server端:
[root@server /]# hostnamectl set-hostname server.example.com
[root@server ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b1:c7:29 brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb1:c729/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@server ~]# useradd timinglee
[root@server ~]# echo 123456 | passwd --stdin timinglee
更改用户 timinglee 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl disable firewalld
确保只有root用户和timinglee用户可以被登录:
[root@server ~]# vim /etc/ssh/sshd_config
修改允许登录的账户
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
AllowUsers timinglee root
cilent端:
[root@client /]# hostnamectl set-hostname client.example.com
[root@client ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:50:6d:df brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 172.25.254.200/24 brd 172.25.254.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe50:6ddf/64 scope link noprefixroute
valid_lft forever preferred_lft forever
制作cilent端的公私钥对:
[root@client ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:EYGqkroNQD+sKOWkwA+S1/GomvnldO/19a4nlZq53fg root@client.example.com
The key's randomart image is:
+---[RSA 3072]----+
| .o. |
| . . |
| . .. . |
|o.o..+ . |
|=++=o . S .|
|B*=.. ..|
|*oo.o . . =. |
|o* + . . . . =ooo|
|=oo . .o ..+BE|
+----[SHA256]-----+
将公钥上传至server端:
[root@client ~]# ssh-copy-id root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
实现cilent端的免密登录:
[root@client ~]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr 20 18:19:24 2024 from 172.25.254.200