1.创建私有CA并进行证书申请
1.创建CA相关目录和文件
2.创建CA的私钥
3.给CA颁发自签名证书
4.用户生成私钥和证书申请
5.CA颁发证书
6.查看证书
7.将证书相关文件发送到用户端使用
8.证书的信任
2.总结ssh常用参数、用法
用法
ssh [user@]host [COMMAND]
ssh [-l user] host [COMMAND]
参数
-p port:远程服务器监听的端口
-b 指定连接的源IP
-v 调试模式
-C 压缩方式
-X 支持x11转发
-t 强制伪tty分配,如:ssh -t remoteserver1 ssh -t remoteserver2 ssh remoteserver3
-o option 如:-o StrictHostKeyChecking=no
-i 指定私钥文件路径,实现基于key验证,默认使用文件: ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_rsa等
3.总结sshd服务常用参数
Port
ListenAddress ip
LoginGraceTime 2m
PermitRootLogin yes #默认ubuntu不允许root远程ssh登录
StrictModes yes #检查.ssh/文件的所有者,权限等
MaxAuthTries #pecifies the maximum number of authentication attempts permitted per connection. Once the number of failures reaches half this value, additional failures are logged. The default is 6.
MaxSessions 10 #同一个连接最大会话
PubkeyAuthentication yes #基于key验证
PermitEmptyPasswords no #空密码连接
PasswordAuthentication yes #基于用户名和密码连接
GatewayPorts no
ClientAliveInterval 10 #单位:秒
ClientAliveCountMax 3 #默认3
UseDNS yes #提高速度可改为no
GSSAPIAuthentication yes #提高速度可改为no
MaxStartups #未认证连接最大值,默认值10
Banner /path/file
4.搭建dhcp服务,实现ip地址申请分发
安装dbcp包(server)
[root@centos8 ~]# dnf install -y dhcp-server
[root@centos8-1 ~]# rpm -ql dhcp-server
/etc/NetworkManager
/etc/NetworkManager/dispatcher.d
/etc/dhcp
/etc/dhcp/dhcpd.conf
/etc/dhcp/dhcpd6.conf
/etc/openldap/schema
/etc/openldap/schema/dhcp.schema
/etc/sysconfig/dhcpd
/usr/bin/omshell
/usr/lib/.build-id
/usr/lib/.build-id/34
/usr/lib/.build-id/34/65317388cf105ebe304f830965cf9afe389f96
/usr/lib/.build-id/b4
/usr/lib/.build-id/b4/9f2682bc12d00bb4128acc5873269b3547bf9f
/usr/lib/systemd/system/dhcpd.service
/usr/lib/systemd/system/dhcpd6.service
/usr/sbin/dhcpd
/usr/share/doc/dhcp-server
/usr/share/doc/dhcp-server/dhcp-lease-list.pl
/usr/share/doc/dhcp-server/dhcpd.conf.example
/usr/share/doc/dhcp-server/dhcpd6.conf.example
/usr/share/doc/dhcp-server/ldap
/usr/share/doc/dhcp-server/ldap/README.ldap
/usr/share/doc/dhcp-server/ldap/dhcp.schema
/usr/share/doc/dhcp-server/ldap/dhcpd-conf-to-ldap
/usr/share/man/man1/omshell.1.gz
/usr/share/man/man5/dhcpd.conf.5.gz
/usr/share/man/man5/dhcpd.leases.5.gz
/usr/share/man/man8/dhcpd.8.gz
/var/lib/dhcpd
/var/lib/dhcpd/dhcpd.leases
配置DHCP服务(server)
给客户端绑定IP
[root@centos8 ~]# cp /usr/share/doc/dhcp-server/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@centos8 ~]# vim /etc/dhcp/dhcpd.conf
启动dhcp服务
[root@centos8 ~]# systemctl start dhcpd