一.使用密钥登录
1.先sudo su -s 切换到root
2.生成秘钥对
root@ubuntu:~# ssh-keygen 命令
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <== 按 Enter
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 直接按 Enter 留空
Enter same passphrase again: <== 回车
Your identification has been saved in /root/.ssh/id_rsa. <== 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. <== 公钥
The key fingerprint is:
0f:d3:e7:1a:1c:bd:5c:03:f1:19:f1:22:df:9b:cc:08 root@host
cd /root/.ssh/导出id_rsa 一定先导入密钥再执行下面操作
3.服务器安装公钥
cd /root/.ssh/
cat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
chmod 700 /root/.ssh/
4.设置ssh,密钥登录
vim /etc/ssh/sshd_config 修改下面配置
PermitRootLogin yes
PasswordAuthentication no
重启sshd
service ssh restart
退出shell,使用root加密钥登录
二.设置数据库配置文件权限
chattr +i /var/spool/cron/crontabs/root #禁止任何人修改计划任务
chattr +i /etc/postgresql/9.6/main/pg_hba.conf #禁止任何人修改数据库配置文件
chattr +a /data/postgresql #禁止任何人修改数据目录权限