本文主要是介绍Linux RHCE练习之远程连接服务实战,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
Linux RHCE练习之远程连接服务实战
要求
主机一
- 主机名:server.example.com
- ip: 172.25.254.100
- 建立用户timinglee,其密码为timinglee
主机二
- 主机名:client.example.com
- ip: 172.25.254.200
实现
主机一实现
[root@server100 ~]# hostnamectl hostname server.example.com
[root@server100 ~]# hostname
server.example.com
[root@server100 ~]# ifconfig | tr -s " " | grep broadcast | cut -d " " -f3
172.25.254.100
[root@server100 ~]# useradd timinglee
[root@server100 ~]# echo "timinglee" | passwd timinglee --stdin
Changing password for user timinglee.
passwd: all authentication tokens updated successfully.
[root@server100 ~]# tail -1 /etc/passwd
timinglee:x:1001:1001::/home/timinglee:/bin/bash
主机二实现
[root@server200 ~]# hostnamectl hostname client.example.com
[root@server200 ~]# hostname
client.example.com
[root@server200 ~]# ifconfig | tr -s " " | grep broadcast | cut -d " " -f3
172.25.254.200# 免密登录设置
# 使用非交互式设置,并且指定加密算法为rsa算法
[root@server200 ~]# ssh-keygen -f /root/.ssh/id_rsa -P "" -t rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RhwHxNxgpVwJd39BZUncyKIG2QDKyv5JnxBd7Mjrsu0 root@client.example.com
The key's randomart image is:
+---[RSA 3072]----+
| .=OX=...+=*|
| . . ==*+...o+o|
| o B. . .. .|
| . . o = o . |
| o . + S. |
| . . o |
| . o . |
| o.* . |
| ++E |
+----[SHA256]-----+# 查看是否生成公私密钥对
[root@server200 ~]# cd /root/.ssh/
[root@server200 .ssh]# ls
id_rsa id_rsa.pu# 向主机一的root账户上传本地公钥
[root@server200 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ED25519 key fingerprint is SHA256:7v4Yn0h5gqnR0kmEQJPtc9vLb4JZmmHL7CBz5aqco+o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.# 向主机一的timinglee账户上传本地公钥
[root@server200 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub timinglee@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
timinglee@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'timinglee@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
设置只能root用户和timinglee用户可以被登录
需要在主机一操作
# 修改sshd主配置文件[root@server ~]# vim /etc/ssh/sshd_config# 修改内容如下:
PasswordAuthentication yes
# 添加一行内容,添加白名单
allowusers root timinglee# 重启sshd服务
[root@server ~]# systemctl restart sshd
测试是否可以免密连接
# 查看在主机一root账户中是否存在主机二上传的公钥
[root@server .ssh]# cd /root/.ssh/
[root@server .ssh]# ls
authorized_keys# 查看在主机一timinglee账户中是否存在主机二上传的公钥
[timinglee@server ~]$ cd /home/timinglee/.ssh/
[timinglee@server .ssh]$ ls
authorized_keys# root账户直接免密连接100的主机
[root@client ~]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 20:57:54 2024 from 172.25.254.1
[root@server ~]## timinglee账户直接免密连接100的主机
[root@client ~]# ssh -l timinglee 172.25.254.100
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 20:58:41 2024
[timinglee@server ~]$s
测试是否只能root用户和timinglee用户可以被登录
# 在主机一添加test用户用来测试
[root@server ~]# useradd test
[root@server ~]# echo "test" | passwd test --stdin
Changing password for user test.
passwd: all authentication tokens updated successfully.# 在主机二中使用test账户上传公钥至主机一
[root@client ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub test@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
test@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'test@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.# 测试root和timinglee账户是否可以免密登录主机一
[root@client ~]# ssh root@172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 21:26:38 2024 from 172.25.254.1
# root账户免密登录成功# [root@client ~]# ssh timinglee@172.25.254.100
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 21:01:39 2024 from 172.25.254.200# timinglee账户免密登录成功# 测试test测试账户是否可以免密登录主机一[root@client ~]# ssh test@172.25.254.100
test@172.25.254.100's password:
Permission denied, please try again.
test@172.25.254.100's password:# test账户免密登录主机一失败,因为设置了sshd白名单,只用在白名单的root和timinglee账户可以免密登录主机一
这篇关于Linux RHCE练习之远程连接服务实战的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!