购买云主机后部署云主机

新建用户

useradd nailsoul

 为新用户添加登录公钥

[root@instance-fgsqqzdg ~]# su nailsoul

[nailsoul@instance-fgsqqzdg root]$ ssh-keygen -t RSA

[nailsoul@instance-fgsqqzdg root]$ cd ~/.ssh/

[nailsoul@instance-fgsqqzdg .ssh]$ touch authorized_keys

[nailsoul@instance-fgsqqzdg .ssh]$ chmod 600 authorized_keys

[nailsoul@instance-fgsqqzdg .ssh]$  echo ssh-rsa ... [email protected] >> authorized_keys

把nailsoul添加到轮子组中 让它有执行sudo -i 的权利 配置文件/etc/sudoers

## Same thing without a password

# %wheel        ALL=(ALL)       NOPASSWD: ALL

%nailsoul ALL=(ALL)      NOPASSWD: ALL

ssh禁止密码登录 配置文件/etc/ssh/ sshd_config

# The default requires explicit activation of protocol 1

#Protocol 2

Protocol 2

#PasswordAuthentication yes

#PermitEmptyPasswords no

PasswordAuthentication no

#PubkeyAuthentication yes

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

# but this is overridden so installations will only check .ssh/authorized_keys

AuthorizedKeysFile .ssh/authorized_keys

重启sshd服务 使sshd配置生效

[root@instance-fgsqqzdg ~]# systemctl restart sshd.service

修改ssh端口为8888 配置文件/etc/ssh/ sshd_config

#   Port 22

   Port 8888

重启sshd服务 使sshd配置生效

[root@instance-fgsqqzdg ~]# netstat -nltp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1388/sshd           

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1102/master         

tcp6       0      0 :::22                   :::*                    LISTEN      1388/sshd           

tcp6       0      0 ::1:25                  :::*                    LISTEN      1102/master

[root@instance-fgsqqzdg ~]# systemctl restart sshd.service

[root@instance-fgsqqzdg ~]# netstat -nltp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      1614/sshd           

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1102/master         

tcp6       0      0 :::8888                 :::*                    LISTEN      1614/sshd           

tcp6       0      0 ::1:25                  :::*                    LISTEN      1102/master  

配置防火墙

[root@instance-fgsqqzdg ~]# systemctl start firewalld.service

[root@instance-fgsqqzdg ~]# firewall-cmd --list-all-zones

...

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:

...

[root@instance-fgsqqzdg ~]# firewall-cmd --zone=public --add-port=8888/tcp --permanent

success

[root@instance-fgsqqzdg ~]# firewall-cmd --reload

success

[root@instance-fgsqqzdg ~]# firewall-cmd --list-ports

8888/tcp

[root@instance-fgsqqzdg ~]# systemctl enable firewalld.service

Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.

Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.