先自我介绍一下,小编浙江大学毕业,去过华为、字节跳动等大厂,目前阿里P7
深知大多数程序员,想要提升技能,往往是自己摸索成长,但自己不成体系的自学效果低效又漫长,而且极易碰到天花板技术停滞不前!
因此收集整理了一份《2024年最新Linux运维全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,涵盖了95%以上运维知识点,真正体系化!
由于文件比较多,这里只是将部分目录截图出来,全套包含大厂面经、学习笔记、源码讲义、实战项目、大纲路线、讲解视频,并且后续会持续更新
如果你需要这些资料,可以添加V获取:vip1024b (备注运维)
正文
authpriv.* /var/log/secure
二.问题重现
1.环境信息
VMware CentOS7.9(IP:192.168.10.135)、RHEL7.7(IP:192.168.10.110)
防火墙及selinux关闭,参考(Chapter1):
2.两台机器实现openssh rpm安装
–>RHEL7.7(ip:192.168.10.110)机器
[root@rhel77 /]# yum install -y openssh*
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
rhel7.7 | 2.8 kB 00:00:00
Package openssh-server-7.4p1-21.el7.x86_64 already installed and latest version
Package openssh-7.4p1-21.el7.x86_64 already installed and latest version
Package openssh-clients-7.4p1-21.el7.x86_64 already installed and latest version
Package openssh-askpass-7.4p1-21.el7.x86_64 already installed and latest version
Package openssh-keycat-7.4p1-21.el7.x86_64 already installed and latest version
Nothing to do
[root@rhel77 /]#
–>CentOS7.9(ip:192.168.10.135)机器
[root@centos79 ~]# yum install -y openssh*
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.bupt.edu.cn
* extras: mirror.lzu.edu.cn
* updates: mirror.lzu.edu.cn
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
软件包 openssh-cavs-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-server-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-clients-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-askpass-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-ldap-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-server-sysvinit-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
软件包 openssh-keycat-7.4p1-22.el7_9.x86_64 已安装并且是最新版本
无须任何处理
[root@centos79 ~]#
3.两台机器机器实现ssh互信
–>RHEL7.7(ip:192.168.10.110)机器
命令:
cd ~
ssh-keygen
cd .ssh/
ls
ssh-copy-id 192.168.10.135
[root@rhel77 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #强烈建议直接回车使用默认路径
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): #密钥的密码短语(建议留空则直接回车)
Enter same passphrase again: #密钥的密码短语确认(建议留空则直接回车)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jHTGpurRdAzUvx4haQJJRFR5bZiS3j5TNyuB85/SXWc root@rhel77
The key's randomart image is:
+---[RSA 2048]----+
| ==oo+ + |
| o.+.= o |
| oo+== |
| .oXB = o |
| ++S= = o |
| + .+ = . E|
| o . + = o o.|
| . . o + . |
| . . |
+----[SHA256]-----+
[root@rhel77 ~]# cd .ssh/
[root@rhel77 .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@rhel77 .ssh]# ssh-copy-id 192.168.10.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.135's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.10.135'"
and check to make sure that only the key(s) you wanted were added.
[root@rhel77 .ssh]#
–>CentOS7.9(ip:192.168.10.135)机器
命令:
cd ~
ssh-keygen
cd .ssh/
ls
ssh-copy-id 192.168.10.110
[root@centos79 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #同上
Enter passphrase (empty for no passphrase): #同上
Enter same passphrase again: #同上
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nK6khtCnoJB2o1aVfqVlTNpJHMug4QQ/3orcPqAgda4 root@centos79
The key's randomart image is:
+---[RSA 2048]----+
| ..o .... |
| + o o+. |
| =. *o. |
| . oooo O |
| + oo. .S |
|B.o==..+ |
|*o=Booo . |
|.+E o+ . |
|. ...o |
+----[SHA256]-----+
[root@centos79 ~]# cd .ssh/
[root@centos79 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@centos79 .ssh]# ssh-copy-id 192.168.10.110
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.110's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.10.110'"
and check to make sure that only the key(s) you wanted were added.
