]----+ |*+ .o* o. | |*o.. =.=.. | |B.. . o.o | |BBo o | |B*o . S | |.o+. .. | |.o+. o | |oo.. +E o | | .++. =+ | +----[SHA256]-----+将客户端(client)产生的公钥传给服务端(sever)的用户xiaoming和xiaohei家目录下.ssh/authorized_keys文件
[xiaoming@localhost ~]$ ssh-copy-id xiaoming@192.168.30.130 -p 2000 [xiaoming@localhost ~]$ ssh-copy-id xiaohei@192.168.30.130 -p 2000
在客户端用户为xiaoming时,使用ssh远程登录服务端的xiaoming和xiaohei用户,端口号为2000
[root@localhost ~]# ssh xiaoming@192.168.30.130 -p 2000 [root@localhost ~]# ssh xiaohei@192.168.30.130 -p 2000测试·二
创建一个小红用户,并使用小红用户远程连接小明或者小黑
[root@localhost ~]# useradd xiaohong en[root@localhost ~]# echo redhat | passwd --stdin xiaohong 更改用户 xiaohong 的密码 。 passwd:所有的身份验证令牌已经成功更新。 [root@localhost ~]# ssh xiaohong@192.168.30.130 -p 2000 xiaohong@192.168.30.130's password: Permission denied, please try again. xiaohong@192.168.30.130's password: Permission denied, please try again. xiaohong@192.168.30.130's password: xiaohong@192.168.30.130: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).实验成功·本实验完
