2022年辽宁省职业院校技能大赛网络系统管理赛项样题题解
![avatar][Chinaskills.png]
CSDN blog:(11条消息) qi_cc的博客_CSDN博客-领域博主
Rserver
路由转发
vim /etc/sysctl.conf
#取消注释
net.ipv4.ip_forward=1#立即生效
sysctl -pDHCP
#安装dhcp软件包
apt install isc-dhcp-server
#修改配置文件
vim /etc/dhcp/dhcpd.conf
#修改50行处
subnet 10.10.100.0 netmask 255.255.255.0 {
range 10.10.100.1 10.10.100.50;
option domain-name-servers 172.16.100.201;
option routers 10.10.100.254;
default-lease-time 600;
max-lease-time 7200;
}
vim /etc/default/isc-dhcp-server
#修改以下内容
INTERFACESv4="ens35" //10.10.100.0网段在哪块网卡上就填写哪块网卡的名字SSH
#安装ssh软件包
apt install openssh-server
#修改配置文件
vim /etc/ssh/sshd_config
port 2222
#16行下方新添加两行
AllowUsers Chinaskill20 //只允许user01
DenyUsers all //拒绝所有
#修改/etc/hosts.deny
sshd:All except 10.10.100.1:deny
#增加Chinaskill20用户
useradd Chinaskill20
passwd Chinaskill20
#密码ChinaSkill21!
#查看/etc/sudoers文件为只读,修改为有权限写
ls -l /etc/sudoers
-r--r----- 1 root root 669 Jan 20 2021 /etc/sudoers
chmod 777 /etc/sudoers
#在20行下方新增一行
Chinaskill20 ALL=(ALL:ALL) ALL
#将/etc/sudoers修改为原来的权限
chmod 440 /etc/sudoers
#配置Chinaskill20用户
mkdir /home/Chinaskill20
chown -R Chinaskill20:Chinaskill20 /home/Chinaskill20
vim /etc/passwd
#将最后的命令解释器修改为/bin/bash
Chinaskill20:x:1001:1001::/home/Chinaskill20:/bin/bash
#重启ssh服务Client操作部分
#实现对Rserver的Chinaskill20用户免密登录
ssh-keygen //一直回车即可
ssh-copy-id Chinaskill20@10.10.100.254 -p 2222
ssh Chinaskill20@10.10.100.254 -p 2222CA
#创建用户组ldsgp ,将zsuser、lsusr、wuusr添加到组内。
root@Rserver:~# groupadd ldsgp
root@Rserver:~# useradd -g ldsgp zsuser
root@Rserver:~# useradd -g ldsgp lsusr
root@Rserver:~# useradd -g ldsgp wuusr#先修改openssl的配置文件
vim /usr/lib/ssl/openssl.cnf
#修改48行
修改dir为存放CA需要文件的根目录
dir=/CA
#修改完成后,创建两个文件
#用于定位根目录位置
mkdir /CA
touch /CA/index.txt
#一个初始数字用于代表签发证书的数量,每签发一张证书,数字便会+1
#创建目录结构
cd /CA
mkdir newcert private certs
#生成CA根证书
#生成根证书的私钥,即key文件,长度为4096
root@Rserver:/CA# openssl genrsa -out cakey.pem 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
...................................................................................................................................................................................................................................++++
.................................................................................................................................++++
e is 65537 (0x010001)
root@Rserver:/CA#
root@Rserver:/CA# mv cakey.pem ./private/
#用刚才生成的私钥签发证书
root@Rserver:/CA# openssl req -new -x509 -key ./private/cakey.pem -out ./cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Liaoning
Locality Name (eg, city) []:Dandong
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:www.skills.com
Common Name (e.g. server FQDN or YOUR name) []:Skill Global Root CA
Email Address []:
root@Rserver:/CA#
#生成的cacert.pem即为根证书,需要将其导入所有主机的信任列表
root@Rserver:/CA# mv cacert.pem cacert.crt
root@Rserver:/CA# cp cacert.crt /usr/local/share/ca-certificates/
root@Rserver:/CA# update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
root@Rserver:/CA#Server01
RAID5和LVM
#新添加四块1G的硬盘
root@Server01:~# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
├─sda1 8:1 0 19G 0 part /
├─sda2 8:2 0 1K 0 part
└─sda5 8:5 0 975M 0 part [SWAP]
sdb 8:16 0 1G 0 disk
sdc 8:32 0 1G 0 disk
sdd 8:48 0 1G 0 disk
sde 8:64 0 1G 0 disk
sr0 11:0 1 45.1G 0 rom
root@Server01:~#
#安装软件包
apt install mdadm lvm*
#创建RAID5
