RHCE（二）

Nemophilistf.

已于 2023-03-22 17:53:29 修改

阅读量205

点赞数

分类专栏： RHCE 文章标签：服务器运维网络 linux

于 2023-03-22 17:51:11 首次发布

本文链接：https://blog.csdn.net/weixin_63781898/article/details/129712498

版权

RHCE 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

一、配置ntp时间服务器，确保客户端主机能和服务主机同步时间

·第一步：定位服务端，配置向阿里时间服务器进行同步时间

·第二步：定位服务端，重启服务，测试是否同步：

·第三步：定位服务端，配置允许访问的主机ip，并重启服务

·第四步：定位客户端，修改主配置文件中的时间服务器地址，并重启服务

·第五步：定位客户端，测试时间同步：

二、配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

一，创建新用户redhat

二，创建新的密钥对，并且发送到指定目录

三，客户端测试

一、配置ntp时间服务器，确保客户端主机能和服务主机同步时间

1.服务器主机从阿里云同步时间，并重启服务

准备服务端主机需要同步阿里时间服务器，准备客户端同步服务端时间服务器

·第一步：定位服务端，配置向阿里时间服务器进行同步时间

[root@server ~]# vim /etc/chrony.conf

进入主配置文件，定位第3行，删除后，添加： server ntp.aliyun.com iburst

·第二步：定位服务端，重启服务，测试是否同步：

[root@server ~]# systemctl start chronyd
[root@server ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 119.28.183.184                2   7   253    61   -220us[  -77us] +/-   76ms
^+ stratum2-1.ntp.mow01.ru.>     2   6   377    57  +3801us[+3801us] +/-   88ms
^+ electrode.felixc.at           3   7   377   122  +1478us[+1625us] +/-  125ms
^- ntp1.ams1.nl.leaseweb.net     2   6   377    56  -7111us[-7111us] +/-  154ms
[root@server ~]# timedatectl status
               Local time: 三 2023-03-22 04:23:48 EDT
           Universal time: 三 2023-03-22 08:23:48 UTC
                 RTC time: 三 2023-03-22 08:23:48
                Time zone: America/New_York (EDT, -0400)
System clock synchronized: yes   #yes表示已同步
              NTP service: active
          RTC in local TZ: no
[root@server ~]#

·第三步：定位服务端，配置允许访问的主机ip，并重启服务

[root@server ~]# vim /etc/chrony.conf

定位第27行，删除allow前的#注释，修改允许的主机网段及子网掩码

[root@server ~]# systemctl restart chronyd #重启服务

·第四步：定位客户端，修改主配置文件中的时间服务器地址，并重启服务

[root@server ~]# systemctl restart chronyd #重启服务

·第五步：定位客户端，测试时间同步：

二、配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

一，创建新用户redhat

[root@node1 ~]# useradd redhat        
[root@node1 ~]# passwd redhat 
更改用户 redhat 的密码 。
新的密码： 
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新

二，创建新的密钥对，并且发送到指定目录

[root@node1 ~]# ssh-keygeb -t rsa
bash: ssh-keygeb: command not found...
[root@node1 ~]# su redhat
[redhat@node1 root]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa):    
Created directory '/home/redhat/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:XHjKTBPG5CQriq9O0Fe2fAEUzxTmeCC2s6gtrkdckCE redhat@node1
The key's randomart image is:
+---[RSA 3072]----+
|E .oo.*+O.       |
| .o. o /.o       |
|   .+ = @ o      |
| o o.B B *       |
|o.+.o o S        |
|.+o.   .         |
|ooo              |
|oo.              |
|=+               |
+----[SHA256]-----+
[redhat@node1 root]$ 
[redhat@node1 root]$ ssh-copy-id root@192.168.183.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
The authenticity of host '192.168.183.128 (192.168.183.128)' can't be established.
ED25519 key fingerprint is SHA256:MK3vrSRPaKvJHtkQrrGnUqHK2sKzyWj6PCwnZwC6GkY.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.183.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.183.128'"
and check to make sure that only the key(s) you wanted were added.

[redhat@node1 root]$ ssh root@192.168.183.128
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Wed Mar 22 05:23:42 2023 from 192.168.183.1
[root@server ~]# 
[root@server ~]#

三，客户端测试

[redhat@node1 root]$ ssh root@192.168.183.128
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Wed Mar 22 05:23:42 2023 from 192.168.183.1
[root@server ~]#