1.(问答题)
一.配置两台主机
主机1.
主机名: server.example.com
[root@server 桌面]# hostnamectl hostname server.example.com
[root@server 桌面]# hostname
server.example.com
ip: 172.25.254.100
[root@server 桌面]# nmcli connection modify eth0 ipv4.addresses 172.25.254.100/24 autoconnect yes
[root@server 桌面]# nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@server 桌面]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.100 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::e768:955e:3485:4e1e prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:53:36:f8 txqueuelen 1000 (Ethernet)
RX packets 57 bytes 6029 (5.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 115 bytes 12570 (12.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 18 bytes 2118 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 18 bytes 2118 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
建立用户timinglee,其密码为timinglee
[root@server 桌面]# useradd timinglee
[root@server 桌面]# echo "timinglee" | passwd timinglee --stdin
更改用户 timinglee 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@server 桌面]#
主机2
主机名:client.example.com
[root@client 桌面]# hostnamectl hostname client.example.com
[root@client 桌面]# hostname
client.example.com
ip: 172.25.254.200
[root@client 桌面]# nmcli connection modify eth0 ipv4.addresses 172.25.254.200/24 autoconnect yes
[root@client 桌面]# nmcli connection up eth0
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)
[root@client 桌面]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.200 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::e1bf:6c40:f9c2:8d98 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5a:50:6e txqueuelen 1000 (Ethernet)
RX packets 102 bytes 11855 (11.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 122 bytes 11884 (11.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 27 bytes 4160 (4.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 4160 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.安需求完成项目
172.25.254.200 在远程登录172.25.254.100的root用户时需要免密连接
并确保只有root用户和timinglee用户可以被登录
[root@client 桌面]# ssh-keygen -f /root/.ssh/id_rsa -P ""
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:8E6ZV1XMDh+OOseAKBnO3JngryWq0fzoICCJ/JggZLM root@client.example.com
The key's randomart image is:
+---[RSA 3072]----+
| .+.|
| o ...o|
| + = * + . . o+.|
|=.o B B + o . .o|
|BE o S . + |
|= * . = . o o |
|.= +. + . o |
|. o.o. |
| .oo . |
+----[SHA256]-----+
[root@client 桌面]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ED25519 key fingerprint is SHA256:4SyS7nKRI2YRP04iWRzwgD72DrhiVTEre2t2j90orzk.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: 172.25.254.129
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
[root@client 桌面]# ssh-copy-id -i /root/.ssh/id_rsa.pub timinglee@172.25.254.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
timinglee@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'timinglee@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
[root@server 桌面]# vim /etc/ssh/sshd_config
PermitRootLogin no
AllowUsers root timinglee
[root@server 桌面]# systemctl restart sshd
验证:
[root@client 桌面]# ssh -l root 172.25.254.100
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Fri Apr 19 22:02:07 2024
[root@client 桌面]# ssh -l timinglee 172.25.254.100
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last failed login: Fri Apr 19 20:47:12 CST 2024 from 172.25.254.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
[timinglee@server ~]$
[root@client 桌面]# ssh -l fox 172.25.254.100
fox@172.25.254.100's password:
Permission denied, please try again.