允许/禁止 某台服务使用什么用户器登录本机
###
> 服务器介绍
config-ssh 172.17.134.31
test1 172.17.134.32
test2 172.17.134.33
> 配置ssh_config
[root@config-ssh ~]# ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.134.31 netmask 255.255.255.0 broadcast 172.17.134.255 inet6 fe80::20c:29ff:fed6:8f8e prefixlen 64 scopeid 0x20<link> ether 00:0c:29:d6:8f:8e txqueuelen 1000 (Ethernet) RX packets 1130254 bytes 1382420447 (1.2 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 244193 bytes 187307919 (178.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@config-ssh ~]# cat /scripts/shell/execute_script.sh #!/bin/sh if [ `grep "PermitRootLogin yes" /etc/ssh/sshd_config|wc -l` -eq 1 ];then # 允许172.17.134.33服务器 使用root用户登录本机,允许所有服务器使用meisapp用户登录本机 echo 'AllowUsers root@172.17.134.32 meisapp@*' >>/etc/ssh/sshd_config elif [ `grep "PermitRootLogin no" /etc/ssh/sshd_config|wc -l` -eq 1 ];then # 禁用root登录 sed -i "#PermitRootLogin no#PermitRootLogin yes#" /etc/ssh/sshd_config # 允许172.17.134.32服务器 使用root用户登录本机,允许所有服务器使用meisapp用户登录本机 echo 'AllowUsers root@172.17.134.32 meisapp@*' >>/etc/ssh/sshd_config fi
[root@config-ssh ~]# sh /scripts/shell/execute_script.sh
# 修改过配置文件后,一定要重启
[root@config-ssh ~]# /etc/init.d/sshd restart
> 测试test1服务器
[root@test1 conf]# ssh root@172.17.134.31 root@172.17.134.31's password: Last login: Tue Nov 9 18:26:11 2021 [root@config-ssh ~]#
##############################################
[root@test1 conf]# ssh meisapp@172.17.134.31 meisapp@172.17.134.31's password:
Last login: Tue Nov 9 18:26:11 2021 [meisapp@config-ssh ~]$
> 测试test2服务器
[root@test2 ~]# ssh root@172.17.134.31 root@172.17.134.31's password: Permission denied, please try again.
root@172.17.134.31's password:
##############################################
[root@test2 conf]# ssh meisapp@172.17.134.31 meisapp@172.17.134.31's password: Last login: Tue Nov 9 18:26:11 2021 [meisapp@config-ssh ~]$
###