openssh免密登录配置
生成密钥ssh-keygen -t rsa -t rsa表示用rsa算法加密
[root@wzqserver ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YdA5RuOq3oRePxzvLpRG8TAWhjBddgp4p4+fh6E0Kgk root@wzq
The key's randomart image is:
+---[RSA 3072]----+
| o+o=Bo. |
| ..+*@+ |
| . ==* |
| .o... |
| .+S. |
|E o+ B |
| . .oooB * |
| oo.+..B o |
| .o . .*o |
+----[SHA256]-----+
[root@wzqserver ~]#
ll .ssh/查看生成的私钥和公钥 先ssh登录一次其他用户就会生成密钥
[root@wzqserver ~]# ll .ssh/
total 12
-rw-------. 1 root root 2590 Dec 22 17:48 id_rsa
-rw-r--r--. 1 root root 562 Dec 22 17:48 id_rsa.pub
-rw-r--r--. 1 root root 176 Dec 22 17:52 known_hosts
[root@wzqserver ~]#
把公钥复制到目标的系统上
[root@wzqserver ~]# ssh-copy-id root@192.168.47.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.47.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.47.128'"
and check to make sure that only the key(s) you wanted were added.
[root@wzqserver ~]#
在目标系统上查看是否收到
[root@wuhu ~]# ll .ssh/
total 4
-rw-------. 1 root root 562 Dec 22 17:57 authorized_keys
[root@wuhu ~]#
开始免密登录
[root@wzqserver ~]# ssh root@192.168.47.128
Last login: Thu Dec 22 17:52:38 2022 from 192.168.47.129
[root@wuhu ~]#
nfs课后作业
开放/nfs/shared目录,供所有用户查询资料
服务端下载nfs包
[root@wzqserver ~]# yum -y install nfs-utils
关闭防火墙和selinux
[root@wzqserver ~]# systemctl stop firewalld
[root@wzqserver ~]# setenforce 0
启动NFS服务
[root@wzqserver ~]# systemctl start nfs-server
[root@wzqserver ~]# systemctl start rpcbind
创建共享目录
[root@wzqserver ~]# mkdir -p /nfs/shared
编辑配置文件
[root@wzqserver ~]# vi /etc/exports
[root@wzqserver ~]# cat /etc/exports
/nfs/shared *(ro)
[root@wzqserver ~]#
重启NFS服务
[root@wzqserver ~]# systemctl restart nfs-server rpcbind
客户端
下载NFS包
[root@wuhu ~]# yum install nfs-utils
关闭防火墙和selinux
[root@wuhu ~]# systemctl stop firewalld
[root@wuhu ~]# setenforce 0
在客户端查看共享目录
[root@wuhu ~]# showmount -e 192.168.47.129
Export list for 192.168.47.129:
/nfs/shared *
[root@wuhu ~]#
创建挂载点目录,挂载
[root@wuhu ~]# mkdir /qifei
[root@wuhu ~]# mount 192.168.47.129:/nfs/shared /qifei
查看挂载是否成功
[root@wuhu ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 370M 0 370M 0% /dev
tmpfs 389M 0 389M 0% /dev/shm
tmpfs 389M 5.6M 384M 2% /run
tmpfs 389M 0 389M 0% /sys/fs/cgroup
/dev/mapper/cs-root 17G 2.1G 15G 13% /
/dev/sda1 1014M 214M 801M 22% /boot
tmpfs 78M 0 78M 0% /run/user/0
192.168.47.129:/nfs/shared 17G 1.9G 16G 12% /qifei
[root@wuhu ~]#
在服务端创建文件,在客户端查看
[root@wzqserver ~]# cd /nfs/shared/
[root@wzqserver shared]# touch yahaha
[root@wzqserver shared]# ls
yahaha
[root@wzqserver shared]#
[root@wuhu ~]# ls qifei/
yahaha
开放/nfs/upload目录为172.16.12.0/24网段的数据上传目录,并将所有用户组都映射为nfs-upload,其UID和GID均为300
创建共享目录
[root@wzqserver ~]# mkdir -p /nfs/upload
创建用户和组为nfsupload,指定UID GID均为300
[root@wzqserver ~]# useradd -r -u 300 nfsupload
[root@wzqserver ~]# id nfsupload
uid=300(nfsupload) gid=300(nfsupload) groups=300(nfsupload)
[root@wzqserver ~]#
修改/etc/exports文件
[root@wzqserver ~]# vi /etc/exports
[root@wzqserver ~]# cat /etc/exports
/nfs/shared *(ro)
/nfs/upload 172.16.12.0/24(rw,anonuid=300,anongid=300)
[root@wzqserver ~]#
重启服务
[root@wzqserver ~]# systemctl restart rpcbind nfs-server
在客户端查看nfs共享的目录
[root@wuhu ~]# showmount -e 192.168.47.129
Export list for 192.168.47.129:
/nfs/shared *
/nfs/upload 172.16.12.0/24
挂载目录
[root@wuhu ~]# mount -t nfs 192.168.47.129:/nfs/upload yoxi
[root@wuhu ~]# df -h |tail 1
192.168.47.129:/nfs/upload 17G 1.1G 16G 7% /root/yoxi
在共享目录创建文件
[root@wuhu ~]# cd upload/
[root@wuhu ~]# touch cici
touch: cannot touch 'abc': Permission denied
创建不了没权限,将服务端共享目录属主,属组都改为nfsupload
[root@wzqserver ~]# vi /etc/exports
[root@wzqserver ~]# chown -R 300 /nfs/upload/
[root@wzqserver ~]# chgrp -R 300 /nfs/upload/
[root@wzqserver ~]# ll /nfs
total 0
drwxr-xr-x. 2 root root 20 Dec 22 19:06 shared
drwxr-xr-x. 2 nfsupload nfsupload 6 Dec 22 18:08 upload
在客户端共享目录上创建文件
[root@wuhu ~]# cd /upload/
[root@wuhu upload]# touch abc
[root@wuhu upload]# ll
total 0
-rw-r--r--. 1 300 300 0 Dec 22 19:36 abc