Linux云自动化运维第六课
第九单元 openssh-server
一、openssh-server
功能:让远程主机可以通过网络访问sshd服务,开始一个安全shell
二、客户端连接方式
ssh 远程主机用户@远程主机ip ###连接远程主机
ssh 远程主机用户@远程主机ip -X ###调用远程主机图形工具
ssh 远程主机用户@远程主机ip command ###直接在远程主机运行某条命令
eg:[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 ###连接远程主机,远程主机用户@远程主机ip
The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes ###首次连接,建立认证关系yes
Warning: Permanently added '172.25.254.242' (ECDSA) to the list of known hosts.
fuwu@172.25.254.242's password: ###输入远程主机用户密码
Last login: Sun Mar 26 21:38:42 2017 from 172.25.254.142
[fuwu@localhost ~]$ gedit ###登陆成功
(gedit:5238): Gtk-WARNING **: cannot open display: ###无法调用远程主机图形工具
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 -X ###-X,调用远程主机图形工具
fuwu@172.25.254.242's password:
Last login: Sun Mar 26 21:46:51 2017 from 172.25.254.42
[fuwu@localhost ~]$ gedit ###登陆成功,远程主机图形工具调用成功
** (gedit:5350): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-UKyLlmteU7: 拒绝连接
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 touch /home/fuwu/Desktop/file{1..3} ###直接在远程主机运行命令touch,建立文件;文件建立在远程主机fuwu用户桌面
fuwu@172.25.254.242's password:
[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 rm -fr /home/fuwu/Desktop/file{1..3} ###直接在远程主机运行命令rm,删除远程主机fuwu用户桌面文件
fuwu@172.25.254.242's password:
[kiosk@foundation42 Desktop]$ ssh root@172.25.254.242 reboot ###直接在远程主机运行命令reboot,重启远程主机
root@172.25.254.242's password:
Connection to 172.25.254.242 closed by remote host.
[kiosk@foundation42 Desktop]$
[kiosk@foundation42 Desktop]$ scp fuwu@172.25.254.242:/home/fuwu/Desktop/file . ###将远程主机fuwu用户桌面文件file复制到当前目录
fuwu@172.25.254.242's password:
file 100% 8 0.0KB/s 00:00
[kiosk@foundation42 Desktop]$ scp file fuwu@172.25.254.242:/home/fuwu/Desktop ###将当前目录的文件file复制到远程主机fuwu用户的桌面
fuwu@172.25.254.242's password:
file 100% 8 0.0KB/s 00:00
[kiosk@foundation42 Desktop]$
三、sshkey加密
1.生成公钥私钥
eg:[fuwu@localhost ~]$ ssh-keygen ###生成公钥私钥工具
Generating public/private rsa key pair.
Enter file in which to save the key (/home/fuwu/.ssh/id_rsa): ###加密字符保存文件(回车键,默认)
Created directory '/home/fuwu/.ssh'.
Enter passphrase (empty for no passphrase): ###密钥密码,>4个字符(回车键也可)
Enter same passphrase again: ###确认密码
Your identification has been saved in /home/fuwu/.ssh/id_rsa. ###私钥路径
Your public key has been saved in /home/fuwu/.ssh/id_rsa.pub. ###公钥路径
The key fingerprint is:
95:55:ed:da:28:22:4a:1c:fb:f6:84:e8:d6:55:0e:54 fuwu@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| .E... |
| .o .|
| .o . |
| . .. . .|
| . oS + + |
| +...o o o .|
| ..+.o.. . |
| .o +. |
| ... .. |
+-----------------+
[fuwu@localhost ~]$ ls .ssh/
id_rsa id_rsa.pub
id_rsa ###私钥,就是钥匙
id_rsa.pub ###公钥,就是锁
2.添加key认证方式
[root@server0 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.0.11
ssh-copy-id ###添加key认证方式的工具
-i ###指定加密key文件
/root/.ssh/id_rsa.pub ###加密key
root ###加密用户为root
172.25.0.11 ###被加密主机ip
eg:[fuwu@localhost ~]$ ssh-copy-id -i /home/fuwu/.ssh/id_rsa.pub fuwu@172.25.254.242
The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
fuwu@172.25.254.242's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'fuwu@172.25.254.242'"
and check to make sure that only the key(s) you wanted were added.
