1)配置ssh遠程登錄服務器
默認最小的CentOS&RHEL都安裝了OpenSSH,所以我們不需要安裝。
我們可以使用密碼身份驗證登錄,但是不安全的很!
接下來增加安全級別。
[root@localhost ~]# vim /etc/ssh/sshd_config //ssh主配置文件
PermitRootLogin no //禁止Root通過SSh登錄
PermitEmptyPasswords no //不保存密碼
PasswordAuthentication yes //密碼驗證開啓
[root@localhost ~]# systemctl restart sshd //重啓服務
[root@localhost ~]# firewall-cmd --add-service=ssh --permanent //設置防火牆允許SSH通過
success
[root@localhost ~]# firewall-cmd --reload
success2)設置SSH客戶端
一般普通安裝是擁有SSH的
[root@localhost ~]# yum -y install openssh-clients //如果系統沒有,安裝一個客戶端
[root@localhost ~]# ssh [email protected] //連接Linux,要求輸入密碼。(小夥伴不要用Root連)
The authenticity of host '172.25.0.1 (172.25.0.1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes //創建祕鑰,是否繼續yes
Warning: Permanently added '172.25.0.1' (ECDSA) to the list of known hosts.
[email protected]'s password: //連接用戶密碼
Last failed login: Sun Jan 7 20:22:08 CST 2018 from 172.25.0.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Dec 28 20:14:09 2017 from 172.25.0.2
[root@localhost ~]#
也可以寫主機名鏈接
[root@localhost ~]# ssh root@localhost //連接Linux,要求輸入密碼。(小夥伴不要用Root連)
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 47:eb:7e:cc:e7:8c:71:b8:86:d0:3c:20:db:75:0b:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Last login: Sun Jan 7 20:22:15 2018 from 172.25.0.1
[root@localhost ~]# 我們可以檢查cat /etc/passwd用戶是否可以登錄系統shell
root:x:0:0:root:/root:/bin/bash //默認/bin/bash是可登陸系統
tcpdump:x:72:72::/:/sbin/nologin //不可登錄是sbin/nologin 創建用戶不允許登錄shell
useradd -s /sbin/nologin <user>