普通用户新增sudo权限&禁止root远程登录

创建新用户

[root@localhost ~]# useradd cookie

设置cookie用户的密码

[root@localhost ~]# passwd cookie

新增窗口登录cookie用户

Xshell:\> ssh cookie@192.168.X.XX

权限测试

[root@localhost ~]# /etc/init.d/sshd restartStopping sshd:                                             [  OK  ]Starting sshd:                                             [  OK  ]

root用户重启成功

[cookie@localhost ~]$ /etc/init.d/sshd restart/etc/init.d/sshd: line 33: /etc/sysconfig/sshd: Permission deniedrm: cannot remove `/var/run/sshd.pid': Permission denied   [FAILED]Starting sshd: /etc/ssh/sshd_config: Permission denied                                                           [FAILED]

[cookie@localhost ~]$ sudo /etc/init.d/sshd restartcookie is not in the sudoers file.  This incident will be reported.

cookie用户无权限，重启失败

修改/etc/sudoers配置

[root@localhost ~]# visudo -f /etc/sudoers

找到

## Allow root to run any commands anywhereroot    ALL=(ALL)       ALL

修改为：

## Allow root to run any commands anywhereroot    ALL=(ALL)       ALLcookie    ALL=(ALL)       ALL

保存，退出

cookie用户测试权限

[cookie@localhost ~]$ sudo /etc/init.d/sshd restartWe trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these three things:    #1) Respect the privacy of others.    #2) Think before you type.    #3) With great power comes great responsibility.[sudo] password for cookie: Stopping sshd:                                             [  OK  ]Starting sshd:                                             [  OK  ]

重启成功

在cookie用户中远程登录到root用户

在root用户下修改/etc/ssh/sshd_config文件

[root@localhost ~]# vi /etc/ssh/sshd_config

找到

#LoginGraceTime 2m#PermitRootLogin yes#StrictModes yes#MaxAuthTries 6#MaxSessions 10

将PermitRootLogin yes 改为 PermitRootLogin no 并去掉前面的#

#LoginGraceTime 2mPermitRootLogin no#StrictModes yes#MaxAuthTries 6#MaxSessions 10

重启sshd服务器

完成