ssh免密登入及踢除

主機A使用ssh登入到主機B

• 1、主機A操作如下

[[email protected] .ssh]# ssh-keygen  #生成秘鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):   #直接回車，預設存放路徑
Enter passphrase (empty for no passphrase):   #設定秘鑰密碼，直接回車代表無
Enter same passphrase again:   #再次設定秘鑰密碼，直接回車代表無
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l5zUtKOC1v7BAeG2O7m64ZVGBnye4gZTdVLzvovRpA8 [email protected]
The key's randomart image is:
+---[RSA ]----+
|        +.+ .    |
|     . o + = .   |
|      + = . =    |
|     . B * = .   |
|    o + S B o    |
|     = = B = .   |
|      + O E o    |
|     o + + * .   |
|      +o. o o    |
+----[SHA256]-----+
[[email protected] .ssh]# ssh-copy-id [email protected]  #将秘鑰傳輸到主機B（root為主機B上的使用者，192.168.10.158為主機B的位址）
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[[email protected] .ssh]# ssh [email protected]  #使用ssh進行登入主機B
Enter passphrase for key '/root/.ssh/id_rsa':   #因為我設定了秘鑰密碼，是以此處需要輸入秘鑰密碼，否則會直接進入系統
Last login: Sun Sep   ::  from 
[[email protected] ~]# 
           

• 2、主機B上進行檢視（/root/.ssh目錄下的authorized_keys檔案）

[[email protected] ~]# cd /root/
[[email protected] ~]# ll -a
總用量 40
dr-xr-x---.  6 root root  253 9月   1 19:29 .
dr-xr-xr-x. 17 root root  224 5月  14 12:45 ..
-rw-------.  1 root root 1783 5月  14 12:46 anaconda-ks.cfg
-rw-------.  1 root root  305 9月   1 19:59 .bash_history
-rw-r--r--.  1 root root   18 12月 29 2013 .bash_logout
-rw-r--r--.  1 root root  176 12月 29 2013 .bash_profile
-rw-r--r--.  1 root root  176 12月 29 2013 .bashrc
drwx------.  4 root root   31 5月  14 13:02 .cache
drwx------.  4 root root   30 5月  14 13:02 .config
-rw-r--r--.  1 root root  100 12月 29 2013 .cshrc
drwx------.  3 root root   25 5月  14 12:52 .dbus
-rw-r--r--.  1 root root 1831 5月  14 12:53 initial-setup-ks.cfg
drwx------.  2 root root   29 9月   2 14:29 .ssh
-rw-r--r--.  1 root root  129 12月 29 2013 .tcshrc
-rw-------.  1 root root  595 9月   1 19:16 .viminfo
-rw-------.  1 root root  108 5月  14 13:02 .xauthBwvZib
[[email protected] ~]# cd .ssh
[[email protected] .ssh]# ll -a
總用量 4
drwx------. 2 root root  29 9月   2 14:29 .
dr-xr-x---. 6 root root 253 9月   1 19:29 ..
-rw-------. 1 root root 402 9月   2 14:29 authorized_keys
           

• 擴充

1、隻許秘鑰驗證，拒絕傳統密碼驗證

[root@B .ssh]# vi /etc/ssh/ssh_config  #修改主機B的ssh配置檔案
PasswordAuthentication yes  #将yes修改為no
           

2、在主機B上将主機A登陸的會話踢除

[root@B ~]# w
 :: up  day, :,   users,  load average: , , 
USER     TTY      FROM             [email protected]   IDLE   JCPU   PCPU WHAT
guest    :       :               May18 ?xdm?  :   s /usr/libexec/g
guest    pts/0    :0               14May18 111days  0.60s  4.02s /usr/libexec/g
root     pts/        Sat11    s  s  s w
root     pts/       :    s  s  s -bash
[root@B ~]# pkill -kill -t pts/2  #将ssh登陸的使用者踢除
[root@B ~]# w
 :: up  day, :,   users,  load average: , , 
USER     TTY      FROM             [email protected]   IDLE   JCPU   PCPU WHAT
guest    :       :               May18 ?xdm?  :   s /usr/libexec/g
guest    pts/0    :0               14May18 111days  0.60s  4.02s /usr/libexec/g
root     pts/        Sat11    s  s  s w
[root@B ~]#