目录
1、配置NTP时间服务器,确保客户端主机和服务器主机时间同步时间。
2、配置ssh免密登录,能够通过客户机通过客户端远程进行连接
1、配置NTP时间服务器,确保客户端主机和服务器主机时间同步时间。
注: 可以让客户端机同步服务器时间,服务器主机从阿里云同步
一、服务器同步阿里时间
[root@sever ~]# vim /etc/chrony.conf
在配置文件里增加如上字句
二、重启服务,检查是否同步
[root@sever ~]# systemctl restart chronyd
[root@sever ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? 47.75.39.85 0 7 0 - +0ns[ +0ns] +/- 0ns
[root@sever ~]# timedatectl status
Local time: 三 2023-03-22 17:49:51 CST
Universal time: 三 2023-03-22 09:49:51 UTC
RTC time: 三 2023-03-22 09:49:51
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: no
NTP service: active
RTC in local TZ: no
查看现在时间
[root@sever ~]# date
2023年 03月 22日 星期三 17:50:35 CST
三、关闭防火墙,selinux
[root@sever ~]# systemctl stop firewalld
[root@sever ~]# setenforce 0
四、定位服务端主机,配置允许访问的主机IP,重启服务
[root@sever ~]# vim /etc/chrony.conf
定位到第26行把#删掉并修改允许的主机网段以及子网掩码
26 allow 192.168.16.0/24
重启服务
[root@sever ~]# systemctl restart chronyd
五、定位客户端,测试同步时间
[root@node1 ~]# chronyc sources -v
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp1.flashdance.cx 2 8 147 38 -30ms[ -30ms] +/- 151ms
^* time.neu.edu.cn 1 8 377 497 -399us[ -453us] +/- 17ms
^+ netfee.ustc.edu.cn 2 7 177 108 +979us[ +979us] +/- 33ms
^- ntp6.flashdance.cx 2 8 377 489 -33ms[ -33ms] +/- 187ms
[root@node1 ~]# date
2023年 03月 22日 星期三 18:02:56 CST
2、配置ssh免密登录,能够通过客户机通过客户端远程进行连接
一、创建新的密钥对发给指定目录
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:FO45LqgEwYTt602SxGZ5s3TxBDcp5gHcGH6PkmnstOk root@node1
The key's randomart image is:
+---[RSA 3072]----+
|.o .o=..+. |
|+ ..o *ooo |
|.+ ..o.*o |
| .B.++o=.. |
|.+ =B+. S |
| .++o= . . |
| ..+= . . |
| ..o. . |
| . E |
+----[SHA256]-----+
二、客户端测试
[root@node1 ~]# ssh root@192.168.16.130
root@192.168.16.130's password:
Permission denied, please try again.
root@192.168.16.130's password:
Activate the web console with: systemctl enable --now cockpit.socket
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last failed login: Wed Mar 22 18:19:57 CST 2023 from 192.168.16.131 on ssh:notty
There were 4 failed login attempts since the last successful login.
Last login: Wed Mar 22 17:32:13 2023 from 192.168.16.1
[root@sever ~]#
此时远程连接成功