2021-08-01ssh远程登录
作者:互联网
使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
步骤如下:
一、server端配置
1、关闭防火墙和selinux
[root@jing ~]# systemctl stop firewalld
[root@jing ~]# setenforce 0
[root@jing ~]# getenforce
Permissive
2、创建用户xiaoming和xiaohei
useradd xiaoming
useradd xiaohei
echo "redhat" | passwd --stdin xiaoming
echo "redhat" | passwd --stdin xiaohei
3、修改sshd的配置文件/etc/ssh/sshd_config
①修改端口号为2000
编辑配置文件在“#Port 22”这行下面加上下面一行
Port 2000
②不允许root用户远程登录
编辑配置文件将原来的“PermitRootLogin yes”修改为下面一行
PermitRootLogin no
③允许特定用户(xiaoming、xiaohei)远程登录
编辑配置文件添加下面一行:
AllowUsers xiaoming xiaohei
④保存配置文件并退出
4、重启sshd服务
systemctl restart sshd
二、client端配置
1、添加用户xiaoming
useradd xiaoming
echo "redhat" | passwd --stdin xiaoming
2、切换到用户xiaoming下,用命令生成密钥对
su - xiaoming
ssh-keygen -t rsa
[xiaoming@jing ~]$ cd .ssh
[xiaoming@jing .ssh]$ ll
total 8
-rw-------. 1 xiaoming xiaoming 1679 Oct 5 20:06 id_rsa
-rw-r--r--. 1 xiaoming xiaoming 405 Oct 5 20:06 id_rsa.pub
3、将生成的公钥文件复制到服务端需要登录的用户家目录下
ssh-copy-id xiaoming@192.168.150.103 -p 2000
ssh-copy-id xiaohei@192.168.150.103 -p 2000
三、测试
在客户端用户为xiaomin时,使用ssh远程登录服务端的xiaoming和xiaohei用户,端口号为2000
ssh xiaoming@192.168.150.103 -p 2000
Last login: Mon Oct 5 07:55:53 2020 from 192.168.150.1
logout
ssh xiaohei@192.168.150.103 -p 2000
Last failed login: Mon Oct 5 08:11:50 EDT 2020 from 192.168.150.100 on ssh:notty
在服务端创建一个xiaohong用户,看能否在服务端远程登录成功
server端:
useradd xiaohong
echo "redhat" | passwd --stdin xiaohong
client端
ssh xiaohong@192.168.150.103 -p 2000
xiaohong@192.168.150.103's password:
Permission denied, please try again.
xiaohong@192.168.150.103's password:
Permission denied, please try again.
xiaohong@192.168.150.103's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
标签:xiaoming,01ssh,08,192.168,2000,2021,150.103,xiaohei,ssh 来源: https://blog.csdn.net/weixin_45952521/article/details/119294157