Bai Xiao Sheng take you to play Linux system service Building series----SSH remote access and control

Source: Internet
Author: User

Lab environment: Linux CentOS 6.5*2
Experimental Purpose: User Login control and key pair verification

The sshd service allows the root user to log on by default, which is very insecure when used on the Internet. It is common practice to log in as a normal user, switch to the root user with the SU command as needed, or elevate administrative privileges to the normal user after entering the secure shell environment.

First, User Login control

    1. Disable root user remote login method: Vim/etc/ssh/sshd_config, enter the interface as shown in the operation

    2. General user account management: With ordinary users to log on to the server remotely, you can use the SU command to switch to root, we need to enable Pam_wheel authentication to manage the ordinary user account, method: Vim/etc/pam.d/su Enable Pam_wheel authentication, as shown in:

      Only a member under the wheel group can switch to root,gpasswd-a zhangsan wheel Add a normal user Zhangsan to the wheel group, only Zhangsan will be able to switch to root in remote login mode.
    3. To the ordinary user: Visudo or vim/etc/sudoers, and then make the following edits:
      User host name = command file path
      Example: Zhangsan rhel6=/sbin/ifconfig gives the user Zhangsan permission to perform/sbin/ifconfig


Second, the key pair verification
1. Turn on the key pair verification function on the server vim/etc/ssh/sshd_config edit the SSH configuration file as shown in

2. On the client switch to normal user Zhangsan, create the key pair ssh-keygen-t RSA, as shown in

    1. Ssh-copy-id-i id_rsa.pub [email protected] switch to the folder where the key is located, upload the public key to the server, as shown in

Bai Xiao Sheng take you to play Linux system service Building series----SSH remote access and control

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.