1、指定在每天凌晨4:00将该时间点之前的系统日志信息(/var/log/messages )备份到目录下/backup,备份后日志文件名显示格式logfileYY-MM-DD-HH-MM
首先需要存在目录backup
mkdir /backup
使用corntab实现
进入用户定时任务编辑界面:crontab -e 编辑定时任务
从左到右依次是 分时日月周
0 4 * * * cp /var/log/messages /backup/logfile`date +\%Y-\%m-\%d-\%H-\%M`
注意:千万不要将d改为D
[root@euler backup]# cp /var/log/messages /backup/test`date +%Y-%m-%D-`
cp: 无法创建普通文件'/backup/test2023-11-11/24/23-': No such file or directory
2、配置ssh免密登陆:客户端主机通过redhat用户基于秘钥验证方式进行远程连接服务器的root用户。
客户端生成一对公钥和私钥
将公钥传输给服务器
[root@euler ssh]# ls
moduli ssh_host_ed25519_key
ssh_config ssh_host_ed25519_key.pub
sshd_config ssh_host_rsa_key
ssh_host_ecdsa_key ssh_host_rsa_key.pub
ssh_host_ecdsa_key.pub
#这一目录下存储的是 成对的公钥和私钥 是作为服务端生成的
[root@euler .ssh]# ls
known_hosts known_hosts.old
#这一目录下存储的则是作为客户端 用户所存储的公钥和私钥
开始实验:首先生成一对密钥
[root@euler .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/root_rsa //密钥存储的路径
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/root_rsa
Your public key has been saved in /root/.ssh/root_rsa.pub
The key fingerprint is:
SHA256:cnmqr3yu4AVst0GPi49PYvec0qiY5XP9ubVFz3Nw7i8 root@euler
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| . |
| . . o . |
| + = S . o .|
| . + * o . * |
| * *+. . ..=|
| B.X+++. o oE.o|
| o ==BB*.+.. .+|
+----[SHA256]-----+
[root@euler .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/root_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/root_rsa
Your public key has been saved in /root/.ssh/root_rsa.pub
The key fingerprint is:
SHA256:cnmqr3yu4AVst0GPi49PYvec0qiY5XP9ubVFz3Nw7i8 root@euler
The key's randomart image is:
+---[RSA 3072]----+
| |
| |
| . |
| . . o . |
| + = S . o .|
| . + * o . * |
| * *+. . ..=|
| B.X+++. o oE.o|
| o ==BB*.+.. .+|
+----[SHA256]-----+
将自己的公钥传输给要登陆的服务器 传递的路径为
AuthorizedKeysFile .ssh/authorized_keys
这一路径可以在配置文件中修改
将证书传递给 对端的服务器:
[root@euler ssh]# ssh-copy-id root@192.168.80.133
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.80.133's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.80.133'"
and check to make sure that only the key(s) you wanted were added.
然后就可以使用证书登录对端了
[root@node2 ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSzNr7npmDBZyHgXk+5iFc0kLVbC1fEFXrKxIjiiEw8vXKA1s1K4tHgtF/j+sosIWIGfjwvcl5nSg/RzUlKM1nAnA2BKUbvOKqp31+2+VeWQhWXc899b3NVaZbBVewNJnNRrAGtrvyb4ApuP0+9/s9NmxrU7GPxvL2wjkxHaWIni+aTwUXeX+fG+/zMJH/EXtVfa79tjkOc/3kIrivzZbSFYMFDInl6IgpV0UD8eXmhldiMoBt6CT3DVselM24Tjei7TMEIpCq//E254GZwX00N3NO+M3Avx0Mgdq6l2khXuj0Joi+RVtJZIgfnYnW+EqXJmuMyHJiogyprQkBvGvsMQlyvsGVCk1ROD3SzAl2ILPKo2Ln/MZYWkRH5VKXuUyEM3IT9jv7Dfgig92fNaoTEHiFZ1uwHFuvqPzLal/UNEA1xnTUKDRfiYMcRJZzNkeT95jctoCyvINsGOMv9t5j2imqEiDeGMF1e0EdiSBRjYaSJ7kgH33+q/lbKNl/vI8= root@euler
[root@node2 ~]# exit
注销
Connection to 192.168.80.133 closed.
[root@euler ssh]# cd .
[root@euler ssh]# cd
[root@euler ~]# cat .ssh/
id_rsa known_hosts root_rsa
id_rsa.pub known_hosts.old root_rsa.pub
[root@euler ~]# cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSzNr7npmDBZyHgXk+5iFc0kLVbC1fEFXrKxIjiiEw8vXKA1s1K4tHgtF/j+sosIWIGfjwvcl5nSg/RzUlKM1nAnA2BKUbvOKqp31+2+VeWQhWXc899b3NVaZbBVewNJnNRrAGtrvyb4ApuP0+9/s9NmxrU7GPxvL2wjkxHaWIni+aTwUXeX+fG+/zMJH/EXtVfa79tjkOc/3kIrivzZbSFYMFDInl6IgpV0UD8eXmhldiMoBt6CT3DVselM24Tjei7TMEIpCq//E254GZwX00N3NO+M3Avx0Mgdq6l2khXuj0Joi+RVtJZIgfnYnW+EqXJmuMyHJiogyprQkBvGvsMQlyvsGVCk1ROD3SzAl2ILPKo2Ln/MZYWkRH5VKXuUyEM3IT9jv7Dfgig92fNaoTEHiFZ1uwHFuvqPzLal/UNEA1xnTUKDRfiYMcRJZzNkeT95jctoCyvINsGOMv9t5j2imqEiDeGMF1e0EdiSBRjYaSJ7kgH33+q/lbKNl/vI8= root@euler
对比两证书发现 一致
3、搭建一个web网站,网站显示hello world内容
我们使用nginx搭建网站:
网站的默认路径在
/usr/share/nginx/html
在此路径下新建 index.html
写入:
hello world
然后重启服务
[root@euler html]# systemctl restart nginx
然后访问服务器
var code = "3e6d90c7-eb69-44e1-9ed7-ca86c07de94f"
var code = “3e6d90c7-eb69-44e1-9ed7-ca86c07de94f”