Linux之SSH/DHCP/NTP
Linux服务 -------- SSH/DHCP/NTP
ssh服务:
管理服务器的方式:
本地管理 (安装系统、故障修复)
SSH远程连接的方式
Linux: ssh命令
Windows:
Xshell; Xmanager
SecureCRT
Putty
提供ssh服务/ssh客户端工具的软件:
[root@localhost ~]# rpm -qa | grep ssh
openssh-server-6.6.1p1-33.el7_3.x86_64
openssh-clients-6.6.1p1-33.el7_3.x86_64
[root@localhost ~]# systemctl status sshd
[root@localhost ~]# ss -antp | grep sshd
LISTEN 0 128 *:22 : users:(("sshd",pid=1202,fd=3))
1、远程连接主机
ssh [user@]host
# ssh 192.168.87.10
# ssh marin@192.168.87.10
2、远程连接主机执行命令
ssh 192.168.87.10 'hostname'
[root@localhost ~]# ssh martin@192.168.122.105 'hostname'
3、远程复制文件的工具
scp, rsync (增量复制)
[root@node01 ~]# scp /etc/fstab 192.168.122.121:/tmp/
[root@node01 ~]# scp 192.168.122.121:/etc/passwd /tmp/
-r:复制目录
rsync
[root@node01 ~]# rsync -av /bj/ 192.168.122.121:/sh
[root@node01 ~]# rsync -av /bj 192.168.122.121:/sh
配置文件:/etc/ssh/sshd_config
-
关闭SSH对主机名的解析
GSSAPIAuthentication no
UseDNS no[root@node1 ~]# systemctl restart sshd
-
禁用root用户远程连接
PermitRootLogin no
-
修改默认的SSH端口
Port 22345
ListenAddress 192.168.122.121[root@server ~]# ssh martin@192.168.87.10 -p 22345
关闭SELinux和防火墙
setenforce 0
vim /etc/sysconfig/selinux
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
SSH认证方式:
基于用户名、密码;默认
基于密钥
基于密钥的配置方法:
1、在客户端生成密钥对
2、把公钥传送给服务器
- 在客户端生成密钥对
[root@server ~]# ssh-keygen -t rsa
[root@server ~]# ls .ssh/
id_rsa id_rsa.pub known_hosts
id_rsa 私钥
id_rsa.pub 公钥
- 把公钥传送给服务器
[root@server ~]# ssh-copy-id -i -p 22345 192.168.87.10
DHCP服务器的部署
DHCP ----- Dynamic Host Configuration Protocol 动态主机配置协议
应用层协议
作用:为客户端分配IP信息
原理:
1、客户端发送DHCP Discovery探索DHCP服务器
2、DHCP服务器发送DHCP Offer (IP/NETMASK/GATEWAY/DNS)
3、客户端发送DHCP Request
4、DHCP服务器发送DHCP ACK
5、客户端发送Gratuation ARP用于检测IP地址是否冲突
软件:dhcp
配置文件:/etc/dhcp/dhcpd.conf
服务:dhcpd
端口:67/udp(DHCP服务端端口) , 68/udp(DHCP客户端端口)
示例:配置DHCP服务器
环境描述:
隔离网络: Lan1 网段:192.168.87.0/24
DHCP服务器: 192.168.87.101, dhcpserver.linux.com
客户端:
Linux
windows XP
- 配置主机名,IP地址
[root@server ~]# hostnamectl set-hostname server.linux.com
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
Generated by dracut initrd
DEVICE=eth0
NAME=eth0
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=192.168.87.101
NETMASK=255.255.255.0
[root@server ~]# systemctl restart network
[root@server ~]# systemctl restart NetworkManager
[root@server ~]# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:71:3b:1c brd ff:ff:ff:ff:ff:ff
inet 192.168.87.101/24 brd 192.168.87.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe71:3b1c/64 scope link
valid_lft forever preferred_lft forever
- 配置yum源,安装DHCP软件
[root@server ~]# mkdir /etc/yum.repos.d/default
[root@server ~]# mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d/default
[root@server ~]# vim /etc/yum.repos.d/local.repo
[local]
name=localsrc
baseurl=file:///mnt
enabled=1
gpgcheck=0
[root@server ~]# mount /dev/cdrom /mnt/
[root@server ~]# yum clean all
已加载插件:fastestmirror, langpacks
正在清理软件源: local
Cleaning up everything
[root@server ~]# yum makecache
已加载插件:fastestmirror, langpacks
local | 3.6 kB 00:00:00
(1/4): local/group_gz | 155 kB 00:00:00
(2/4): local/primary_db | 2.8 MB 00:00:00
(3/4): local/filelists_db | 2.9 MB 00:00:00
(4/4): local/other_db | 1.2 MB 00:00:00
Determining fastest mirrors
元数据缓存已建立
[root@server ~]#
[root@server ~]# yum install -y dhcp
- 编辑配置文件
[root@server ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.87.0 netmask 255.255.255.0 {
range 192.168.87.10 192.168.87.100;
option routers 192.168.87.1;
option domain-name-servers 114.114.114.114, 8.8.8.8;
}
[root@server ~]# systemctl start dhcpd
[root@server ~]# systemctl enable dhcpd >>>设置服务开机自动启动
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.
[root@server ~]# ss -anup | grep :67
UNCONN 0 0 *:67 : users:(("dhcpd",pid=1822,fd=7))
UNCONN 0 0 *%virbr0:67 : users:(("dnsmasq",pid=1506,fd=3))
- 测试
DHCP排错:
日志:/var/log/messages
# tail -f /var/log/messages
NTP服务器
NTP --------- Network Time Protocol 网络时间协议
软件: ntp
配置文件:/etc/ntp.conf
服务:ntpd
端口:123/udp
示例:配置ntp时间服务器
- 安装ntp软件
[root@server ~]# yum install -y ntp
- 编辑ntp配置文件
[root@server ~]# vim /etc/ntp.conf
restrict 192.168.87.0 mask 255.255.255.0 nomodify
server 127.127.1.0 iburst
fudge 127.127.1.0 stratum 10
[root@server ~]# systemctl start ntpd
[root@server ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[root@server ~]#
[root@server ~]# ss -anup | grep :123
UNCONN 0 0 192.168.124.1:123 : users:(("ntpd",pid=6092,fd=20))
UNCONN 0 0 192.168.87.101:123 : users:(("ntpd",pid=6092,fd=19))
- 关闭SELinux和防火墙
客户端测试:
[root@node1 ~]# ntpdate 192.168.87.101
11 Nov 12:15:19 ntpdate[13399]: adjust time server 192.168.87.101 offset -0.001224 sec
[root@node1 ~]#
也可以做计划任务,设置定期同步时间
[root@node1 ~]# crontab -l
*/50 * * * * /usr/sbin/ntpdate 192.168.87.101 &> /dev/null
[root@node1 ~]#