linux中ssh远程登陆

server端：

root@server /\]# hostnamectl set-hostname server.example.com \[root@server \~\]# ip a 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:b1:c7:29 brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 172.25.254.100/24 brd 172.25.254.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:feb1:c729/64 scope link noprefixroute valid_lft forever preferred_lft forever \[root@server \~\]# useradd timinglee \[root@server \~\]# echo 123456 \| passwd --stdin timinglee 更改用户 timinglee 的密码 。 passwd：所有的身份验证令牌已经成功更新。 \[root@server \~\]# systemctl stop firewalld \[root@server \~\]# systemctl disable firewalld 确保只有root用户和timinglee用户可以被登录： \[root@server \~\]# vim /etc/ssh/sshd_config 修改允许登录的账户 #LoginGraceTime 2m PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 AllowUsers timinglee root cilent端： \[root@client /\]# hostnamectl set-hostname client.example.com \[root@client \~\]# ip a 1: lo: \ mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens160: \ mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:50:6d:df brd ff:ff:ff:ff:ff:ff altname enp3s0 inet 172.25.254.200/24 brd 172.25.254.255 scope global noprefixroute ens160 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe50:6ddf/64 scope link noprefixroute valid_lft forever preferred_lft forever 制作cilent端的公私钥对： \[root@client \~\]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:EYGqkroNQD+sKOWkwA+S1/GomvnldO/19a4nlZq53fg root@client.example.com The key's randomart image is: +---\[RSA 3072\]----+ \| .o. \| \| . . \| \| . .. . \| \|o.o..+ . \| \|=++=o . S .\| \|B\*=.. ..\| \|\*oo.o . . =. \| \|o\* + . . . . =ooo\| \|=oo . .o ..+BE\| +----\[SHA256\]-----+ 将公钥上传至server端： \[root@client \~\]# ssh-copy-id root@172.25.254.100 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@172.25.254.100's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@172.25.254.100'" and check to make sure that only the key(s) you wanted were added. 实现cilent端的免密登录： \[root@client \~\]# ssh -l root 172.25.254.100 Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Sat Apr 20 18:19:24 2024 from 172.25.254.200