<<< Nineth Unit Exercise >>>
1. Set up the user Westos in the desktop host and set its password to Westoslinux
2. Configure the SSHD service requirements in desktop as follows:
*) Set SSHD service to allow only Westos users to be accessed using
*) Create a key authentication method for Westos users
*) Set Westos users to only allow the use of key authentication mode, shielding their system password authentication method
[[email protected] desktop]# Ssh-keygen # #生成密钥对 (Public and private keys, equivalent to locks and keys)
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):
Enter passphrase (empty for no passphrase):
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
d2:95:e4:80:fa:b8:14:e7:16:94:2e:7a:aa:fa:5c:68 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| O.. |
| + + . |
| + + |
| + +. . |
| . B.. S |
| .. + +. |
| E+.O |
| O ... |
|+oo |
+-----------------+
[Email protected] desktop]# ls/root/.ssh/# #查看生成的密钥文件
Authorized_keys Id_rsa id_rsa.pub
[Email protected] desktop]# useradd Westos # #添加用户westos
[Email protected] desktop]# passwd Westos # #设置westos用户密码
Changing password for user Westos.
New Password:
Bad Password:the PASSWORD contains the user name in some form
Retype new Password:
Passwd:all authentication tokens updated successfully.
[Email protected] desktop]# cd/root/.ssh/# #进入密钥文件目录
[email protected]. ssh]# ssh-copy-id-i id_rsa.pub [email protected] # #用密钥绑定westos用户
The authenticity of host ' 172.25.14.10 (172.25.14.10) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes
/usr/bin/ssh-copy-id:info:attempting to log in with the new key (s), to filter out any that is already installed
/usr/bin/ssh-copy-id:info:1 key (s) remain to being installed--if you are prompted now it's to install the new keys
[email protected] ' s password:
Number of key (s) added:1
Now try logging to the machine with: "SSH" [email protected] ' "
And check to make sure that is only the key (s) wanted were added.
[email protected]. ssh]# Vim/etc/ssh/sshd_config # #配置访问权限文件 (see annex)
[email protected]. ssh]# SCP Id_rsa [email protected]:/root/.ssh/# #分发密钥
The authenticity of host ' 172.25.14.11 (172.25.14.11) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 172.25.14.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password:
Id_rsa 100% 1679 1.6kb/s 00:00
[email protected]. ssh]# systemctl Restart sshd # #重启sshd服务
[[email protected] desktop]# ssh [email protected] # #远程登陆root用户被拒
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[[email protected] desktop]# ssh [email protected] # #远程登陆westos用户成功
Last Login:fri Sep-02:45:28 from server14.example.com
This article is from the "12086672" blog, please be sure to keep this source http://12096672.blog.51cto.com/12086672/1859853
Redhat Linux access control