内容
使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
一、server端配置
1.在根下创建两个用户xiaoming xiaohei
[root@localhost ~]# useradd xiaoming [root@localhost ~]# useradd xiaohei [root@localhost ~]# echo redhat | passwd --stdin xiaoming Changing password for user xiaoming. passwd: all authentication tokens updated successfully. [root@localhost ~]# echo redhat | passwd --stdin xiaohei Changing password for user xiaohei. passwd: all authentication tokens updated successfully.
2.编辑配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config
在port 22 下面写上 port 2000
将permitrootlogin yes 改为 no,并在下面加上想要允许远程登录的用户
allowusers xiaoming xiaohei
3.关闭防火墙,重启服务
[root@jing ~]# systemctl stop firewalld [root@jing ~]# setenforce 0 [root@localhost ~]# systemctl restart sshd
二、client端配置
1.切换到用户xiaoming下,用命令生成密钥对
[root@localhost ~]# su - xiaoming [xiaoming@localhost ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa): /home/xiaoming/.ssh/id_rsa Created directory ‘/home/xiaoming/.ssh’. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xiaoming/.ssh/id_rsa. Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub. The key fingerprint is: SHA256:qzmLt7cqcP0x5s5LDtBxQ6jQAp63Xo3fNebptlY+7hs xiaoming@localhost.localdomain The key’s randomart image is: ±–[RSA 3072]----+ |… . … | |. + . … | | o + … o | | . o.oo . | | …+…S + | | o o.o =.+ o. | | + .=o+ ooE | | …oB+ .o o. | | .oBooo++o | ±—[SHA256]-----+ [xiaoming@localhost ~]$ cd /home/xiaoming/.ssh [xiaoming@localhost .ssh]$ ll total 8 -rw-------. 1 xiaoming xiaoming 2675 Aug 4 04:55 id_rsa -rw-r–r--. 1 xiaoming xiaoming 584 Aug 4 04:55 id_rsa.pub [xiaoming@localhost ~]$ cd /home/xiaoming/.ssh [xiaoming@localhost .ssh]$ ll total 8 -rw-------. 1 xiaoming xiaoming 2675 Aug 4 04:55 id_rsa -rw-r–r--. 1 xiaoming xiaoming 584 Aug 4 04:55 id_rsa.pub
2.将生成的公钥文件复制到服务端需要登录的用户家目录下
[xiaoming@localhost .ssh]$ ssh-copy-id xiaohei@192.168.18.129 -p 2000 [xiaoming@localhost .ssh]$ ssh-copy-id xiaohei@192.168.18.129 -p 2000
三 、server端创建一个xiaohong用户,并使用xiaohong用户远程连接是否成功
[root@localhost ~]# useradd xiaohong [root@localhost ~]# echo redhat | passwd --stdin xiaohong Changing password for user xiaohong. passwd: all authentication tokens updated successfully.
[root@localhost ~]# ssh xiaohong@192.168.18.129 -p 2000 The authenticity of host ‘[192.168.18.129]:2000 ([192.168.18.129]:2000)’ can’t be established. ECDSA key fingerprint is SHA256:W4FO/ZtSRA8dlXRNgvNffS/bA8FlJ2naLJxBw2lcErs. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added ‘[192.168.18.129]:2000’ (ECDSA) to the list of known hosts. xiaohong@192.168.18.129’s password: Permission denied, please try again. xiaohong@192.168.18.129’s password: Permission denied, please try again. xiaohong@192.168.18.129’s password: xiaohong@192.168.18.129: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
