桥接:
[root@localhost ~]# nmcli c add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.15.222/24 ipv4.gateway 192.168.15.2 ipv4.dns 114.114.114.114 ipv4.method manual
Connection 'br1' (de5a13ef-056a-4e8c-abd7-eb6bcb6bc825) successfully added.
[root@localhost ~]# nmcli connection add type bridge-slave con-name br1-port1 ifname ens224 master br1
Connection 'br1-port1' (1a5465f7-921a-4231-9a28-0c5072f6b492) successfully added.
[root@localhost ~]# nmcli c up br1-port1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/24)
[root@localhost ~]# nmcli c up br1
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/25)
在windows上用CMD ping :
断开ens160
[roo@localhost ~]$ nmcli d disconnect ens160
Device 'ens160' successfully disconnected.
使网桥只在ens224上,ping windows:
免密登录
如果家目录下没有 .ssh 文件,可以先执行一下操作:
[root@localhost ~]# ssh localhost
现在就有了
进入 .ssh
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ls
known_hosts
产生公钥和私钥:
[root@localhost ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): 此处不要输入密码,我是试验输入了密码
Enter same passphrase again: 123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RbOBLAkVCwIa9Fz9VCpCdZ4JEt1jA7KWMEXVHE6dW5U root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|+o.o=@OO==B.. ...|
|..o.=.B+OX+* . E |
|. o =.o+*= o |
| . . .o . |
| S |
| |
| |
| |
| |
+----[SHA256]-----+
开启另一台虚拟机,ping一下通不通,然后用SSH登录(本是直接登录上的,因为此前输入过密码,所以此处需要密码)
[root@localhost ssh]# ssh root@192.168.15.130
The authenticity of host '192.168.15.130 (192.168.15.130)' can't be established.
ECDSA key fingerprint is SHA256:uaCrIib8FEIgsmJCack2K1d/dv8gre/T1KzJv3tXvbU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.15.130' (ECDSA) to the list of known hosts.
root@192.168.15.130's password:
Last login: Mon Nov 22 21:52:28 2021
[root@localhost ~]# exit
输入 ssh-keygen -t rsa ,产生
公钥: id_rsa.pub
私钥: id_rsa
[root@localhost ssh]# cd ~
[root@localhost ~]# cd .ssh
[root@localhost .ssh]# ls
id_rsa id_rsa.pub known_hosts
将公钥写入authorized_keys => 将公钥传递给远端的服务器
[root@localhost .ssh]# ssh-copy-id localhost
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@localhost's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'localhost'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
将authorized_keys拷贝到远端: /root/.ssh/
[root@localhost .ssh]# scp authorized_keys 192.168.15.130:~/.ssh/
root@192.168.15.130's password:
authorized_keys
登录远端服务器(不需密码直接登录)(此处有密码是因为前边输过)
[root@localhost .ssh]# ssh root@192.168.15.130
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Mon Nov 22 22:09:48 2021 from ::1
在另一台虚拟机上同样的步骤
拒绝远程用户登录:
首先进入到 /etc/ssh , ls 可以看到sshd_config 的配置文件
[root@localhost ~]# cd /etc/ssh
[root@localhost ssh]# ls
moduli ssh_config.d ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
ssh_config sshd_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
[root@localhost ssh]# vim sshd_config
用VIM打开 ,将PermitRootLogin yes 的yes修改为no,就可以拒绝了