第八周作业

1.创建私有CA并进行证书申请

1.创建CA相关目录和文件

2.创建CA的私钥


3.给CA颁发自签名证书

4.用户生成私钥和证书申请


5.CA颁发证书

6.查看证书

7.将证书相关文件发送到用户端使用
8.证书的信任

2.总结ssh常用参数、用法

用法
 ssh [user@]host [COMMAND]
 ssh [-l user] host [COMMAND]

参数
 -p port：远程服务器监听的端口
 -b 指定连接的源IP
 -v 调试模式
 -C 压缩方式
 -X 支持x11转发
 -t 强制伪tty分配，如：ssh -t remoteserver1 ssh -t remoteserver2 ssh remoteserver3
 -o option 如：-o StrictHostKeyChecking=no
 -i 指定私钥文件路径，实现基于key验证，默认使用文件： ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_rsa等

3.总结sshd服务常用参数

 
Port
ListenAddress ip
LoginGraceTime 2m
PermitRootLogin yes     #默认ubuntu不允许root远程ssh登录
StrictModes yes       #检查.ssh/文件的所有者，权限等
MaxAuthTries        #pecifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.
MaxSessions 10       #同一个连接最大会话
PubkeyAuthentication yes   #基于key验证
PermitEmptyPasswords no  #空密码连接
PasswordAuthentication yes  #基于用户名和密码连接
GatewayPorts no
ClientAliveInterval 10     #单位:秒
ClientAliveCountMax 3     #默认3
UseDNS yes         #提高速度可改为no
GSSAPIAuthentication yes   #提高速度可改为no
MaxStartups         #未认证连接最大值，默认值10
Banner /path/file

4.搭建dhcp服务，实现ip地址申请分发

安装dbcp包(server)
 [root@centos8 ~]# dnf install -y dhcp-server

[root@centos8-1 ~]# rpm -ql dhcp-server
/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/dhcp
/etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd6.conf
/etc/openldap/schema
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/usr/bin/omshell
/usr/lib/.build-id
/usr/lib/.build-id/34
/usr/lib/.build-id/34/65317388cf105ebe304f830965cf9afe389f96
/usr/lib/.build-id/b4
/usr/lib/.build-id/b4/9f2682bc12d00bb4128acc5873269b3547bf9f
/usr/lib/systemd/system/dhcpd.service
/usr/lib/systemd/system/dhcpd6.service
/usr/sbin/dhcpd
/usr/share/doc/dhcp-server
/usr/share/doc/dhcp-server/dhcp-lease-list.pl
/usr/share/doc/dhcp-server/dhcpd.conf.example
/usr/share/doc/dhcp-server/dhcpd6.conf.example
/usr/share/doc/dhcp-server/ldap
/usr/share/doc/dhcp-server/ldap/README.ldap
/usr/share/doc/dhcp-server/ldap/dhcp.schema
/usr/share/doc/dhcp-server/ldap/dhcpd-conf-to-ldap
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcpd.conf.5.gz
/usr/share/man/man5/dhcpd.leases.5.gz
/usr/share/man/man8/dhcpd.8.gz
/var/lib/dhcpd
/var/lib/dhcpd/dhcpd.leases

配置DHCP服务(server)
 给客户端绑定IP
 [root@centos8 ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
 [root@centos8 ~]# vim /etc/dhcp/dhcpd.conf
 
启动dhcp服务
 [root@centos8 ~]# systemctl start dhcpd