Lab environment: Linux CentOS 6.5*2
Experimental Purpose: User Login control and key pair verification
The sshd service allows the root user to log on by default, which is very insecure when used on the Internet. It is common practice to log in as a normal user, switch to the root user with the SU command as needed, or elevate administrative privileges to the normal user after entering the secure shell environment.
First, User Login control
Disable root user remote login method: Vim/etc/ssh/sshd_config, enter the interface as shown in the operation
- General user account management: With ordinary users to log on to the server remotely, you can use the SU command to switch to root, we need to enable Pam_wheel authentication to manage the ordinary user account, method: Vim/etc/pam.d/su Enable Pam_wheel authentication, as shown in:
Only a member under the wheel group can switch to root,gpasswd-a zhangsan wheel Add a normal user Zhangsan to the wheel group, only Zhangsan will be able to switch to root in remote login mode.
- To the ordinary user: Visudo or vim/etc/sudoers, and then make the following edits:
User host name = command file path
Example: Zhangsan rhel6=/sbin/ifconfig gives the user Zhangsan permission to perform/sbin/ifconfig
Second, the key pair verification
1. Turn on the key pair verification function on the server vim/etc/ssh/sshd_config edit the SSH configuration file as shown in
2. On the client switch to normal user Zhangsan, create the key pair ssh-keygen-t RSA, as shown in
- Ssh-copy-id-i id_rsa.pub [email protected] switch to the folder where the key is located, upload the public key to the server, as shown in
Bai Xiao Sheng take you to play Linux system service Building series----SSH remote access and control