普通用户新增sudo权限&禁止root远程登录

创建新用户

[root@localhost ~]# useradd cookie

设置cookie用户的密码

[root@localhost ~]# passwd cookie

新增窗口登录cookie用户

Xshell:\> ssh cookie@192.168.X.XX

权限测试

[root@localhost ~]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

root用户重启成功

[cookie@localhost ~]$ /etc/init.d/sshd restart
/etc/init.d/sshd: line 33: /etc/sysconfig/sshd: Permission denied
rm: cannot remove `/var/run/sshd.pid': Permission denied   [FAILED]

Starting sshd: /etc/ssh/sshd_config: Permission denied
[FAILED]

[cookie@localhost ~]$ sudo /etc/init.d/sshd restart
cookie is not in the sudoers file.  This incident will be reported.

cookie用户无权限，重启失败

修改/etc/sudoers配置

[root@localhost ~]# visudo -f /etc/sudoers

找到

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

修改为：

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
cookie    ALL=(ALL)       ALL

保存，退出

cookie用户测试权限

[cookie@localhost ~]$ sudo /etc/init.d/sshd restart

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for cookie:
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

重启成功

在cookie用户中远程登录到root用户

在root用户下修改/etc/ssh/sshd_config文件

[root@localhost ~]# vi /etc/ssh/sshd_config

找到

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

将PermitRootLogin yes 改为 PermitRootLogin no 并去掉前面的#

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

重启sshd服务器

完成