[root@centos79 .ssh]#
4.ssh互信验证-问题重现
–>从RHEL7.7(ip:192.168.10.110)机器 ssh 到 CentOS7.9(ip:192.168.10.135)机器
–>从CentOS7.9(ip:192.168.10.135)机器 ssh 到 RHEL7.7(ip:192.168.10.110)机器
三. 问题解决梳理
1.两台机器文件权限验证(id_rsa,id_rsa.pub,authorized_keys,known_hosts)
–>RHEL7.7(ip:192.168.10.110)机器
[root@rhel77 /]# cd
[root@rhel77 ~]# cd .ssh/
[root@rhel77 .ssh]# pwd
/root/.ssh
[root@rhel77 .ssh]# ls -l
total 16
-rw------- 1 root root 395 Jun 9 09:26 authorized_keys
-rw------- 1 root root 1679 Jun 9 09:26 id_rsa
-rw-r--r-- 1 root root 393 Jun 9 09:26 id_rsa.pub
-rw-r--r-- 1 root root 176 Jun 9 09:27 known_hosts
[root@rhel77 .ssh]#
结论:文件权限无误
–>CentOS7.9(ip:192.168.10.135)机器
[root@centos79 .ssh]# cd
[root@centos79 ~]# cd .ssh/
[root@centos79 .ssh]# pwd
/root/.ssh
[root@centos79 .ssh]# ls -l
总用量 16
-rw------- 1 root root 393 6月 9 09:27 authorized_keys
-rw------- 1 root root 1679 6月 9 09:23 id_rsa
-rw-r--r-- 1 root root 395 6月 9 09:23 id_rsa.pub
-rw-r--r-- 1 root root 176 6月 9 09:26 known_hosts
[root@centos79 .ssh]#
结论:文件权限无误
2.两台机器.ssh目录权限验证
–>RHEL7.7(ip:192.168.10.110)机器
[root@rhel77 ~]# pwd
/root
[root@rhel77 ~]# ls -ld .ssh/
drwx------ 2 root root 80 Jun 9 09:27 .ssh/
[root@rhel77 ~]#
结论:.ssh目录权限为700,权限无误
–>CentOS7.9(ip:192.168.10.135)机器
[root@centos79 ~]# pwd
/root
[root@centos79 ~]# ls -ld .ssh/
drwx------ 2 root root 80 6月 9 09:27 .ssh/
[root@centos79 ~]#
结论:.ssh目录权限为700,权限无误
3.两台机器更改/etc/ssh/sshd_config文件配置
添加如下信息:
RSAAuthentication yes #允许RSA密钥
PubkeyAuthentication yes #启用公告密钥配对认证方式
################################################
添加位置:
RSAAuthentication yes
PubkeyAuthentication yes
The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
################################################
重启sshd,发现问题仍旧存在。
命令:
systemctl restart sshd
systemctl status sshd
4.问题点定位
最后,通过查看/var/log/secure,发现了问题的点
命令:
tail /var/log/secure -n 20
–>RHEL7.7(ip:192.168.10.110)机器
Jun 9 10:17:28 rhel77 sshd[12271]: Server listening on :: port 22.
Jun 9 10:17:28 rhel77 polkitd[948]: Unregistered Authentication Agent for unix-process:12264:668614 (system bus name :1.316, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jun 9 10:24:34 rhel77 sshd[12868]: Authentication refused: bad ownership or modes for directory /root
Jun 9 10:24:36 rhel77 sshd[12868]: Connection closed by 192.168.10.135 port 36168 [preauth]
[root@rhel77 ~]#
–>CentOS7.9(ip:192.168.10.135)机器
Jun 9 10:16:58 centos79 polkitd[728]: Unregistered Authentication Agent for unix-process:5517:669130 (system bus name :1.203, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
Jun 9 10:17:33 centos79 sshd[5534]: Authentication refused: bad ownership or modes for directory /root
Jun 9 10:17:37 centos79 sshd[5534]: Connection closed by 192.168.10.110 port 38882 [preauth]
Jun 9 10:24:02 centos79 sshd[5599]: Authentication refused: bad ownership or modes for directory /root
Jun 9 10:24:03 centos79 sshd[5599]: Connection closed by 192.168.10.110 port 38884 [preauth]
[root@centos79 ~]#
问题点:
–>RHEL7.7(ip:192.168.10.110)机器
Jun 9 10:24:34 rhel77 sshd[12868]: Authentication refused: bad ownership or modes for directory /root
–>CentOS7.9(ip:192.168.10.135)机器
Jun 9 10:24:02 centos79 sshd[5599]: Authentication refused: bad ownership or modes for directory /root
通过google搜索排查定位,被告知:/root目录权限过大(排查发现root目录权限为777),最多(建议)设置为700权限
/root目录权限
更改前:
–>RHEL7.7(ip:192.168.10.110)机器
最全的Linux教程,Linux从入门到精通
======================
-
linux从入门到精通(第2版)
-
Linux系统移植
-
Linux驱动开发入门与实战
-
LINUX 系统移植 第2版
-
Linux开源网络全栈详解 从DPDK到OpenFlow
第一份《Linux从入门到精通》466页
====================
内容简介
====
本书是获得了很多读者好评的Linux经典畅销书**《Linux从入门到精通》的第2版**。本书第1版出版后曾经多次印刷,并被51CTO读书频道评为“最受读者喜爱的原创IT技术图书奖”。本书第﹖版以最新的Ubuntu 12.04为版本,循序渐进地向读者介绍了Linux 的基础应用、系统管理、网络应用、娱乐和办公、程序开发、服务器配置、系统安全等。本书附带1张光盘,内容为本书配套多媒体教学视频。另外,本书还为读者提供了大量的Linux学习资料和Ubuntu安装镜像文件,供读者免费下载。
本书适合广大Linux初中级用户、开源软件爱好者和大专院校的学生阅读,同时也非常适合准备从事Linux平台开发的各类人员。
需要《Linux入门到精通》、《linux系统移植》、《Linux驱动开发入门实战》、《Linux开源网络全栈》电子书籍及教程的工程师朋友们劳烦您转发+评论
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
需要这份系统化的资料的朋友,可以添加V获取:vip1024b (备注运维)
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
img.cn/img_convert/9d4aefb6a92edea27b825e59aa1f2c54.png)
本书适合广大Linux初中级用户、开源软件爱好者和大专院校的学生阅读,同时也非常适合准备从事Linux平台开发的各类人员。
需要《Linux入门到精通》、《linux系统移植》、《Linux驱动开发入门实战》、《Linux开源网络全栈》电子书籍及教程的工程师朋友们劳烦您转发+评论
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
需要这份系统化的资料的朋友,可以添加V获取:vip1024b (备注运维)
[外链图片转存中…(img-GQrOeFDD-1713155335002)]
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!
3935
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
