Linux RHCE练习之远程连接服务实战

2024-04-19 23:52

本文主要是介绍Linux RHCE练习之远程连接服务实战,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

Linux RHCE练习之远程连接服务实战

要求

主机一

  • 主机名:server.example.com
  • ip: 172.25.254.100
  • 建立用户timinglee,其密码为timinglee

主机二

  • 主机名:client.example.com
  • ip: 172.25.254.200

实现

主机一实现

[root@server100 ~]# hostnamectl hostname server.example.com
[root@server100 ~]# hostname
server.example.com
[root@server100 ~]# ifconfig | tr -s " " | grep broadcast | cut -d " " -f3
172.25.254.100
[root@server100 ~]# useradd timinglee
[root@server100 ~]# echo "timinglee" | passwd timinglee --stdin
Changing password for user timinglee.
passwd: all authentication tokens updated successfully.
[root@server100 ~]# tail -1 /etc/passwd
timinglee:x:1001:1001::/home/timinglee:/bin/bash

主机二实现

[root@server200 ~]# hostnamectl hostname client.example.com
[root@server200 ~]# hostname
client.example.com
[root@server200 ~]# ifconfig | tr -s " " | grep broadcast | cut -d " " -f3
172.25.254.200# 免密登录设置
# 使用非交互式设置,并且指定加密算法为rsa算法
[root@server200 ~]# ssh-keygen -f /root/.ssh/id_rsa -P "" -t rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RhwHxNxgpVwJd39BZUncyKIG2QDKyv5JnxBd7Mjrsu0 root@client.example.com
The key's randomart image is:
+---[RSA 3072]----+
|      .=OX=...+=*|
|   . . ==*+...o+o|
|    o   B. . .. .|
| . . o =  o    . |
|  o . + S.       |
| .   . o         |
|  . o .          |
|   o.* .         |
|    ++E          |
+----[SHA256]-----+# 查看是否生成公私密钥对
[root@server200 ~]# cd /root/.ssh/
[root@server200 .ssh]# ls
id_rsa  id_rsa.pu# 向主机一的root账户上传本地公钥
[root@server200 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ED25519 key fingerprint is SHA256:7v4Yn0h5gqnR0kmEQJPtc9vLb4JZmmHL7CBz5aqco+o.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.# 向主机一的timinglee账户上传本地公钥
[root@server200 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub timinglee@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
timinglee@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'timinglee@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.

设置只能root用户和timinglee用户可以被登录

需要在主机一操作

# 修改sshd主配置文件[root@server ~]# vim /etc/ssh/sshd_config# 修改内容如下:
PasswordAuthentication yes
# 添加一行内容,添加白名单
allowusers root timinglee# 重启sshd服务
[root@server ~]# systemctl restart sshd

测试是否可以免密连接

# 查看在主机一root账户中是否存在主机二上传的公钥
[root@server .ssh]# cd /root/.ssh/
[root@server .ssh]# ls
authorized_keys# 查看在主机一timinglee账户中是否存在主机二上传的公钥
[timinglee@server ~]$ cd /home/timinglee/.ssh/
[timinglee@server .ssh]$ ls
authorized_keys# root账户直接免密连接100的主机
[root@client ~]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 20:57:54 2024 from 172.25.254.1
[root@server ~]## timinglee账户直接免密连接100的主机
[root@client ~]# ssh -l timinglee 172.25.254.100
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 20:58:41 2024
[timinglee@server ~]$s

测试是否只能root用户和timinglee用户可以被登录

# 在主机一添加test用户用来测试
[root@server ~]# useradd test
[root@server ~]# echo "test" | passwd test --stdin
Changing password for user test.
passwd: all authentication tokens updated successfully.# 在主机二中使用test账户上传公钥至主机一
[root@client ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub test@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
test@172.25.254.100's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'test@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.# 测试root和timinglee账户是否可以免密登录主机一
[root@client ~]# ssh root@172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 21:26:38 2024 from 172.25.254.1
# root账户免密登录成功# [root@client ~]# ssh timinglee@172.25.254.100
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 21:01:39 2024 from 172.25.254.200# timinglee账户免密登录成功# 测试test测试账户是否可以免密登录主机一[root@client ~]# ssh test@172.25.254.100
test@172.25.254.100's password:
Permission denied, please try again.
test@172.25.254.100's password:# test账户免密登录主机一失败,因为设置了sshd白名单,只用在白名单的root和timinglee账户可以免密登录主机一

