• 欢迎访问好鸭,WordPress信息,WordPress教程,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏好鸭吧

Linux下配置密钥登录禁用密码登录

Linux haoduck 1周前 (01-29) 18次浏览 0个评论

首先需要在ROOT用户下

操作步骤如下

1 创建用户haoduck

useradd haoduck

2 创建haoduck用户ssh密钥文件夹

mkdir -p /home/haoduck/.ssh/
chmod 700 /home/haoduck/.ssh/

3 创建公钥文件

公钥文件一般从自己的电脑上生成,诸如XShell、MobaXterm等工具都是可以生成的。这里就不赘述了

vim /home/haoduck/.ssh/authorized_keys
chmod 600 /home/haoduck/.ssh/authorized_keys
chown -R haoduck /home/haoduck/.ssh/ #设置文件所有者为新用户haoduck

4 配置sudo权限(可选)

在最后添加一行haoduck ALL=(ALL) ALL或者haoduck ALL=(ALL) NOPASSWD: ALL,后者可以免密码使用sudo

chmod u+w /etc/sudoers
vim /etc/sudoers
chmod u-w /etc/sudoers

5 修改sshd配置

vim /etc/ssh/sshd_config

密钥登录:找到以下内容去掉签名的#号
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

禁用密码和ROOT登录:
找到以下内容
PasswordAuthentication yes
PermitRootLogin yes

改为
PasswordAuthentication no
PermitRootLogin no

重启sshdsystemctl restart sshdsystemctl restart sshservice sshd restartservice ssh restart

一键脚本

#!/bin/bash
#username=${1:="haoduck"}
#pubkey=${2:="ssh-xxxxx"}
username="haoduck"
#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx"
#yum install -y sudo
#apt-get install -y sudo
useradd ${username}
mkdir -p /home/${username}/.ssh/
chmod 700 /home/${username}/.ssh/
echo $pubkey > /home/${username}/.ssh/authorized_keys
chmod 600 /home/${username}/.ssh/authorized_keys
chown -R ${username} /home/${username}/.ssh/
#sudo配置
chmod u+w /etc/sudoers
echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
#echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
#sshd配置
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
#sed -i "s|#?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
#sed -i "s|#?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service ssh restart;service ssh restart

如果只需要用ROOT用户,可以省略添加用户的步骤,一键脚本如下:

#pubkey="$(wget -qO- https://直链)"
pubkey="ssh-xxxxx" #这里改成你的公钥
mkdir -p /root/.ssh/
chmod 700 /root/.ssh/
echo $pubkey > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
sshd_file="/etc/ssh/sshd_config"
cp -n $sshd_file /etc/ssh/sshd_config.bak
sed -i "s|#?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
sed -i "s|#?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
sed -i "s|#?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
sed -i "s|#?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
systemctl restart sshd;systemctl restart ssh;service ssh restart;service ssh restart

好鸭 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:Linux下配置密钥登录禁用密码登录
喜欢 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址