NTP时间服务器搭建配置以及配置ssh免密登录

最新推荐文章于 2023-11-23 10:29:08 发布

久经过敏

最新推荐文章于 2023-11-23 10:29:08 发布

阅读量361

点赞数

文章标签：服务器 linux 运维

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

本文链接：https://blog.csdn.net/m0_74834253/article/details/130790150

版权

目录

一.环境准备

二.配置Chrony实现搭建时间服务器

1.配置主机端的Chrony配置文件（server端）

2.配置用户端的Chrony配置文件（host1端）

三.时间服务器配置结果

四.配置ssh实现免密登录配置

1.定位服务端,制作密钥对

2.定位服务端，上传公钥

3.重复上述操作定位客户端，制作客户端向服务端的免密登录

五.ssh双向免密登录配置结果

一.环境准备

1.Linux操作系统（RedHat9）

2.安装软件：

[root@server ~]# yum  install  chrony  -y  # 安装用于搭建ntp时间服务器
[root@server ~]# systemctl  enable  chronyd # 开机启动
[root@server ~]# systemctl  start   chronyd # 启动服务
[root@server ~]# yum  install  openssh-server #安装用于实现ssh免密登录

3.主机共2台，一台server端、一台node端

4.所有主机可以联网，并熟知网络信息

5.关闭所有安全软件

二.配置Chrony实现搭建时间服务器

1.配置主机端的Chrony配置文件（server端）

1.进入chorny配置文件

vim  /etc/chrony.conf

2.修改配置文件

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server ntp.aliyun.com iburst //主机端使用的是阿里云提供的ntp服务

# Allow NTP client access from local network.
allow 192.168.163.0/24 //这里配置允许ntp服务访问的用户端范围

3.重启时间同步服务

[root@server ~]# systemctl restart  chronyd

4.同步时间

[root@server ~]# chronyc sourcestats -v
                             .- Number of sample points in measurement set.
                            /    .- Number of residual runs with same sign.
                           |    /    .- Length of measurement set (time).
                           |   |    /      .- Est. clock freq error (ppm).
                           |   |   |      /           .- Est. error in freq.
                           |   |   |     |           /         .- Est. offset.
                           |   |   |     |          |          |   On the -.
                           |   |   |     |          |          |   samples. \
                           |   |   |     |          |          |             |
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
203.107.6.88               16   8   20m     -0.149      9.018    -11us  2700us

2.配置用户端的Chrony配置文件（host1端）

1.进入chorny配置文件

vim  /etc/chrony.conf

2.修改配置文件

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 192.168.163.132 iburst //这里只需要将这里修改为主机端的IP地址即可

3.重启时间同步服务

[root@host1 ~]# systemctl restart  chronyd

4.同步时间

[root@node1 ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.163.132               3   6   347    21  -3989us[-2622us] +/-   37ms

三.时间服务器配置结果

检查srever是否时间同步

[root@server ~]# timedatectl status
               Local time: 日 2023-05-21 10:05:22 CST
           Universal time: 日 2023-05-21 02:05:22 UTC
                 RTC time: 日 2023-05-21 02:05:22
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes      # yes表示时间已同步
              NTP service: active
          RTC in local TZ: no

检查host1是否时间同步

[root@node1 ~]# timedatectl status 
               Local time: 日 2023-05-21 11:48:36 CST
           Universal time: 日 2023-05-21 03:48:36 UTC
                 RTC time: 日 2023-05-21 03:48:36
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

四.配置ssh实现免密登录配置

1.定位服务端,制作密钥对

[root@server ~]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):#回车
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:c7zFdtFQrplVma9jwGuSTcaYoJwNKhZThV1QSWuA8cw root@server
The key's randomart image is:
+---[RSA 3072]----+
|   .o*+=+.    ..=|
|  o o+o.o.     *.|
|   o oE=o. =  . =|
|  o . +...o.*  *.|
| . .    S o=+o=. |
|         oo++.+  |
|          .o . . |
|                 |
|                 |
+----[SHA256]-----+

2.定位服务端，上传公钥

[root@server ~]# ssh-copy-id root@192.168.163.133 #输入客户端的IP地址
The authenticity of host '192.168.163.133 (192.168.163.133)' can't be established.
ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes #输入yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.163.133's password: #输入对端的root用户密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.163.133'"
and check to make sure that only the key(s) you wanted were added.

3.重复上述操作定位客户端，制作客户端向服务端的免密登录

[root@node1 ~]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:63lh4RPV1pazNJfEGAZUFpW++ZHEpsUjYI6cmvQC32c root@node1
The key's randomart image is:
+---[RSA 3072]----+
|          .ooBB++|
|           o+.oO+|
|        . =...=.=|
|     . . +o. . X |
|      + S. o  * =|
|       = +=E . = |
|        o.oo    o|
|       . ..     .|
|        o.       |
+----[SHA256]-----+


 
[root@node1 ~]# ssh-copy-id root@192.168.163.132
The authenticity of host '192.168.163.132 (192.168.163.132)' can't be established.
ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.163.132's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.163.132'"
and check to make sure that only the key(s) you wanted were added.

五.ssh双向免密登录配置结果

node1登录server

[root@node1 ~]# ssh 192.168.163.132
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat May 20 10:56:14 2023 from 192.168.163.1
[root@server ~]#

server登录node1

[root@server ~]# ssh root@192.168.163.133
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat May 20 12:06:18 2023

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
NTP时间服务器搭建配置以及配置ssh免密登录

3.主机共2台，一台server端、一台node端。1.Linux操作系统（RedHat9）4.所有主机可以联网，并熟知网络信息。1.进入chorny配置文件。1.进入chorny配置文件。检查srever是否时间同步。检查host1是否时间同步。node1登录server。server登录node1。5.关闭所有安全软件。3.重启时间同步服务。3.重启时间同步服务。
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。