mdadm -Cv /dev/md0 -l 5 -n 3 -x 1 /dev/sd[b-e]
# 将 md0 设置为 LVM,设备为/dev/vg01/lv01
vgcreate /dev/vg01 /dev/md0
lvcreate -n lv01 -L 1G vg01
#查看已建立的lvm
lvdisplay
--- Logical volume ---
LV Path /dev/vg01/lv01
LV Name lv01
VG Name vg01
LV UUID xOuaXJ-LIdb-CDct-BMhL-hKSa-sRbJ-4fuQTO
LV Write Access read/write
LV Creation host, time Server01, 2022-01-20 00:07:02 +0800
LV Status available
# open 0
LV Size 1.00 GiB
Current LE 256
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 4096
Block device 253:0
# 格式化为 ext4 文件系统;
mkfs.ext4 /dev/vg01/lv01
#开机自动挂载到/data 目录
mkdir /data
echo "/dev/vg01/lv01 /data ext4 defaults 0 0" >> /etc/fstabNFS
#安装nfs软件包
apt install nfs*
#建立共享目录
mkdir /data/share
#编写配置文件
vim /etc/exports
#再文件最后一行增加 && 实现了仅Service网段访问
/data/share 172.16.100.128/25(rw,sync,no_subtree_check,no_root_squash)
#重启服务
systemctl restart nfs-server
#在客户机上测试挂载时需要安装nfs-common
#客户机挂载命令测试
mount 172.16.100.201:/data/share /mnt
#http://bbs.chinaunix.net/thread-2001083-1-1.htmlDNS
#安装服务
apt install bind9
#编辑配置文件设置正向解析和反向解析
vim /etc/bind/named.conf.local
#增加一下内容
zone "100.16.172.in-addr.arpa" {
type master;
file "/etc/bind/db.sdskills.local";
};
zone "sdskills.com" {
type master;
file "/etc/bind/db.sdskills.zone";
};#编写正向解析文件
cp /etc/bind/db.local /etc/bind/db.sdskills.zone
vim /etc/bind/db.sdskills.zone
#正向解析文件为以下下内容
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA sdskills.com. root.sdskills.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS Server01.sdskills.com.
@ IN A 172.16.100.201
Server01 IN A 172.16.100.201
Server02 IN A 172.16.100.202
Rserver IN A 172.16.100.254
www IN A 172.16.100.201
root@Server01:/etc/bind##编写反向配置文件
cp /etc/bind/db.127 /etc/bind/db.sdskills.local
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA sdskills.com. root.sdskills.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS Server01.sdskills.com.
201 IN PTR Server01.sdskills.com.
202 IN PTR Server02.sdskills.com.
254 IN PTR Rserver.sdskills.com.
201 IN PTR www.sdskills.com.
root@Server01:/etc/bind##设置dns上层转发
vim /etc/bind/named.conf.options
#更改以下内容
forwarders {
192.168.10.4;
};#最后重启服务
systemctl restart bind9WEB
#安装服务
apt install apache2
#网页文件放在/data/share/htdocs/skills
vim /etc/apache2/apache2.conf
#在174行下方新增
<Directory /data/share/htdocs/skills/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
vim /etc/apache2/sites-enabled/000-default.conf
#修改12行
DocumentRoot /data/share/htdocs/skills/
#服务以webuser用户运行
useradd -u 600 webuser
vim /etc/apache2/envvars
#更改16-17行
export APACHE_RUN_USER=webuser
export APACHE_RUN_GROUP=webuser
#可以通过ps -aux | grep webuser来查看是否成功以webuser用户运行
ps -aux | grep webuser
webuser 18524 0.0 0.2 754320 6024 ? Sl 00:07 0:00 /usr/sbin/apache2 -k start
webuser 18525 0.0 0.2 754320 6024 ? Sl 00:07 0:00 /usr/sbin/apache2 -k start
root 18585 0.0 0.0 6076 828 pts/1 S+ 00:07 0:00 grep webuser
#配置首页内容
echo "This is the front page of sdskills's website" > /data/share/htdocs/skills/index.html
#重启服务
systemctl restart apache2
#设置staff页内容
echo "Staff Information" > /data/share/htdocs/skills/staff.htmlSSH
#安装ssh软件包
apt install openssh-server
#修改配置文件
vim /etc/ssh/sshd_config
port 3333
#16行下方新添加两行
AllowUsers Chinaskill20 //只允许user01
DenyUsers all //拒绝所有
#修改/etc/hosts.deny
sshd:All except 10.10.100.1:deny
#增加Chinaskill20用户
useradd Chinaskill20
passwd Chinaskill20
#密码ChinaSkill21!
