RHCE--two

1.配置ntp时间服务器，确保客户端主机能和服务主机同步时间

[root@localhost ~]# yum install chrony -y        //软件安装 

//查看客户端主机时间

[root@client ~]# timedatectl 
               Local time: 日 2003-07-22 07:16:23 CST
           Universal time: 六 2003-07-22 23:16:23 UTC
                 RTC time: 日 2023-04-13 10:26:03
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: no
              NTP service: active
          RTC in local TZ: no
[root@client ~]#  

//修改配置文件---客户端

[root@client ~]# vim /etc/chrony.conf 
pool 192.168.186.138 iburst 

//修改配置文件---服务端

[root@server ~]# vim /etc/chrony.conf 
# Allow NTP client access from local network.
allow 192.168.186.0/24
 
# Serve time even if not synchronized to a time source.
local stratum 10

 //查看服务器时间，重启chronyd

[root@server ~]# date
2023年 04月 16日 星期日 19:51:18 CST
[root@server ~]# grep allow /etc/chrony.conf 
allow 192.168.186.0/24
[root@server ~]# systemctl restart chronyd

//客户端同步

[root@client ~]# ping 192.168.186.138
[root@client ~]# grep iburst /etc/chrony.conf 
#pool 2.rhel.pool.ntp.org iburst
#pool ntp.aliyun.com iburst
pool 192.168.186.138 iburst
[root@client ~]# systemctl restart chronyd
[root@client ~]# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.186.138              10   6    17     0    -19us[  -53us] +/-  354us
[root@client ~]# timedatectl 
               Local time: 日 2023-04-16 20:00:55 CST
           Universal time: 日 2023-04-16 12:00:55 UTC
                 RTC time: 日 2023-04-16 12:00:56
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@client ~]# chronyc ntpdata 
 
Remote address  : 192.168.186.138 (C0A8BA8A)
Remote port     : 123
Local address   : 192.168.186.137 (C0A8BA89)
Leap status     : Normal
Version         : 4
Mode            : Server
Stratum         : 10
Poll interval   : 6 (64 seconds)
Precision       : -26 (0.000000015 seconds)
Root delay      : 0.000000 seconds
Root dispersion : 0.000000 seconds
Reference ID    : 7F7F0101 ()
Reference time  : Sun Apr 16 12:03:56 2023
Offset          : -0.000075828 seconds
Peer delay      : 0.000886137 seconds
Peer dispersion : 0.000000034 seconds
Response time   : 0.000293112 seconds
Jitter asymmetry: +0.00
NTP tests       : 111 111 1111
Interleaved     : No
Authenticated   : No
TX timestamping : Daemon
RX timestamping : Kernel
Total TX        : 7
Total RX        : 7
Total valid RX  : 7
[root@client ~]# 
   

2.配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

//创建用户

[root@client ~]# useradd redhat
[root@client ~]# passwd redhat 
更改用户 redhat 的密码 。
新的密码： 
无效的密码： 密码少于 8 个字符
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新。
[root@client ~]# 

//创建新的密钥对，并发送到指定目录

[root@client .ssh]# su redhat
[redhat@client .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ttXkI8fBsvXzKNTArpYWluWKxVRVtDFNbPzcYi/1HpQ redhat@client
The key's randomart image is:
+---[RSA 3072]----+
|            ...O=|
|           +    O|
|          o O  ++|
|         o & =oE=|
|        S X X.=+.|
|       . * O ..=o|
|        o * . .oo|
|         o   .  .|
|                 |
+----[SHA256]-----+
[redhat@client .ssh]$ 
[redhat@client .ssh]$ ll
总用量 8
-rw-------. 1 redhat redhat 2602  4月 16 20:47 id_rsa
-rw-r--r--. 1 redhat redhat  567  4月 16 20:47 id_rsa.pub
[root@server .ssh]# ll
总用量 8
-rw-------. 1 root root 1695  4月 16 20:43 authorized_keys
-rw-r--r--. 1 root root 2590  4月 16 20:50 id_rsa
[root@server .ssh]#  

//客户端测试

[redhat@client .ssh]$ ssh 192.168.186.138
The authenticity of host '192.168.186.138 (192.168.186.138)' can't be established.
ED25519 key fingerprint is SHA256:IjiKi+oexrRWTbUACwNqXYQvu2F8yakPx49b7PW9lto.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.186.138' (ED25519) to the list of known hosts.
redhat@192.168.186.138's password: 
Activate the web console with: systemctl enable --now cockpit.socket
 
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Apr  8 10:10:53 2023
[redhat@server ~]$