目录
一.环境准备
1.Linux操作系统(RedHat9)
2.安装软件:
[root@server ~]# yum install chrony -y # 安装用于搭建ntp时间服务器
[root@server ~]# systemctl enable chronyd # 开机启动
[root@server ~]# systemctl start chronyd # 启动服务
[root@server ~]# yum install openssh-server #安装用于实现ssh免密登录
3.主机共2台,一台server端、一台node端
4.所有主机可以联网,并熟知网络信息
5.关闭所有安全软件
二.配置Chrony实现搭建时间服务器
1.配置主机端的Chrony配置文件(server端)
1.进入chorny配置文件
vim /etc/chrony.conf
2.修改配置文件
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst //主机端使用的是阿里云提供的ntp服务
# Allow NTP client access from local network.
allow 192.168.163.0/24 //这里配置允许ntp服务访问的用户端范围
3.重启时间同步服务
[root@server ~]# systemctl restart chronyd
4.同步时间
[root@server ~]# chronyc sourcestats -v
.- Number of sample points in measurement set.
/ .- Number of residual runs with same sign.
| / .- Length of measurement set (time).
| | / .- Est. clock freq error (ppm).
| | | / .- Est. error in freq.
| | | | / .- Est. offset.
| | | | | | On the -.
| | | | | | samples. \
| | | | | | |
Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev
==============================================================================
203.107.6.88 16 8 20m -0.149 9.018 -11us 2700us
2.配置用户端的Chrony配置文件(host1端)
1.进入chorny配置文件
vim /etc/chrony.conf
2.修改配置文件
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 192.168.163.132 iburst //这里只需要将这里修改为主机端的IP地址即可
3.重启时间同步服务
[root@host1 ~]# systemctl restart chronyd
4.同步时间
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.163.132 3 6 347 21 -3989us[-2622us] +/- 37ms
三.时间服务器配置结果
检查srever是否时间同步
[root@server ~]# timedatectl status
Local time: 日 2023-05-21 10:05:22 CST
Universal time: 日 2023-05-21 02:05:22 UTC
RTC time: 日 2023-05-21 02:05:22
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes # yes表示时间已同步
NTP service: active
RTC in local TZ: no
检查host1是否时间同步
[root@node1 ~]# timedatectl status
Local time: 日 2023-05-21 11:48:36 CST
Universal time: 日 2023-05-21 03:48:36 UTC
RTC time: 日 2023-05-21 03:48:36
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
四.配置ssh实现免密登录配置
1.定位服务端,制作密钥对
[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):#回车
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:c7zFdtFQrplVma9jwGuSTcaYoJwNKhZThV1QSWuA8cw root@server
The key's randomart image is:
+---[RSA 3072]----+
| .o*+=+. ..=|
| o o+o.o. *.|
| o oE=o. = . =|
| o . +...o.* *.|
| . . S o=+o=. |
| oo++.+ |
| .o . . |
| |
| |
+----[SHA256]-----+
2.定位服务端,上传公钥
[root@server ~]# ssh-copy-id root@192.168.163.133 #输入客户端的IP地址
The authenticity of host '192.168.163.133 (192.168.163.133)' can't be established.
ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes #输入yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.163.133's password: #输入对端的root用户密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.163.133'"
and check to make sure that only the key(s) you wanted were added.
3.重复上述操作定位客户端,制作客户端向服务端的免密登录
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:63lh4RPV1pazNJfEGAZUFpW++ZHEpsUjYI6cmvQC32c root@node1
The key's randomart image is:
+---[RSA 3072]----+
| .ooBB++|
| o+.oO+|
| . =...=.=|
| . . +o. . X |
| + S. o * =|
| = +=E . = |
| o.oo o|
| . .. .|
| o. |
+----[SHA256]-----+
[root@node1 ~]# ssh-copy-id root@192.168.163.132
The authenticity of host '192.168.163.132 (192.168.163.132)' can't be established.
ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.163.132's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.163.132'"
and check to make sure that only the key(s) you wanted were added.
五.ssh双向免密登录配置结果
node1登录server
[root@node1 ~]# ssh 192.168.163.132
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat May 20 10:56:14 2023 from 192.168.163.1
[root@server ~]#
server登录node1
[root@server ~]# ssh root@192.168.163.133
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat May 20 12:06:18 2023