centos设置密钥并且使用密钥登录

准备

1、删除没有的用户和组(也可以不做)
[root@localhost ~]# userdel -r service
[root@localhost ~]# groupdel service
2、新建一个ssh用户和组
[root@localhost ~]# groupadd -g 1009 tomcat
[root@localhost ~]# useradd -u 1009 -g 1009 tomcat
3、设置新用户密码(也可以不做,反正后面也是要禁掉的)
[root@localhost ~]# passwd tomcat
4、设置新建用户能使用sudo
[root@localhost ~]# chmod u+w /etc/sudoers
[root@localhost ~]# vi /etc/sudoers
##加入文件### tomcat ALL=(ALL) NOPASSWD: ALL
[root@localhost ~]# chmod u-w /etc/sudoers
5、进入新用户
[root@localhost ~]# su tomcat
[tomcat@localhost root]$
[tomcat@localhost root]$ cd

配置ssh:

1、务器端生产密钥(一直默认回车就好,当然你也可以重新命名):
[tomcat@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tomcat/.ssh/id_rsa):
Created directory ‘/home/tomcat/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/tomcat/.ssh/id_rsa.
Your public key has been saved in /home/tomcat/.ssh/id_rsa.pub.
The key fingerprint is:
97:25:0b:63:7f:10:8e:f8:e8:01:96?ec:f4:35:0b [email protected]
The key’s randomart image is:
±-[ RSA 2048]----+
| . |
| = . o . |
| + * E * . |
| . + = * O |
| + S * . |
| . . . . |
| . |
| |
| |
±----------------+
[tomcat@localhost ~]$ ll -a
total 12
drwx------. 3 tomcat tomcat 74 Dec 5 18:09 .
drwxr-xr-x. 3 root root 20 Dec 5 18:05 …
-rw-r–r--. 1 tomcat tomcat 18 Dec 7 2016 .bash_logout
-rw-r–r--. 1 tomcat tomcat 193 Dec 7 2016 .bash_profile
-rw-r–r--. 1 tomcat tomcat 231 Dec 7 2016 .bashrc
drwx------. 2 tomcat tomcat 38 Dec 5 18:09 .ssh

2、进入文件夹,新建密钥文件,将公钥拷贝进密钥文件中
[tomcat@localhost ~]$ cd .ssh
[tomcat@localhost .ssh]$ touch authorized_keys
[tomcat@localhost .ssh]$ chmod 600 authorized_keys
[tomcat@localhost .ssh]$ cat id_rsa.pub >> authorized_keys
3、将私钥拉到本地,.ssh下面的(任意工具)

4、修改配置
[tomcat@localhost .ssh]$ sudo vi /etc/ssh/sshd_config
###修改一下内容
RSAAuthentication yes #
PubkeyAuthentication yes #
AuthorizedKeysFile /home/tomcat/.ssh/authorized_keys #路径
ChallengeResponseAuthentication no
PasswordAuthentication no #密码登录不允许
UsePAM no
PermitRootLogin no #不允许root远程登录
port 50001
##重启服务
[tomcat@localhost .ssh]$ systemctl restart sshd.service

你可能感兴趣的:(运维)