携手创作,共同成长!这是我参与「掘金日新计划 · 8 月更文挑战」的第3天,点击查看活动详情
第一步:su 到普通用户下面
su - app(app用户)
[root@localhost ~]# su - wzx
\
第二步:生成密钥 ssh-keygen -t rsa
[wzx@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wzx/.ssh/id_rsa):
Created directory '/home/wzx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wzx/.ssh/id_rsa.
Your public key has been saved in /home/wzx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ktasuInOq1J3I8/dytNgOgbZ5Ae5NenptbUEfW/tMb4 wzx@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . . . |
| +++ . . . |
| =+=So . . ..|
| . =oo . o o+|
| . ..*.B = + ..oo|
|.. . o*.+ + . ..|
|oo=.o. .oo E.|
+----[SHA256]-----+
\
\
第三步:进入到公钥目录cd ~/.ssh
[wzx@localhost ~]$ cd ~/.ssh/
[wzx@localhost .ssh]$ ls
id_rsa id_rsa.pub
\
\
第四步:把公钥id_rsa.pub内容复制到另一台普通用户的authorized_keys里面
[wzx@localhost .ssh]$ vi authorized_keys
[wzx@localhost .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqtZM7MVb2VNfMcu0oGOtItDWttRnQBImnxaAf9KeSl0JJq+blyWgslF/2zWZXJuBw68AZ944n/EtOegWTe/6ZEUo5B/4Yz2N5MOtRLlGwltj4F+YKnUzlC9vLPHbpxPoqmWnO/Cp3rRyYRtOSbGaRbV7PXAaGVIgU6ooeUIhr0Ft2b7VIZK/nDj1+JYCbmz6KB5NDXncQefsjCAX4+orSYTKf/UFbIOz/sAOhDWhxLBIXoGe2qJ6nJaSxtYd5cygI0BXPNl1ZhV2X3U6fuCXYV+uSnUOSuUiYlVoOd28AcQad8B0J/tKmtO8POp5obaRhkipxIPbxir4XJikNkKef wzx@localhost.localdomain
\
\
验证是否成功
[root@wangzhenxin-lin01 ~]# scp /root/shell/pid.sh app2@172.16.104.59:root
The authenticity of host '172.16.104.59 (172.16.104.59)' can't be established.
ECDSA key fingerprint is SHA256:4O+GhWnNEr0BKLWvjV9tmxBpmxa0Tj453r4qZ0PO9R0.
ECDSA key fingerprint is MD5:2b:a8:4f:c6:13:d5:ae:35:97:ac:2c:da:a7:d9:04:35.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.104.59' (ECDSA) to the list of known hosts.
app2@172.16.104.59's password:
pid.sh 100% 858 1.1MB/s 00:00
[root@wangzhenxin-lin01 ~]# su - wzx
su: user wzx does not exist
[root@wangzhenxin-lin01 ~]# ll
总用量 48
-rw-r----- 1 root root 858 8月 3 17:18 pid.sh
\
\
扩展:sudo 注意哦:
编辑sudo的配置文件/etc/sudoers是一般不要直接使用vi(vi /etc/sudoers)去编辑,因为sudoers配置有一定的语法,直接用vi编辑保存系统不会检查语法,如有错也保存了可能导致无法使用sudo工具,最好使用visudo命令去配置。虽然visudo也是调用vi去编辑,但是保存时会进行语法检查,有错会有提示。
\
配置sudo的2种方法:
1.visoudo:编辑sudo配置文件(相当于vi ./etc/sudoer),但是不建议用,注意语法,别过了
visodu:编辑/etc/sudoers命令 -- 98行
visudo -c :监检查语法命令,有报错可能导致系统起不来,所以编辑之前需要备份,编辑后最好检查一下用法
\
\
\
sudo的原理:
普通用户运行sudo ->检查/var/db/sudo/下是否有时间戳文件(执行成功后会创建,且免密5分钟),并检查是否已经过期
未过期 ->检查/etc/sudoers里面是否配置了运行sudo和执行相应命令的权限
->有权限->执行命令并且返回结果->退出
->无权限->退出
过期 ->输入当前用户自己的命令->检查/etc/sudoers里面是否配置了运行sudo和执行相应命令的权限
->有权限->执行命令并且返回结果->退出
->无权限->退出
sudo管理的2个文件
/var/db/sudo/
/etc/sudoers
man sudo
man sudoers