#查看/etc/sudoers文件为只读,修改为有权限写
ls -l /etc/sudoers
-r--r----- 1 root root 669 Jan 20 2021 /etc/sudoers
chmod 777 /etc/sudoers
#在20行下方新增一行
Chinaskill20 ALL=(ALL:ALL) ALL
#将/etc/sudoers修改为原来的权限
chmod 440 /etc/sudoers
#配置Chinaskill20用户
mkdir /home/Chinaskill20
chown -R Chinaskill20:Chinaskill20 /home/Chinaskill20
vim /etc/passwd
#将最后的命令解释器修改为/bin/bash
Chinaskill20:x:1001:1001::/home/Chinaskill20:/bin/bash
#重启ssh服务Client操作部分
#实现对Rserver的Chinaskill20用户免密登录
ssh-keygen //一直回车即可
ssh-copy-id Chinaskill20@172.16.100.201 -p 3333
ssh Chinaskill20@172.16.100.201 -p 3333DBMS
#安装数据库及设置root密码
apt install mariadb-server
mysql_secure_installation //#具体操作在下面root@Server01:~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): //初次运行直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y //y,设置root用户密码,密码为Chinaskill20!
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y //y,是否删除匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n //y,是否禁止root远程登录
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y //y,是否删除test数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y //y,是否重新加载权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
root@Server01:~##设置phpmyadmin连接数据库的用户权限
mysql -u root -pChinaskill20!
grant all privileges on *.* to root@localhost identified by 'Chinaskill20!';
flush privileges;
exit#安装phpmyadmin
apt install unzip
mkdir /usr/share/phpmyadmin
unzip -d /data/share/htdocs/skills/phpmyadmin phpMyAdmin-5.1.1-all-languages.zip
mv /data/share/htdocs/skills/phpmyadmin/phpMyAdmin-5.1.1-all-languages/* /data/share/htdocs/skills/phpmyadmin
cp /data/share/htdocs/skills/phpmyadmin/config.sample.inc.php /data/share/htdocs/skills/phpmyadmin/config.inc.php
chmod 660 /data/share/htdocs/skills/phpmyadmin/config.inc.php
chown -R webuser:webuser /data/share/htdocs/skills/phpmyadmin
#安装环境
apt install php php-xml php-mysqli
#打开浏览器访问localhost/phpmyadmin
#user=root
#password=Chinaskill20!
#https://files.phpmyadmin.net/phpMyAdmin/5.1.1/phpMyAdmin-5.1.1-all-languages.zipServer02
FTP
#安装软件包
apt install vsftpd
#编辑配置文件
vim /etc/vsftpd.conf
local_root=/nfsshare/htdocs/skills //nfs共享挂载在本地/nfsshare
chroot_local_user=YES
allow_writeable_chroot=YES
local_umask=022
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
anon_upload_enable=YES
connect_from_port_20=YES
port_enable=YES
#编写允许用户登录的用户列表文件
vim /etc/vsftpd.userlist
#加入两条记录
ftpuser
webuser
#建立用户
useradd -d /nfsshare/htdocs/skills/ webuser
chown webuser /nfsshare/htdocs/skills/
useradd -d /nfsshare/htdocs/skills/ ftpuser
passwd ftpuser
passwd webuser
#默认密码ChinaSkill21!postfix,dovecot
#安装软件包
apt install postfix dovecot-pop3d mailutils
#安装时会弹出选项,第一个选择Internet Site,第二个输入你的FQDN 这里是Server02.sdskills.com
#配置为sdskill.com的邮件发送器
#编辑配置文件
vim /etc/postfix/main.cf
#配置文件没什么改的,实现基本功能在安装向导里面就完成了:)#编辑devecot的配置文件
vim /etc/dovecot/conf.d/10-auth.conf
#disable_plaintext_auth修改为
disable_plaintext_auth = no
vi /etc/dovecot/conf.d/10-ssl.conf
#ssl修改为
ssl = no
#最后重启服务
systemctl restart postfix
systemctl restart dovecot#创建邮箱测试用户
mkdir -p /home/user01
useradd user01 -d /home/user01 -s /bin/bash
chown user01:user01 /home/user01 -R
passwd user01
or
echo user01:Chinaskill20! | chasswd
#默认密码Chinaskill20!#批量创建邮箱测试用户的脚本
cat useradd.sh
#内下是脚本内容
#!/bin/bash
for i in $(seq 9)
do
mkdir /home/user0$i
useradd user0$i -d /home/user0$i -s /bin/bash
echo user0$i:Chinaskill20!|chpasswd
chown user0$i:user0$i /home/user0$i -R
done
for i in $(seq 10 99)
do
mkdir /home/user$i
useradd user$i -d /home/user$i -s /bin/bash
echo user$i:Chinaskill20!|chpasswd
chown user$i:user$i /home/user$i -R
done
#以上是脚本内容
chmod +x useradd.sh
sh useradd.sh#测试
root@Server02:~# telnet 172.16.100.202 25
Trying 172.16.100.202...
