1.配置ntp时间服务器,确保客户端主机能和服务主机同步时间
首先关闭防火墙、selinux:
[root@server ~]# systemctl stop firewalld
[root@server ~]# setenforce 0
[root@server ~]# getenforce
Permissive
第一步:在服务机中配置阿里云同步时间
[root@server ~]# vim /etc/chrony.conf
第二步:定位服务端,重启服务,判断是否同步
[root@server ~]# systemctl restart chronyd
[root@server ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 3 -1245us[-3233us] +/- 25ms
[root@server ~]# timedatectl status
Local time: 日 2023-03-19 17:13:59 CST
Universal time: 日 2023-03-19 09:13:59 UTC
RTC time: 日 2023-03-19 09:13:59
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
第三步:定位服务端,配置允许访问的主机ip并重启
[root@server ~]# vim /etc/chrony.conf
[root@server ~]# systemctl restart chronyd
第四步:定位客户端,测试时间同步:
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 119.28.206.193 2 6 377 39 +1086us[ +79us] +/- 65ms
^+ 79.133.44.136 1 6 377 36 -10ms[ -10ms] +/- 97ms
^+ stratum2-1.ntp.mow01.ru.> 2 6 377 10 +2463us[+2463us] +/- 101ms
^- time.cloudflare.com 3 6 177 101 +54ms[ +53ms] +/- 149ms
[root@node1 ~]# date
2023年 03月 19日 星期日 17:16:52 CST
2.配置ssh免密登陆,能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接
第一步:创建用户
第二步:定位客户端,制作秘钥并将公钥复制到服务端
[redhat@node1 root]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa):
Created directory '/home/redhat/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/redhat/.ssh/id_rsa
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:nfoBRGEjIjGVg7VBt14Z7K4UJKmqUk5Y3ITygCDBfCM redhat@node1
The key's randomart image is:
+---[RSA 3072]----+
|O.+B*oo.*. |
|=Eo=*=.=.+ |
| =o+o+..+ |
| = ...o.. . |
| + .oS o |
|o o . .o |
|.+ . .. . |
|o . . . . |
|. . |
+----[SHA256]-----+
[redhat@node1 root]$ ssh-copy-id root@192.168.125.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
The authenticity of host '192.168.125.128 (192.168.125.128)' can't be established.
ED25519 key fingerprint is SHA256:XwtjuqXGT6G23IUIRHYQTSzyZUUSMdJVGG4XyoO093A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host '192.168.125.128 (192.168.125.128)' can't be established.
ED25519 key fingerprint is SHA256:XwtjuqXGT6G23IUIRHYQTSzyZUUSMdJVGG4XyoO093A.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.125.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.125.128'"
and check to make sure that only the key(s) you wanted were added.
[redhat@node1 root]$
第二步:客户端测试