这篇关于Linux RHCE练习之远程连接服务实战的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/918776

相关文章

SpringBoot基于配置实现短信服务策略的动态切换

《SpringBoot基于配置实现短信服务策略的动态切换》这篇文章主要为大家详细介绍了SpringBoot在接入多个短信服务商(如阿里云、腾讯云、华为云)后,如何根据配置或环境切换使用不同的服务商,需... 目录目标功能示例配置(application.yml)配置类绑定短信发送策略接口示例:阿里云 & 腾

springboot项目如何开启https服务

《springboot项目如何开启https服务》:本文主要介绍springboot项目如何开启https服务方式,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录springboot项目开启https服务1. 生成SSL证书密钥库使用keytool生成自签名证书将

Android实现两台手机屏幕共享和远程控制功能

《Android实现两台手机屏幕共享和远程控制功能》在远程协助、在线教学、技术支持等多种场景下,实时获得另一部移动设备的屏幕画面,并对其进行操作,具有极高的应用价值,本项目旨在实现两台Android手... 目录一、项目概述二、相关知识2.1 MediaProjection API2.2 Socket 网络

Linux命令之firewalld的用法

《Linux命令之firewalld的用法》:本文主要介绍Linux命令之firewalld的用法,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录linux命令之firewalld1、程序包2、启动firewalld3、配置文件4、firewalld规则定义的九大

Linux之计划任务和调度命令at/cron详解

《Linux之计划任务和调度命令at/cron详解》:本文主要介绍Linux之计划任务和调度命令at/cron的使用,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录linux计划任务和调度命令at/cron一、计划任务二、命令{at}介绍三、命令语法及功能 :at

Linux下如何使用C++获取硬件信息

《Linux下如何使用C++获取硬件信息》这篇文章主要为大家详细介绍了如何使用C++实现获取CPU,主板,磁盘,BIOS信息等硬件信息,文中的示例代码讲解详细,感兴趣的小伙伴可以了解下... 目录方法获取CPU信息:读取"/proc/cpuinfo"文件获取磁盘信息:读取"/proc/diskstats"文

Linux内核参数配置与验证详细指南

《Linux内核参数配置与验证详细指南》在Linux系统运维和性能优化中,内核参数(sysctl)的配置至关重要,本文主要来聊聊如何配置与验证这些Linux内核参数,希望对大家有一定的帮助... 目录1. 引言2. 内核参数的作用3. 如何设置内核参数3.1 临时设置(重启失效)3.2 永久设置(重启仍生效

Python列表去重的4种核心方法与实战指南详解

《Python列表去重的4种核心方法与实战指南详解》在Python开发中,处理列表数据时经常需要去除重复元素,本文将详细介绍4种最实用的列表去重方法,有需要的小伙伴可以根据自己的需要进行选择... 目录方法1:集合(set)去重法(最快速)方法2:顺序遍历法(保持顺序)方法3:副本删除法(原地修改)方法4:

在Spring Boot中浅尝内存泄漏的实战记录

《在SpringBoot中浅尝内存泄漏的实战记录》本文给大家分享在SpringBoot中浅尝内存泄漏的实战记录,结合实例代码给大家介绍的非常详细,感兴趣的朋友一起看看吧... 目录使用静态集合持有对象引用,阻止GC回收关键点:可执行代码:验证:1,运行程序(启动时添加JVM参数限制堆大小):2,访问 htt

kali linux 无法登录root的问题及解决方法

《kalilinux无法登录root的问题及解决方法》:本文主要介绍kalilinux无法登录root的问题及解决方法,本文给大家介绍的非常详细,对大家的学习或工作具有一定的参考借鉴价值,... 目录kali linux 无法登录root1、问题描述1.1、本地登录root1.2、ssh远程登录root2、