1, / etc/passwd file
Add users, delete users, set passwords, user groups, etc
This file is used to view the users in the current system. You can also change the user ID to 0 to make the user become a user with root permission. See here for more details
2, / etc/sudoers file
This file can modify the user's permissions, set whether the user can have root permissions, and so on
##Allow root to run any commands anywhere root ALL=(ALL) ALL xuexuan ALL=(ALL) ALL #User permission settings %docker ALL=(ALL) ALL #User group permission settings ##Allows members of the 'sys' group to run networking, software, ##service management apps and more. #%sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ##Allows people in group wheel to run all commands %wheel ALL=(ALL) ALL ##Same thing without a password #%wheel ALL=(ALL) NOPASSWD: ALL
%wheel root user group
The user group needs to use%,
xuexuan ALL=(ALL) ALL
This line of code is explained in detail below. User groups are similar:
First column root user name
The second column ALL=(ALL): ALL represents the host, that is, the machine from which xuexuan logged in, (ALL) is the temporary identity, where ALL is ALL users (of course, it can also be configured as root),
The third column, ALL, represents xuexuan, a command that users can use, and ALL represents ALL commands (including the root command).
You can use the temporary root identity to access the root home directory. Of course, you have to enter the password every time. After the first input, you don't have to enter the password.
Change the configuration file so that you don't have to enter a password and can use the command directly.
xuexuan ALL=(root) NOPASSWD:ALL
But sometimes this is not particularly good, because some ordinary users can switch to the root user through some commands, such as
sudo /bin/ , sudo -i , sudo -s , sudo su
This is relatively dangerous, so try to limit these special commands,
It can also be done by modifying the configuration file,
xuexuan ALL=(root) NOPASSWD:ALL,!/bin/su ,!/bin/ 1 In this way, the xuexuan user cannot switch to the root user
3, / etc/ssh/sshd_config
SSH configuration file. Here are some common settings, which will be expanded in the future
Port 22 #Login port PermitRootLogin yes #Allow roo login MaxSessions 10 #Maximum number of sessions PubkeyAuthentication yes #Key authentication PermitEmptyPasswords no #Allow empty password PasswordAuthentication yes #Can password authentication be used
4, Configure ssh key login
ssh password login is not very secure. Hackers may invade the server by scanning ports, profiteering cracking or social engineering. Therefore, the server is usually configured to log in with a key.
This article is very detailed. Xshell can only set key login and disable password login to the full version
In the above article, in step 2, point 5, restart the sshd service. The original command does not work in centOS. I use the following command
service sshd restart
5, Kick out other SSH login users
1. View system online users
[root@apache ~]#who 14:15:41 up 42 days, 56 min, 2 users, load average: 0.07, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 116.204.64.165 14:15 0.00s 0.06s 0.04s w root pts/1 116.204.64.165 14:15 2.00s 0.02s 0.02s –
2. Check the current occupied terminal and don't kill yourself
[root@apache ~]#who am i root pts/0 2013-01-16 14:15 (116.204.64.165)
3. Use the pkill command to weed out each other
[root@apache ~]#pkill -kill -t pts/1
4. Use the w command to see if you kill it.
[root@apache ~]#w 14:19:47 up 42 days, 1:00, 1 user, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 116.204.64.165 14:15 0.00s 0.03s 0.00s w
Copyright: big cousin xiaoyaozi
Link to this article: https://blog.bbskali.cn/13.html
Licensed under the Creative Commons Attribution - non-commercial use 4.0 international agreement, reprinting of cited articles shall follow the same agreement.