4-2·Linux密码认证与SSH

2018-01-08 13:46:54来源:网络收集作者:程序诗人人点击

分享

阿里云爆款
1)配置SSH远程登录服务器

默认最小的CentOS&RHEL都安装了OpenSSH,所以我们不需要安装。


我们可以使用密码身份验证登录,但是不安全的很!


接下来增加安全级别。


[root@localhost ~]# vim /etc/ssh/sshd_config //ssh主配置文件
PermitRootLogin no //禁止Root通过SSh登录
PermitEmptyPasswords no //不保存密码
PasswordAuthentication yes//密码验证开启
[root@localhost ~]# systemctl restart sshd //重启服务
[root@localhost ~]# firewall-cmd --add-service=ssh --permanent//设置防火墙允许SSH通过
success
[root@localhost ~]# firewall-cmd --reload
success
2)设置SSH客户端

一般普通安装是拥有SSH的


[root@localhost ~]# yum -y install openssh-clients//如果系统没有,安装一个客户端
[root@localhost ~]# ssh root@172.25.0.1 //连接Linux,要求输入密码。(小伙伴不要用Root连)
The authenticity of host '172.25.0.1 (172.25.0.1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes//创建秘钥,是否继续yes
Warning: Permanently added '172.25.0.1' (ECDSA) to the list of known hosts.
root@172.25.0.1's password: //连接用户密码
Last failed login: Sun Jan7 20:22:08 CST 2018 from 172.25.0.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Dec 28 20:14:09 2017 from 172.25.0.2
[root@localhost ~]#
也可以写主机名链接
[root@localhost ~]# ssh root@localhost //连接Linux,要求输入密码。(小伙伴不要用Root连)
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Last login: Sun Jan7 20:22:15 2018 from 172.25.0.1
[root@localhost ~]#

我们可以检查cat /etc/passwd用户是否可以登录系统shell


root:x:0:0:root:/root:/bin/bash//默认/bin/bash是可登陆系统
tcpdump:x:72:72::/:/sbin/nologin //不可登录是sbin/nologin

创建用户不允许登录shell


useradd -s /sbin/nologin

最新文章

123

最新摄影

微信扫一扫

第七城市微信公众平台