Redhat Linux access control

<<< Nineth Unit Exercise >>>

1. Set up the user Westos in the desktop host and set its password to Westoslinux

2. Configure the SSHD service requirements in desktop as follows:

*) Set SSHD service to allow only Westos users to be accessed using

*) Create a key authentication method for Westos users

*) Set Westos users to only allow the use of key authentication mode, shielding their system password authentication method

[[email protected] desktop]# Ssh-keygen # #生成密钥对 (Public and private keys, equivalent to locks and keys)

Generating public/private RSA key pair.

Enter file in which to save the key (/ROOT/.SSH/ID_RSA):

Enter passphrase (empty for no passphrase):

Enter same Passphrase again:

Your identification has been saved In/root/.ssh/id_rsa.

Your public key has been saved in/root/.ssh/id_rsa.pub.

The key fingerprint is:

d2:95:e4:80:fa:b8:14:e7:16:94:2e:7a:aa:fa:5c:68 [email protected]

The key ' s Randomart image is:

+--[RSA 2048]----+

|      O.. |

|     +  + . |

| +    +      |

| + +.       . |

| . B.. S |

| ..         + +. |

| E+.O |

| O ... |

|+oo |

+-----------------+

[Email protected] desktop]# ls/root/.ssh/# #查看生成的密钥文件

Authorized_keys Id_rsa id_rsa.pub

[Email protected] desktop]# useradd Westos # #添加用户westos

[Email protected] desktop]# passwd Westos # #设置westos用户密码

Changing password for user Westos.

New Password:

Bad Password:the PASSWORD contains the user name in some form

Retype new Password:

Passwd:all authentication tokens updated successfully.

[Email protected] desktop]# cd/root/.ssh/# #进入密钥文件目录

[email protected]. ssh]# ssh-copy-id-i id_rsa.pub [email protected] # #用密钥绑定westos用户

The authenticity of host ' 172.25.14.10 (172.25.14.10) ' can ' t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Is you sure want to continue connecting (yes/no)? Yes

/usr/bin/ssh-copy-id:info:attempting to log in with the new key (s), to filter out any that is already installed

/usr/bin/ssh-copy-id:info:1 key (s) remain to being installed--if you are prompted now it's to install the new keys

[email protected] ' s password:

Number of key (s) added:1

Now try logging to the machine with: "SSH" [email protected] ' "

And check to make sure that is only the key (s) wanted were added.

[email protected]. ssh]# Vim/etc/ssh/sshd_config # #配置访问权限文件 (see annex)

[email protected]. ssh]# SCP Id_rsa [email protected]:/root/.ssh/# #分发密钥

The authenticity of host ' 172.25.14.11 (172.25.14.11) ' can ' t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Is you sure want to continue connecting (yes/no)? Yes

warning:permanently added ' 172.25.14.11 ' (ECDSA) to the list of known hosts.

[email protected] ' s password:

Id_rsa 100% 1679 1.6kb/s 00:00

[email protected]. ssh]# systemctl Restart sshd # #重启sshd服务

[[email protected] desktop]# ssh [email protected] # #远程登陆root用户被拒

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

[[email protected] desktop]# ssh [email protected] # #远程登陆westos用户成功

Last Login:fri Sep-02:45:28 from server14.example.com

This article is from the "12086672" blog, please be sure to keep this source http://12096672.blog.51cto.com/12086672/1859853

Redhat Linux access control