Connected to 172.16.100.202.
Escape character is '^]'.
220 Server02.sdskills.com ESMTP Postfix (Debian/GNU)
mail from:root@Server02.sdskills.com
250 2.1.0 Ok
rcpt to:user01@Server02.sdskills.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test mail
.
250 2.0.0 Ok: queued as 9630C80A56
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@Server02:~# su - user01
user01@Server02:~$ mail
"/var/mail/user01": 2 messages 1 new 1 unread
U 1 root@localhost Wed Jan 26 23:24 14/479
>N 2 root@Server02.sdsk Wed Jan 26 23:47 11/492
? t 2
Return-Path: <root@Server02.sdskills.com>
X-Original-To: user01@Server02.sdskills.com
Delivered-To: user01@Server02.sdskills.com
Received: from Server02.sdskills.com (Server02.sdskills.com [172.16.100.202])
by Server02.sdskills.com (Postfix) with SMTP id 9630C80A56
for <user01@Server02.sdskills.com>; Wed, 26 Jan 2022 23:47:06 +0800 (CST)
Message-Id: <20220126154724.9630C80A56@Server02.sdskills.com>
Date: Wed, 26 Jan 2022 23:47:06 +0800 (CST)
From: root@Server02.sdskills.com
test mail
? quit
Saved 1 message in /home/user01/mbox
Held 1 message in /var/mail/user01
You have mail in /var/mail/user01
user01@Server02:~$
#https://blog.csdn.net/microsko/article/details/104272574ssh
#安装ssh软件包
apt install openssh-server
#修改配置文件
vim /etc/ssh/sshd_config
port 4444
#将PermitRootLogin prohibit-password改为PermitRootLogin yes
PermitRootLogin yes
#修改/etc/hosts.deny
sshd:All except 10.10.100.1:denyClient操作部分
#实现对在client的Chinaskill20用户下可以免密登录Server02
#需要在client的Chinaskill20用户下执行
ssh-keygen //一直回车即可
ssh-copy-id root@172.16.100.201 -p 4444
ssh root20@172.16.100.201 -p 4444Server03
chrony
#安装软件
apt install chrony
#编辑配置文件
vim /etc/chrony/chrony.conf
#在最后加入两行
local
allow
#重启服务,服务端的操作就完成了
systemctl restart chrony
systemctl enable chrony#客户端操作
#安装必要的软件
apt install chrony ntpdate
#编辑配置文件
vim /etc/chrony/chrony.conf
#注释第三行
#pool 2.debian.pool.ntp.org iburst
#在最后加入一行
server 192.168.10.3 iburst
#重启服务
systemctl restart chrony
#最后停止chrony服务
systemctl stop chrony
#配置crontab
vim /etc/crontab
#在最后#号上方加入一行
*/1 * * * * root /usr/sbin/ntpdate 192.168.10.3#在客户端操作完成后就可以在服务端上查看
root@Server03:~# chronyc clients
Hostname NTP Drop Int IntL Last Cmd Drop Int Last
===============================================================================
172.16.100.202 41 0 4 - 1 0 0 - -
root@Server03:~#ssh
#安装ssh软件包
apt install openssh-server
#修改配置文件
vim /etc/ssh/sshd_config
port 2233
#将PermitRootLogin prohibit-password改为PermitRootLogin yes
PermitRootLogin yes
#修改/etc/hosts.deny
sshd:All except 10.10.100.1:denyClient操作部分
#实现对在client的Chinaskill20用户下可以免密登录Server02
#需要在client的Chinaskill20用户下执行
ssh-keygen //一直回车即可
ssh-copy-id root@172.16.100.201 -p 2233
ssh root20@172.16.100.201 -p 2233Server04
DNS
#安装必要的软件
apt install bind9
#编辑配置文件
cd /etc/bind
vim named.conf.local
#在下方添加以下内容
zone "skills.com" {
type master;
file "/etc/bind/db.skills.zone";
};
zone "10.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.skills.local";
};
#编写正向区域配置文件
cp db.local db.skills.zone
vim db.skills.zone
# 更改为以下内容
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA skills.com. root.skills.com (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS Server04.skills.com.
