Linux配置ntp时间服务器与ssh免密登录

作业：

1.配置ntp时间服务器，确保客户端主机能和服务主机同步时间

 

vim /etc/chrony.conf 更改服务器端及客户端配置 

服务器主机 更改信息为

allow 192.168.40.0/24 iburst(视自身IP情况)           

local stratum 10

（值10可被取代，可选范围为1-15。假如该计算机可以连接到一台最终与真实时间同步的计算机，那么该计算机的stratum层级几乎可以肯定比10小。因此，为local命令选取stratum 10这样的大数值，可以防止机器本身的时间与真实时间混淆，可以保证该机器不会将本身的时间授时给那些可以连接同步到真实时间的ntp服务器的ntp客户端。）                

客户端主机（添加要同步时间的服务器的IP）

服务器主机                                                               客户端主机

 重启（systemctl restart chronyd)

并修改服务器时间，（date 121212122002.30）

用客户端尝试同步(chronyc ntpada   ;        chronyc sources)

看是否成功

 没有问题

2.配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

[root@456 ~]# hostname host      
[root@456 ~]# bash                                                      \\更改名称



[root@host ~]# su redhat                                         \\登陆普通用户redhat

[redhat@host root]$ ssh-keygen -t rsa                          \\在客户端主机下创建密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa): 
/home/redhat/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa.
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BdGX5lOjocQVDaAKc5MvT9aKE4gpmpE90QQ4fq1m9HM redhat@host
The key's randomart image is:
+---[RSA 3072]----+
| ....   o+.o+=   |
|o  o   . o+ = +  |
|... = + ...= + . |
| + * * + o. +    |
|+ B + + S .  .   |
|.+ = o E .       |
|o o   = o        |
|       .         |
|                 |
+----[SHA256]-----+                                                    



之后将此密钥对中的公钥发送至服务端

[redhat@host root]$ ssh-copy-id -i /home/redhat/.ssh/id_rsa.pub root@192.168.40.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
The authenticity of host '192.168.40.132 (192.168.40.132)' can't be established.
ECDSA key fingerprint is SHA256:T7/sEALD9Zt772x20p8C6TgbsH+/J4RjD5lDASQ/aVE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.40.132'"
and check to make sure that only the key(s) you wanted were added.

在服务端的/root/.ssh/目录下查看是否接收到此公钥
[root@sever ~]# cd .ssh/
[root@sever .ssh]# ll
total 4
-rw-------. 1 root root 565 Aug 28 07:20 authorized_keys

尝试基于公钥的远程免密码登录
[redhat@host root]$ ssh redhat@192.168.40.132
Activate the web console with: systemctl enable --now cockpit.socket

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

Last failed login: Sun Aug 28 07:20:22 PDT 2022 from 192.168.40.128 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Aug 28 07:14:11 2022 from 192.168.40.1
[redhat@sever ~]#                                                  \\出现sever即为完成