redhat linux 访问控制
<<<第九单元练习>>>1.在desktop主机中建立用户westos,并设定其密码为westoslinux
2.配置desktop中的sshd服务要求如下:
*)设定sshd服务只允许westos用户可以被访问使用
*)创建westos用户的key认证方式
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
# ssh-keygen##生成密钥对(公钥和私钥,相当于锁和钥匙)
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d2:95:e4:80:fa:b8:14:e7:16:94:2e:7a:aa:fa:5c:68 root@desktop14.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| o. . |
| ++ . |
| + + |
| + +. . |
| . B..S |
|..+ +. |
|E+.o |
| o... |
|+oo |
+-----------------+
# ls /root/.ssh/##查看生成的密钥文件
authorized_keysid_rsaid_rsa.pub
# useradd westos##添加用户westos
# passwd westos##设置westos用户密码
Changing password for user westos.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
# cd /root/.ssh/ ##进入密钥文件目录
# ssh-copy-id -i id_rsa.pub westos@172.25.14.10##用密钥绑定westos用户
The authenticity of host '172.25.14.10 (172.25.14.10)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.14.10's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'westos@172.25.14.10'"
and check to make sure that only the key(s) you wanted were added.
# vim /etc/ssh/sshd_config ##配置访问权限文件(见附件)
# scp id_rsa root@172.25.14.11:/root/.ssh/ ##分发密钥
The authenticity of host '172.25.14.11 (172.25.14.11)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.14.11' (ECDSA) to the list of known hosts.
root@172.25.14.11's password:
id_rsa 100% 1679 1.6KB/s 00:00
# systemctl restart sshd ##重启sshd服务
# ssh root@172.25.14.10 ##远程登陆root用户被拒
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
# ssh westos@172.25.14.10 ##远程登陆westos用户成功
Last login: Fri Sep 30 02:45:28 2016 from server14.example.com
页:
[1]