1.配置ntp时间服务器,确保客户端主机能和服务主机同步时间
服务端
[root@server ~]# vim /etc/chrony.conf
allow 192.168.40.129/24 # 删除第26行的前导星号,启用白名单,将node1的ip添加进入
[root@server ~]# systemctl restart chronyd # 重启服务
客户端
[root@node1 ~]# vim /etc/chrony.conf
server 192.168.40.128 iburst
[root@node1 ~]# systemctl restart chronyd #重启服务
[root@node1 ~]# chronyc sources -v ##同步测试
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.168.40.128 3 6 17 27 +374ns[ -11us] +/- 102ms
[root@node1 ~]# date
2023年 08月 21日 星期一 17:59:21 CST
[root@node1 ~]# timedatectl status ###检查是否同步
Local time: 一 2023-08-21 18:00:29 CST
Universal time: 一 2023-08-21 10:00:29 UTC
RTC time: 一 2023-08-21 10:00:29
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes #### yes表示成功同步时间
NTP service: active
RTC in local TZ: no
[root@node1 ~]#
2.配置ssh免密登陆,能够实现客户端主机通过服务器端的redhat账户进行基于公钥验证方式的远
第一步:服务器端创建Redhat账户并设置密码
[root@server ~]# useradd redhat
[root@server ~]# passwd redhat
更改用户 redhat 的密码 。
新的密码:
无效的密码: 密码少于 8 个字符
重新输入新的密码:
passwd:所有的身份验证令牌已经成功更新。
第二步:定位node1做公私对
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:fzQ+KpYvX7Y/1hil/g861EfC0pLKlCrD6EAwe9tNef4 root@node1
The key's randomart image is:
+---[RSA 3072]----+
| |
|o |
| + . . + |
|. o o . o + + o|
| o o = oS+ .o+ = |
| o o = o.oo..+ .|
| o o o..*..= |
| . = E=.+=..|
| . =+ o+.o+|
+----[SHA256]-----+
[root@node1 ~]#
第三步:定位node1,将公钥上传
[root@node1 ~]# ssh-copy-id redhat@192.168.40.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
redhat@192.168.40.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'redhat@192.168.40.128'"
and check to make sure that only the key(s) you wanted were added.
[root@node1 ~]#
第四步:客户端测试
[root@node1 ~]# ssh redhat@192.168.40.128
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Aug 21 20:54:52 2023 from 192.168.40.129
[redhat@server ~]$