RHCE ssh免密登录 httpd服务

目录

1.ssh 免密登录

第一台可以免密登录到第二台机器（准备两台Linux虚拟机）

ssh禁止root用户远程登录

2.httpd服务

配置基于不同IP的访问不同的站点要求默认首页文件为 first.html

1.ssh 免密登录

第一台可以免密登录到第二台机器（准备两台Linux虚拟机）

获取密钥：通过 ssh-keygen -t   rsa

[root@at ~]# ssh-keygen -t rsa      #第一台主机获取一对密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y                  #如果以前获取过，输y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NUhr/ekpw5J2JmsRc0ozFlsorJ6kL0DgNKOQHM5IQeA root@at
The key's randomart image is:
+---[RSA 3072]----+
|=*o  .  ..       |
|X=    o.o+.      |
|BEo  . .+++      |
|.o  o  .O..o .   |
|.  + . oSB  o    |
|. . o   oo . .   |
| . .    =.* o    |
|  . .  ..* o     |
|   .   ..        |
+----[SHA256]-----+

检查是否成功产生密钥：ls -l /root/.ssh/

                                        id_rsa   私钥

                                        id_rsa.pub 公钥 

[root@at ~]# ls -l /root/.ssh/
total 12
-rw------- 1 root root 2590 Oct  9 15:36 id_rsa
-rw-r--r-- 1 root root  561 Oct  9 15:36 id_rsa.pub
-rw-r--r-- 1 root root  177 Sep 24 11:55 known_hosts

将第一台主机的密钥发送给第二台

通过 ssh-copy-id -i root@192.168.153.132的公钥发给第二台主机，第二台主机的/root/.ssh会产生

id_rsa id_rsa.pub

[root@at ~]# ssh-copy-id -i root@192.168.153.132  #发送密钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.153.132's password:  #输入主机密码

进入第二台主机的 /root/.ssh/目录下查看是否有文件authorized_keys生成并查看

[root@xixi ~]# cd /root/.ssh/
[root@xixi .ssh]# ls
authorized_keys
[root@xixi .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnhz5giju+y0Z3eFOk63yNf8vxf9DD7mDDo6LYNx3ZYO0TFWkHJCjhaB3FzTE
pKpUt1WophpCSEeyVtTgMttgCyokopTyMDCIITeWX69OlUWG2l8G94/fjWzmgU0xCjWI+VEtVz/PclaQGpcxRzdHz1W
eV051LY+zvIEi2EzCYS679Zn5Z+rMYyBcfUPwYCDi1RRElGr7fqBHdy0OhIJdxSrzalELflZzRg7RRq0nMW5QSW5qgn
VC6B/PH7rjYUotKiv9tULnsKyEu3zV9vc9Q4bSWvulYt9qYquthU+r4SksPJzsZZAcYhnHMmPPdFnxHB/UBdQjaA9CY
+5ke0IOt root@localhost.localdomain
ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABgQDkzMR01UoPE1DbJ1A6THeAal8BWktS0qzAaeMaNYlaD79xFhJy1z1QrGl/SR1
3MS8NLZFODxtCrrJbv1v1qvMeNxfhx+zg+TOoyPnxqbZdUvSOdDmlLGcnO7vUSR0RjLiQtv2/5kfx7i1NailJTmlnc+
j6fghLk8F+j1moElC7Eo7OhLmwQQAMsfB+z1rUKHru0DIE5pk/Km10egNfI1fcWE1bN9WrMEztTBOqG+n6iGnr6mpBi
UuGDARMvN1tvSom99Z0VpcHmkqod/Te4FaPEgAqgEtNZZuMgSLi8D6k2avtVz9mZLKgGtTlMvaKiGoS5F7JIoP9RhuE
rMV2EHKtQAA8zR0JD9X7d1MDmV75egie5mXVfxq0dKX3yAndCDp9K0z5c3aZkAqalMH71E8/t9hMtOgQVvYC0MfSAmV
oIMOte0oi9b6MS5UwyyElqpXyRDZ1BxUkG6V+SG87aHV+eaidUYvfrvqmL3OwoezVkjDhWdfB8L0D+1x2QzsobA0= 
root@at

进行ssh免密登录测试

[root@at ~]# ssh root@192.168.153.132   #登录第二台主机不需要密码
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last login: Sun Oct  9 15:33:59 2022 from 192.168.153.1
[root@xixi ~]#          

ssh禁止root用户远程登录

1.进入ssh的配置文件（/etc/ssh/sshd_config）

2.修改 配置文件中的PermitRootlogin   yes  改为  no 

3.启动ssh服务

[root@at ~]# vim /etc/ssh/sshd_config 
#LogLevel INFO             #修改以下内容

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no         #把yes改为no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
保存退出


[root@at ~]# systemctl restart sshd   #重启ssh服务

建立新的会话连接产生效果

 需要输入密码，而且输入正确密码也无法进行root远程登录，实验成功

注意：在服务器上我们不难发现我们的连接不受影响，但是远程连接root用户却连接不上

2.httpd服务

配置基于不同IP的访问不同的站点要求默认首页文件为 first.html

添加不同的IP（nmcli）

[root@at ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.153.100/24
[root@at ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.153.200/24
[root@at ~]# nmcli connection up ens160 

创建两个IP对应的html目录，并写入2个index.html

[root@at ~]# mkdir -p /www/ip/{100,200}
[root@at ~]# echo "This is 192.168.153.100" > /www/ip/100/index.html 
[root@at ~]# echo "This is 192.168.153.200" > /www/ip/200/index.html

编写额外配置文件（/etc/httpd/conf.d/STP.conf）通过虚拟主机的方法

[root@at ~]# vim /etc/httpd/conf.d/STP.conf

<Directory "/www/ip">
    AllowOverride None
    Require all granted
<Directory "/www/ip">
    AllowOverride None
    Require all granted
</Directory>
</Directory>


<VirtualHost 192.168.153.100:80>
    DocumentRoot "/www/ip/100"
    ServerName 192.168.153.100
</VirtualHost>


<VirtualHost 192.168.153.200:80>
   DocumentRoot "/www/ip/200"
   ServerName 192.168.153.200
</VirtualHost>

进行测试

[root@at ~]# systemctl restart httpd  #重启httpd服务
[root@at ~]# curl 192.168.153.100
This is 192.168.153.100
[root@at ~]# curl 192.168.153.200
This is 192.168.153.200

要求默认文件为frist.html,需要对主配置文件进行修改

[root@at ~]# vim /etc/httpd/conf/httpd.conf  #进入
<IfModule dir_module>
    DirectoryIndex index.html first.html   #加上first.html
</IfModule>


#进入目录 /var/www/html下，创建frist.html文件并对其配置
[root@at ~]# cd /var/www/html
[root@at html]# echo "This is a first.html" > /var/www/html/first.html


#重启httpd服务
[root@at html]# systemctl restart httpd

查看

[root@at html]# curl 192.168.153.133
This is a first.html

注意：配置时，需关闭防火墙和selinux，每次修改配置文件都要重启httpd服务