1.配置ntp时间服务器,确保客户端主机能和服务主机同步时间
使用chrony实现主机同步时间
(1)安装chrony
[root@server ~]# yum install chrony.x86_64 -y
[root@server ~]# systemctl start chronyd
[root@server ~]# systemctl status chronyd
(2)server主机服务器向阿里时间同步服务器进行时间同步
[root@server ~]# vim /etc/chrony.conf
进入chrony配置文件,编辑配置文件,定位定3行,修改为阿里的时间同步服务器地址(server ntp.aliyun.com iburst)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst
# Use NTP servers from DHCP.
sourcedir /run/chrony-dhcp
重启服务并测试
[root@server ~]# systemctl restart chronyd
[root@server ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 6 -38ms[ -37ms] +/- 85ms
[root@server ~]# timedatectl status
Local time: 一 2023-07-17 21:22:49 CST
Universal time: 一 2023-07-17 13:22:49 UTC
RTC time: 一 2023-07-17 13:22:49
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
yes 表示server主机服务器已与阿里时间同步服务器时间同步
(3)设置server主机服务器时间同步白名单
进入chrony配置文件,定位26行,设置node1可以访问本机进行时间同步
[root@server ~]# vim /etc/chrony.conf
将IP地址改为server端主机地址
# Allow NTP client access from local network.
allow 192.168.186.131/24
重启服务
[root@server ~]# systemctl restart chronyd
(4)定位node1端
进入chrony配置文件,编辑配置文件,定位定3行,修改为server的ip地址(server 192.168.186.130 iburst)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server 192.168.186.130 iburst
重启服务并检验
[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.186.130 3 6 17 22 -12us[-4653ns] +/- 42ms
[root@node1 ~]# timedatectl status
Local time: 一 2023-07-17 21:33:36 CST
Universal time: 一 2023-07-17 13:33:36 UTC
RTC time: 一 2023-07-17 13:33:36
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
时间服务器ip为server端的IP地址,yes表示同步成功,即node1客户端主机与server服务端主机时间同步成功
2.配置ssh免密登陆,能够实现客户端主机通过服务器端的redhat账户进行基于公钥验证方式的远程连接
(1)创造redhat账户
[root@server ~]# useradd redhat
[root@server ~]# passwd redhat
(2)定位node1(客户端)制作公私钥对
[redhat@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qYGbVwaxgjb0WXslhaFkoG4TG7vt1LfE2r+GLq4F4Lw root@node1
The key's randomart image is:
+---[RSA 3072]----+
| . ..= o+o |
| . + = =.o |
| O + = . |
| = B o o . |
| O o . S |
| . = = * |
| E = = +. |
| o o.=... |
| oooo+oo. |
+----[SHA256]-----+
(3)定位node1端,上传公钥
[redhat@server ~]# ssh-copy-id root@192.168.186.130
(4)测试
[redhat@server ~]$ ssh root@192.168.186.130
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Jul 17 22:15:22 2023 from 192.168.186.130
成功