首先需要在ROOT用户下

操作步骤如下

1 创建用户haoduck

  1. useradd haoduck

2 创建haoduck用户ssh密钥文件夹

  1. mkdir -p /home/haoduck/.ssh/
  2. chmod 700 /home/haoduck/.ssh/

3 创建公钥文件

公钥文件一般从自己的电脑上生成,诸如XShell、MobaXterm等工具都是可以生成的。这里就不赘述了

  1. vim /home/haoduck/.ssh/authorized_keys
  2. chmod 600 /home/haoduck/.ssh/authorized_keys
  3. chown -R haoduck /home/haoduck/.ssh/ #设置文件所有者为新用户haoduck

4 配置sudo权限(可选)

在最后添加一行haoduck ALL=(ALL) ALL或者haoduck ALL=(ALL) NOPASSWD: ALL,后者可以免密码使用sudo

  1. chmod u+w /etc/sudoers
  2. vim /etc/sudoers
  3. chmod u-w /etc/sudoers

5 修改sshd配置

  1. vim /etc/ssh/sshd_config

密钥登录:找到以下内容去掉签名的#号
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

禁用密码和ROOT登录:
找到以下内容
PasswordAuthentication yes
PermitRootLogin yes

改为
PasswordAuthentication no
PermitRootLogin no

重启sshdsystemctl restart sshdsystemctl restart sshservice sshd restartservice ssh restart

一键脚本

  1. #!/bin/bash
  2. #username=${1:="haoduck"}
  3. #pubkey=${2:="ssh-xxxxx"}
  4. username="haoduck"
  5. #pubkey="$(wget -qO- https://直链)"
  6. pubkey="ssh-xxxxx"
  7. #yum install -y sudo
  8. #apt-get install -y sudo
  9. useradd ${username}
  10. mkdir -p /home/${username}/.ssh/
  11. chmod 700 /home/${username}/.ssh/
  12. echo $pubkey > /home/${username}/.ssh/authorized_keys
  13. chmod 600 /home/${username}/.ssh/authorized_keys
  14. chown -R ${username} /home/${username}/.ssh/
  15. #sudo配置
  16. chmod u+w /etc/sudoers
  17. echo "${username} ALL=(ALL) ALL" > /etc/sudoers.d/${username}
  18. #echo "${username} ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/${username}
  19. #sshd配置
  20. sshd_file="/etc/ssh/sshd_config"
  21. cp -n $sshd_file /etc/ssh/sshd_config.bak
  22. sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
  23. sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
  24. sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
  25. #sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
  26. #sed -i "s|#\?PermitRootLogin.*|PermitRootLogin no|" $sshd_file
  27. systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart

如果只需要用ROOT用户,可以省略添加用户的步骤,一键脚本如下:

  1. #pubkey="$(wget -qO- https://直链)"
  2. pubkey="ssh-xxxxx" #这里改成你的公钥
  3. mkdir -p /root/.ssh/
  4. chmod 700 /root/.ssh/
  5. echo $pubkey > /root/.ssh/authorized_keys
  6. chmod 600 /root/.ssh/authorized_keys
  7. sshd_file="/etc/ssh/sshd_config"
  8. cp -n $sshd_file /etc/ssh/sshd_config.bak
  9. sed -i "s|#\?RSAAuthentication.*|RSAAuthentication yes|" $sshd_file
  10. sed -i "s|#\?PubkeyAuthentication.*|PubkeyAuthentication yes|" $sshd_file
  11. sed -i "s|#AuthorizedKeysFile .ssh/authorized_keys|AuthorizedKeysFile .ssh/authorized_keys|" $sshd_file
  12. sed -i "s|#\?PasswordAuthentication.*|PasswordAuthentication no|" $sshd_file
  13. sed -i "s|#\?PermitRootLogin.*|PermitRootLogin yes|" $sshd_file
  14. systemctl restart sshd;systemctl restart ssh;service sshd restart;service ssh restart