ntp时间服务器和远程登录服务SSH

小陈爱锻炼

已于 2023-03-19 09:45:26 修改

阅读量1k

点赞数

分类专栏： linux网络服务文章标签：服务器运维 linux

于 2023-03-18 20:05:44 首次发布

本文链接：https://blog.csdn.net/weixin_64747212/article/details/129641409

版权

linux网络服务专栏收录该内容

7 篇文章 0 订阅

订阅专栏

1.配置ntp时间服务器，确保客户端主机能和服务主机同步时间

分析：首先客户端和服务主机同步，我们可以让客户端主机根据服务器主机进行同步，服务器主机从阿里云来进行同步

一，服务器主机从阿里云同步时间

二，重启服务，查看服务器主机是否同步

三，配置允许访问的IP，并重启服务

四，对于客户端修改主配置文件中时间服务器地址，并重启服务

编辑

五，查看客户端是否同步

2.配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

分析：首先是使用客户端redhat用户去基于公钥验证进行连接，首先我们先增加个用户，因为是客户端去的redhat用户访问服务器端，所以我们需要在客户端redhat用户创建密钥然后发给客户端

一，创建新用户redhat

二，创建新的密钥对，并且发送到指定目录

三，客户端测试

1.配置ntp时间服务器，确保客户端主机能和服务主机同步时间

分析：首先客户端和服务主机同步，我们可以让客户端主机根据服务器主机进行同步，服务器主机从阿里云来进行同步

一，服务器主机从阿里云同步时间

[root@server ~]# vim /etc/chrony.conf

二，重启服务，查看服务器主机是否同步

[root@server ~]# systemctl restart chronyd
[root@server ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17     9  +8156ns[ +654us] +/-   24ms
[root@server ~]# timedatectl status 
               Local time: 六 2023-03-18 19:32:49 CST
           Universal time: 六 2023-03-18 11:32:49 UTC
                 RTC time: 六 2023-03-18 11:32:49
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@server ~]# date 
2023年 03月 18日 星期六 19:32:51 CST

三，配置允许访问的IP，并重启服务

[root@server ~]# vim /etc/chrony.conf

[root@server ~]# systemctl restart chronyd

四，对于客户端修改主配置文件中时间服务器地址，并重启服务

[root@server ~]# vim /etc/chrony.conf

[root@server ~]# systemctl restart chronyd

五，查看客户端是否同步

[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# chronyc sources -v

  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
 / .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^? 192.168.38.128                3   6     3     1  -9426us[-9426us] +/-   26ms
[root@node1 ~]# timedatectl status 
               Local time: 六 2023-03-18 19:40:03 CST
           Universal time: 六 2023-03-18 11:40:03 UTC
                 RTC time: 六 2023-03-18 11:40:03
                Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no
[root@node1 ~]# date 
2023年 03月 18日 星期六 19:40:09 CST

2.配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

分析：首先是使用客户端redhat用户去基于公钥验证进行连接，首先我们先增加个用户，因为是客户端去的redhat用户访问服务器端，所以我们需要在客户端redhat用户创建密钥然后发给客户端

一，创建新用户redhat

[root@node1 ~]# useradd redhat        
[root@node1 ~]# passwd redhat 
更改用户 redhat 的密码 。
新的密码： 
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新。

二，创建新的密钥对，并且发送到指定目录

[redhat@node1 root]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:peN3IXp4nusrQ5Ca/umHNzX6fO6SPJSSf6LCnv2mNc8 redhat@node1
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|       .  .      |
|      o  o       |
|     o .S....    |
|    o  .++=. .   |
|   . . o+B*o.    |
|    . ++BBO*o    |
|     +*++@X@E    |
+----[SHA256]-----+
[redhat@node1 root]$ 
[redhat@node1 root]$ ssh-copy-id root@192.168.38.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.38.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.38.128'"
and check to make sure that only the key(s) you wanted were added.

三，客户端测试

[redhat@node1 root]$ ssh root@192.168.38.128
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Mar 18 19:58:18 2023 from 192.168.38.136
[root@server ~]# 
[root@server ~]# 
[root@server ~]#

此时便切换完成