目录
配置基于不同IP的访问不同的站点要求默认首页文件为 first.html
1.ssh 免密登录
第一台可以免密登录到第二台机器(准备两台Linux虚拟机)
获取密钥:通过 ssh-keygen -t rsa
[root@at ~]# ssh-keygen -t rsa #第一台主机获取一对密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y #如果以前获取过,输y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NUhr/ekpw5J2JmsRc0ozFlsorJ6kL0DgNKOQHM5IQeA root@at
The key's randomart image is:
+---[RSA 3072]----+
|=*o . .. |
|X= o.o+. |
|BEo . .+++ |
|.o o .O..o . |
|. + . oSB o |
|. . o oo . . |
| . . =.* o |
| . . ..* o |
| . .. |
+----[SHA256]-----+
检查是否成功产生密钥:ls -l /root/.ssh/
id_rsa 私钥
id_rsa.pub 公钥
[root@at ~]# ls -l /root/.ssh/
total 12
-rw------- 1 root root 2590 Oct 9 15:36 id_rsa
-rw-r--r-- 1 root root 561 Oct 9 15:36 id_rsa.pub
-rw-r--r-- 1 root root 177 Sep 24 11:55 known_hosts
将第一台主机的密钥发送给第二台
通过 ssh-copy-id -i root@192.168.153.132的公钥发给第二台主机,第二台主机的/root/.ssh会产生
id_rsa id_rsa.pub
[root@at ~]# ssh-copy-id -i root@192.168.153.132 #发送密钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.153.132's password: #输入主机密码
进入第二台主机的 /root/.ssh/目录下查看是否有文件authorized_keys生成并查看
[root@xixi ~]# cd /root/.ssh/
[root@xixi .ssh]# ls
authorized_keys
[root@xixi .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnhz5giju+y0Z3eFOk63yNf8vxf9DD7mDDo6LYNx3ZYO0TFWkHJCjhaB3FzTE
pKpUt1WophpCSEeyVtTgMttgCyokopTyMDCIITeWX69OlUWG2l8G94/fjWzmgU0xCjWI+VEtVz/PclaQGpcxRzdHz1W
eV051LY+zvIEi2EzCYS679Zn5Z+rMYyBcfUPwYCDi1RRElGr7fqBHdy0OhIJdxSrzalELflZzRg7RRq0nMW5QSW5qgn
VC6B/PH7rjYUotKiv9tULnsKyEu3zV9vc9Q4bSWvulYt9qYquthU+r4SksPJzsZZAcYhnHMmPPdFnxHB/UBdQjaA9CY
+5ke0IOt root@localhost.localdomain
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABgQDkzMR01UoPE1DbJ1A6THeAal8BWktS0qzAaeMaNYlaD79xFhJy1z1QrGl/SR1
3MS8NLZFODxtCrrJbv1v1qvMeNxfhx+zg+TOoyPnxqbZdUvSOdDmlLGcnO7vUSR0RjLiQtv2/5kfx7i1NailJTmlnc+
j6fghLk8F+j1moElC7Eo7OhLmwQQAMsfB+z1rUKHru0DIE5pk/Km10egNfI1fcWE1bN9WrMEztTBOqG+n6iGnr6mpBi
UuGDARMvN1tvSom99Z0VpcHmkqod/Te4FaPEgAqgEtNZZuMgSLi8D6k2avtVz9mZLKgGtTlMvaKiGoS5F7JIoP9RhuE
rMV2EHKtQAA8zR0JD9X7d1MDmV75egie5mXVfxq0dKX3yAndCDp9K0z5c3aZkAqalMH71E8/t9hMtOgQVvYC0MfSAmV
oIMOte0oi9b6MS5UwyyElqpXyRDZ1BxUkG6V+SG87aHV+eaidUYvfrvqmL3OwoezVkjDhWdfB8L0D+1x2QzsobA0=
root@at
进行ssh免密登录测试
[root@at ~]# ssh root@192.168.153.132 #登录第二台主机不需要密码
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Sun Oct 9 15:33:59 2022 from 192.168.153.1
[root@xixi ~]#
ssh禁止root用户远程登录
1.进入ssh的配置文件(/etc/ssh/sshd_config)
2.修改 配置文件中的PermitRootlogin yes 改为 no
3.启动ssh服务
[root@at ~]# vim /etc/ssh/sshd_config
#LogLevel INFO #修改以下内容
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no #把yes改为no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
保存退出
[root@at ~]# systemctl restart sshd #重启ssh服务
建立新的会话连接产生效果
需要输入密码,而且输入正确密码也无法进行root远程登录,实验成功
注意:在服务器上我们不难发现我们的连接不受影响,但是远程连接root用户却连接不上
2.httpd服务
配置基于不同IP的访问不同的站点要求默认首页文件为 first.html
添加不同的IP(nmcli)
[root@at ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.153.100/24
[root@at ~]# nmcli connection modify ens160 +ipv4.addresses 192.168.153.200/24
[root@at ~]# nmcli connection up ens160
创建两个IP对应的html目录,并写入2个index.html
[root@at ~]# mkdir -p /www/ip/{100,200}
[root@at ~]# echo "This is 192.168.153.100" > /www/ip/100/index.html
[root@at ~]# echo "This is 192.168.153.200" > /www/ip/200/index.html
编写额外配置文件(/etc/httpd/conf.d/STP.conf)通过虚拟主机的方法
[root@at ~]# vim /etc/httpd/conf.d/STP.conf
<Directory "/www/ip">
AllowOverride None
Require all granted
<Directory "/www/ip">
AllowOverride None
Require all granted
</Directory>
</Directory>
<VirtualHost 192.168.153.100:80>
DocumentRoot "/www/ip/100"
ServerName 192.168.153.100
</VirtualHost>
<VirtualHost 192.168.153.200:80>
DocumentRoot "/www/ip/200"
ServerName 192.168.153.200
</VirtualHost>
进行测试
[root@at ~]# systemctl restart httpd #重启httpd服务
[root@at ~]# curl 192.168.153.100
This is 192.168.153.100
[root@at ~]# curl 192.168.153.200
This is 192.168.153.200
要求默认文件为frist.html,需要对主配置文件进行修改
[root@at ~]# vim /etc/httpd/conf/httpd.conf #进入
<IfModule dir_module>
DirectoryIndex index.html first.html #加上first.html
</IfModule>
#进入目录 /var/www/html下,创建frist.html文件并对其配置
[root@at ~]# cd /var/www/html
[root@at html]# echo "This is a first.html" > /var/www/html/first.html
#重启httpd服务
[root@at html]# systemctl restart httpd
查看
[root@at html]# curl 192.168.153.133
This is a first.html
注意:配置时,需关闭防火墙和selinux,每次修改配置文件都要重启httpd服务