Linux基于ssh实行免密登录及禁止root用户远程登陆

ssh实行免密登录

一、使用两台虚拟机

A:192.168.100.128

B:192.168.100.130

二、密钥对

在A上进行操作

1.生成密钥对

ssh-keygen -t rsa
[root@bogon ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:d1CR1k/kr8WEFvAsh90ROgZLqxQGslNzVLkofVits1c root@bogon
The key's randomart image is:
+---[RSA 3072]----+
|     . +o=.+*=.+o|
|      + + o+**o=o|
|     o  ..=+=+Bo+|
|      ...+.*.+.Eo|
|        S.o + . +|
|         . o . o |
|            . .  |
|                 |
|                 |
+----[SHA256]-----+

 2.查看密钥对

ll /root/.ssh
[root@bogon ~]# ll /root/.ssh
total 8
-rw-------. 1 root root 2590 Oct  3 16:35 id_rsa
-rw-r--r--. 1 root root  564 Oct  3 16:35 id_rsa.pub

 3.传输服务器A的公钥id_rsa.pub到服务器B

 ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.139.130
[root@bogon ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.139.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.139.130 (192.168.139.130)' can't be established.
ECDSA key fingerprint is SHA256:C2miPRxJ7BU+40KbiEpVSvkSsAyf/bTs3fUxTiHF+H4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.139.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.139.129'"
and check to make sure that only the key(s) you wanted were added.

在B上做相同的操作

4.生成密钥对 

[scy@bogon ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/scy/.ssh/id_rsa): 
Created directory '/home/scy/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/scy/.ssh/id_rsa.
Your public key has been saved in /home/scy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SeiL5+F+qi84EjAvFc2U0EVdFZr3knFMVkZhw18l6GE scy@bogon
The key's randomart image is:
+---[RSA 3072]----+
|  .*.+o. ...oo=*B|
|  . =  ..  oE+.+o|
|   .  . . ooo.o o|
|o .  . . . ..=  .|
|.+    . S   o .  |
|o .  . .     .   |
| o .. +          |
|. o .+ ..        |
| . ..=*o         |
+----[SHA256]-----+

5.查看密钥对

[root@bogon ~]# ll /root/.ssh
total 12
-rw-------. 1 root root 2590 Oct  3 17:09 id_rsa
-rw-r--r--. 1 root root  564 Oct  3 17:09 id_rsa.pub
-rw-r--r--. 1 root root  177 Oct  3 16:46 known_hosts

 6.传输服务器B的公钥id_rsa.pub到服务器A

[root@bogon ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.139.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.139.128 (192.168.139.128)' can't be established.
ECDSA key fingerprint is SHA256:C2miPRxJ7BU+40KbiEpVSvkSsAyf/bTs3fUxTiHF+H4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.139.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.139.128'"
and check to make sure that only the key(s) you wanted were added.

 7.验证免密登录

Linux基于ssh实行免密登录及禁止root用户远程登陆_第1张图片

SSH如何禁止root用户远程登录

编辑ssh配置文件

vim /etc/ssh/sshd_config

临时显示行号(非必须)

set number

按ESC键退出编辑内容模式,进入命令模式(默认)输入":set number"后按回车键

修改配置

找到这行:PermitRootLogin prohibit-password

在下面添加一行

PermitRootLogin yes

重启ssh服务

service ssh restart

配置项含义解释:

PermitRootLogin yes 允许root远程登录,密码秘钥皆可

PermitRootLogin prohibit-password 允许root秘钥远程登录,但是禁止root远程密码登录

你可能感兴趣的:(RHCE学习,ssh,linux,服务器)