redhat-ssh


ssh-keygen -t dsa
scp id_dsa.pub  192.168.1.1:/home/xing/testkey

go to 192.168.1.1 /home/xing
mkdir .ssh
cp testkey ./ssh/authorized-keys
chmod 700 /home/xing
chmod 700 /home/xing/.ssh
chmod 600 /home/xing/.ssh/authorized-keys


go back to 192.168.1.10
login as xing
$ ssh 192.168.1.1 -l xing

it will login ssh without password
 
#to allow ssh connection only from local lan via iptables
iptables -A INPUT -s !192.168.1.0/24 -p tcp --dport22 -j DROP
 
#allow ssh connection only from example.com
vi /etc/hosts.deny
sshd: ALL EXCEPT .example.com
 
# allow only 192.168.1.0 except 192.168.1.10 to access ssh
vi /etc/hosts.deny
sshd: ALL EXCEPT 192.168.1. EXCEPT 192.168.1.10
 
#allow xing to ssh to 192.168.1.1 only between 1500-1800 everyday
vi /etc/security/time.conf
sshd:*:xing:AL1500-1800
vi /etc/pam.d/ssh
account  required pam_time.so
 
 # ssh-keygen
# ssh-copy-id  -i  ~/.ssh/id_rsa.pub [user@]host

 
 
 
 









 

你可能感兴趣的:(redhat,职场,休闲)