Redhat8 ssh免密登陆以及http配置实验_/root/.ssh/id_rsa

一、实验要求：

1.ssh免密登录：准备两台Linux虚拟机，第一台可以免密登录到第二台机器

2.ssh禁止root用户远程登录  

3.http：配置基于不同IP的访问不同的站点，要求默认首页文件为 first.html

二、实验准备

两台Redhat8虚拟机，ip配置如下

服务端：

客户端：

三、实验过程：

1.ssh免密登录

服务端：

配置服务端配置文件  

[root@server ~]# vim /etc/ssh/sshd_config
 
Port 22 #指定端口
 
PubkeyAuthentication yes
 
#PasswordAuthentication yes

客户端：

制作秘钥

[root@haha ~]# ssh-keygen -t RSA
 
Generating public/private RSA key pair.
 
Enter file in which to save the key (/root/.ssh/id_rsa):
 
/root/.ssh/id_rsa already exists.
 
Overwrite (y/n)? y
 
Enter passphrase (empty for no passphrase):
 
Enter same passphrase again:
 
Your identification has been saved in /root/.ssh/id_rsa.
 
Your public key has been saved in /root/.ssh/id_rsa.pub.
 
The key fingerprint is:
 
SHA256:cjMRTrUZNMSDo/Jv2pqrKYJF9ZfWRc732Sc2JPmQlN4 root@haha
 
The key's randomart image is:
+---[RSA 3072]----+
|        o**.o.   |
|    .  oo.oOoo   |
|   . . .o+o+B.o  |
|  . . o +.. .*E.o|
| .   o.oS     =.+|
|  .   .o o   . o.|
|..     .         |
|o .  . oo        |
| . .o.==.        |
+----[SHA256]-----+

客户端发送公钥

[root@haha ~]# ssh-copy-id -i 192.168.239.200
 
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
 
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 
Password:
 
Password:
 
 
 
Number of key(s) added: 1
 
 
 
Now try logging into the machine, with:   "ssh '192.168.239.200'"
 
and check to make sure that only the key(s) you wanted were added.

服务器端查看秘钥是否收到

测试：
用户登录登录成功

---

2.ssh禁止root用户远程登录：
在 /etc/ssh/sshd_config 配置文件中加入下面这条指令
denyusers root #创建黑名单拒绝某个用户访问
测试：
使用root用户登录

无法登陆

---

3.http：配置基于不同IP访问不同的站点，要求默认首页文件为 first.html

添加一个新的ip地址

[root@server ~]# nmcli c modify ens160 +ipv4.addresses 192.168.239.10/24
 
[root@server ~]# nmcli connection up ens160

创建两个网页文件根目录，并定义网页内容

[root@server ~]# mkdir -pv /www/ip/{10,200}
 
[root@server ~]# echo this is 10 > /www/ip/10/first.html
 
[root@server ~]# echo this is 200 > /www/ip/10/first.html

定义基于不同ip地址来访问网站的配置文件

[root@server ~]# cd /etc/httpd/conf.d
 
[root@server conf.d]# vim myhosts.conf
 
<Directory "/www/ip">
 
        AllowOverride None
 
        Require all granted
 
</Directory>
 
<VirtualHost 192.168.239.10:80 >
 
        DocumentRoot "/www/ip/10"
 
        ServerName 192.168.239.10
 
</VirtualHost>
 
<virtualHost 192.168.239.200:80 >
 
        DocumentRoot "/www/ip/200"
 
        ServerName 192.168.239.200
 
</VirtualHost>

编辑httpd主配置文件

[root@server ~]# vim /etc/httpd/conf/httpd.conf
 
<IfModule dir_module>
 
    DirectoryIndex index.html home.html first.html
 
</IfModule>

重启httpd服务

[root@server ~]# systemctl restart httpd

客户机基于ip访问http服务

使用主机浏览器访问http服务