@ IN A 192.168.10.4
Server04 IN A 192.168.10.4
Server03 IN A 192.168.10.3
Rserver IN A 192.168.10.2
www IN A 192.168.10.4
#编写反向区域配置文件
cp db.127 db.skills.local
vim db.skills.local
#更改为以下内容
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA skills.com. root.skills.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS Server04.skills.com.
4 IN PTR Server04.skills.com.
3 IN PTR Server03.skills.com.
2 IN PTR Rserver.skills.com. #当非 skills.com 域的解析时,统一解析到 Rserver 连接 Internet网段的 IP 地址或 Rserver.skills.com
#更改默认区域文件
vim named.conf.default-zones
#修改根域名部分
zone "." {
type master;
file "/etc/bind/db.root";
};
#编写根域配置文件
cp db.local db.root
vim db.root
#更改为以下内容
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA @ none. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
. IN NS @
@ IN A 192.168.10.4
* IN A 192.168.10.2测试
root@Server04:/etc/bind# host Server03.skills.com
Server03.skills.com has address 192.168.10.3
root@Server04:/etc/bind# host 192.168.10.3
3.10.168.192.in-addr.arpa domain name pointer Server03.skills.com.
root@Server04:/etc/bind# host ccc.com
ccc.com has address 192.168.10.2
root@Server04:/etc/bind#Webserver
#安装必要的软件
apt install apache2
#创建网页根目录
mkdir /htdocs/skills -p
#创建服务运行用户
useradd -u 400 webuser
#更改运行用户
vim /etc/apache2/envvars
#更改16-17行
export APACHE_RUN_USER=webuser
export APACHE_RUN_GROUP=webuser
#重启服务可以看到服务以webuser用户运行
root@Server04:/etc/bind# systemctl restart apache2
root@Server04:/etc/bind# ps -aux | grep webuser
webuser 9479 0.0 0.3 754320 6084 ? Sl 18:03 0:00 /usr/sbin/apache2 -k start
webuser 9480 0.0 0.3 754320 6084 ? Sl 18:03 0:00 /usr/sbin/apache2 -k start
root 9571 0.0 0.0 6076 820 pts/2 S+ 18:03 0:00 grep webuser
vim /etc/apache2/apache2.conf
#在174行下方新增
<Directory /htdocs/skills/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
vim /etc/apache2/sites-enabled/000-default.conf
#修改12行
DocumentRoot /data/share/htdocs/skills/
root@Server04:/etc/bind#
#编辑首页文件
vim /htdocs/skills/index.html
#加入以下内容
"This is the front page of skills's website."
#编辑staff页文件
vim /htdocs/skills/staff.html
#加入以下内容
"Staff Information"
#最后重启服务
systemctl restart apache2
#测试
root@Server04:/htdocs/skills# curl www.skills.com
"This is the front page of skills's website."
root@Server04:/htdocs/skills# curl www.skills.com/staff.html
"Staff Information"
root@Server04:/htdocs/skills#ssh
#安装ssh软件包
apt install openssh-server
#修改配置文件
vim /etc/ssh/sshd_config
port3344
#将PermitRootLogin prohibit-password改为PermitRootLogin yes
PermitRootLogin yes
#修改/etc/hosts.deny
sshd:All except 10.10.100.1:denyClient操作部分
#实现对在client的Chinaskill20用户下可以免密登录Server02
#需要在client的Chinaskill20用户下执行
ssh-keygen //一直回车即可
ssh-copy-id root@172.16.100.201 -p 3344
ssh root20@172.16.100.201 -p 3344
135
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
