配置NTP时间同步与SSH免密登录

本文链接：https://blog.csdn.net/a0319_/article/details/131763466

1:配置ntp时间服务器，确保客户端主机和服务端主机同步时间

1：server配置

[root@server ~]# yum install chrony -y #写入yum源
Last metadata expiration check: 8:31:14 ago on Mon 17 Jul 2023 03:28:53 AM CST.
Package chrony-4.3-1.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

[root@server ~]# vim /etc/chrony.conf #进入配置文件
  1 # Use public servers from the pool.ntp.org project.
  2 # Please consider joining the pool (https://www.pool.ntp.org/join.html).
  3 server ntp.aliyun.com  iburst #将此行改为此命令保存退出（wq)
  
[root@server ~]# systemctl restart chronyd #重启服务

[root@server ~]# chronyc sources -v #测试是否连接到aliyun

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17    41   

-504us[-4269us] +/-   41ms

root@server ~]# timedatectl status 
               Local time: Mon 2023-07-17 12:13:33 CST
           Universal time: Mon 2023-07-17 04:13:33 UTC
                 RTC time: Mon 2023-07-17 04:13:33
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes #看是否为yes
              NTP service: active
          RTC in local TZ: no
          
root@server ~]# vim /etc/chrony.conf 
           26 allow 192.168.6.130/24  #将25行配置为node1的ip地址
[root@server ~]# systemctl restart chronyd #重启服务

2：node1 配置

[root@node1 ~]# yum install chrony -y  #下载yum源
Last metadata expiration check: 8:56:24 ago on Mon 17 Jul 2023 03:28:53 AM CST.
Package chrony-4.3-1.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!

[root@node1 ~]# vim /etc/chrony.conf #进入配置文件，将第三行改为server的ip地址
1 # Use public servers from the pool.ntp.org project.
2 # Please consider joining the pool (https://www.pool.ntp.org/join.html).
3 server 192.168.6.128  iburst

[root@node1 ~]# systemctl restart chronyd #重启服务
[root@node1 ~]# chronyc sources -v #查看时间服务器的ip是否为server的ip地址

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.6.128                 3   6    17    32  -1582ns[+9299ns] +/-   43ms
[root@node1 ~]# timedatectl status #检查是否同步完成
               Local time: Mon 2023-07-17 12:30:42 CST
           Universal time: Mon 2023-07-17 04:30:42 UTC
                 RTC time: Mon 2023-07-17 04:30:41
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes #注意此处是否为yes
              NTP service: active
          RTC in local TZ: no

配置ssh免密登录，能够实现客户端主机通过服务器端的redhat账户进行基于公钥验证方式的远程连接。

1：server配置

[root@server ~]# yum install openssh-server -y #安装ssh服务
[root@server ~]# useradd redhat #2：在server创建redhat用户
[root@server ~]# passwd redhat #给redhat创建密码为123 
Changing password for user redhat.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.

2：node1配置

[root@node1 ~]# yum install openssh-server -y #安装ssh服务
[root@node1 ~]# ssh-keygen -t rsa #1：定位node1，注册公私钥对，一直按回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Z6OExfCWSjTpENxWrFm01yJvH6XKmUMoFJ9RvXl0zow root@node1
The key's randomart image is:
+---[RSA 3072]----+
|   ..o==+...     |
|    o.+Bo= .. . .|
|     +o+@ o .+.* |
|     o+= = .ooE +|
|      + S B o.   |
|       o B * .   |
|        . * .    |
|           .     |
|                 |
+----[SHA256]-----+

[root@node1 ~]# ls /root/.ssh 查看密钥文件
id_rsa  id_rsa.pub


[root@node1 ~]# ssh-copy-id redhat@192.168.6.128 #定位node1端上传公钥

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.6.128 (192.168.6.128)' can't be established.
ED25519 key fingerprint is SHA256:I5LOcmDgbIBATAxUDqV88JV7xap5wjMSPo4DSfUd3A0.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes      
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
redhat@192.168.6.128's password: 
Connection closed by 192.168.6.128 port 22

[root@node1 ~]# ssh redhat@192.168.6.128 验证