[fuwu@localhost ~]$ ls .ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
3.分发钥匙给client主机
eg:[fuwu@localhost ~]$ su -
Password:
Last login: Sun Mar 26 21:23:11 EDT 2017 on :0
[root@localhost ~]# vim /etc/ssh/sshd_config ###进入编辑状态,79 PasswordAuthentication yes,yes改为no
[root@localhost ~]# systemctl restart sshd.service
[root@localhost ~]# exit
logout
[fuwu@localhost ~]$ scp /home/fuwu/.ssh/id_rsa kiosk@172.25.254.42:/home/kiosk/.ssh/ ###分发钥匙给主机kiosk用户
id_rsa 100% 1675 1.6KB/s 00:00
[fuwu@localhost ~]$
4.测试
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ###通过钥匙打开,不需要密码
Last login: Sun Mar 26 22:04:38 2017
[fuwu@localhost ~]$
eg:[fuwu@localhost ~]$ rm -fr .ssh/authorized_keys ###删除authorized_keys
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ###远程连接失败
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[fuwu@localhost ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys ###复制id_rsa.pub到authorized_keys
[fuwu@localhost ~]$ ls .ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ###远程连接成功
Last login: Sun Mar 26 23:00:47 2017 from 172.25.254.42
四、提升openssh的安全级别
1.openssh-server配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config ###进入编辑状态
78 PasswordAuthentication yes|no ###是否开启用户密码认证,yes为支持no为关闭
48 PermitRootLogin yes|no ###是否允许超级用户登陆
49 AllowUsers student westos ###用户白名单,只有在名单中出现的用户可以使用sshd建立shell
50 DenyUsers westos ###用户黑名单
eg:[root@localhost ~]# vim /etc/ssh/sshd_config ###进入编辑状态,48 PermitRootLogin no,不允许超级用户登陆
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh root@172.25.254.242 ###密码正确输入三次,超级用户无法登录
root@172.25.254.242's password:
Permission denied, please try again.
root@172.25.254.242's password:
Permission denied, please try again.
root@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[root@localhost ~]# vim /etc/ssh/sshd_config ###进入编辑状态,50 Denyusers student,用户黑名单,不允许student用户登陆
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh student@172.25.254.242 ###密码正确输入三次,student用户无法登录
student@172.25.254.242's password:
Permission denied, please try again.
student@172.25.254.242's password:
Permission denied, please try again.
student@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ###fuwu用户没加入黑名单,可以登陆
fuwu@172.25.254.242's password:
Last login: Sun Mar 26 23:42:15 2017 from 172.25.254.42
[fuwu@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[root@localhost ~]# vim /etc/ssh/sshd_config ###进入编辑状态,49 Allowusers student,用户白名单,只允许登陆student用户
[root@localhost ~]# systemctl restart sshd.service
[kiosk@foundation42 ~]$ ssh student@172.25.254.242 ###student用户在白名单上,可以登陆
student@172.25.254.242's password:
Last failed login: Sun Mar 26 23:46:33 EDT 2017 from 172.25.254.42 on ssh:notty
There were 3 failed login attempts since the last successful login.
[student@localhost ~]$ exit
登出
Connection to 172.25.254.242 closed.
[kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242 ###fuwu用户不在白名单上,无法登陆
fuwu@172.25.254.242's password:
Permission denied, please try again.
fuwu@172.25.254.242's password:
Permission denied, please try again.
fuwu@172.25.254.242's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
[kiosk@foundation42 ~]$
第十二单元 不同系统之间的文件传输
一、文件归档
1.文件归档,就是把多个文件变成一个归档文件
2.tar c ###创建
f ###指定归档文件名称
t ###显示归档文件中的内容
r ###向归档文件中添加文件
--get ###取出单个文件
--delete ###删除单个文件
x ###取出归档文件中的所有内容
-C ###指定解档目录
-z ###gz格式压缩
-j ###bz2格式压缩
-J ###xz格式压缩
eg:[root@localhost Desktop]# ls -ld dir/
drwxr-xr-x. 5 root root 4096 Mar 27 21:36 dir/
[root@localhost Desktop]# tar cf dir.tar dir/ ###打包dir,指定归档文件名dir.tar
[root@localhost Desktop]# ls
dir dir.tar etc.tar
[root@localhost Desktop]# du -sh dir/
4.0K dir/
[root@localhost Desktop]# du -sh dir.tar ###查看归档文件大小
12K dir.tar
[root@localhost Desktop]# tar tf dir.tar ###显示归档文件中的内容
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
[root@localhost Desktop]# ls
dir dir.tar etc.tar file
[root@localhost Desktop]# tar rf dir.tar file ###向归档文件中添加file文件
[root@localhost Desktop]# tar tf dir.tar
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
file
[root@localhost Desktop]# rm -fr file
[root@localhost Desktop]# ls
dir dir.tar etc.tar
[root@localhost Desktop]# tar f dir.tar --get file ###取出归档文件中单个文件
[root@localhost Desktop]# ls
dir dir.tar etc.tar file
[root@localhost Desktop]# tar f dir.tar --delete file ###删除归档文件中单个文件
[root@localhost Desktop]# tar tf dir.tar
dir/
dir/class1
dir/class2
dir/file1
dir/file2
dir/dir1/
dir/dir1/wenjian
dir/dir2/
dir/dir2/wenjian2
[root@localhost Desktop]# ls
dir.tar etc.tar file
[root@localhost Desktop]# tar xf dir.tar ###取出归档文件中所有内容
[root@localhost Desktop]# ls
dir dir.tar etc.tar file
[root@localhost Desktop]# ls /mnt/
[root@localhost Desktop]# tar xf dir.tar -C /mnt/ ###指定解档目录为/mnt/
[root@localhost Desktop]# ls /mnt/
dir
二、压缩
1.gz
gzip etc.tar ###压缩成gz格式
gunzip etc.tar.gz ###解压gz格式压缩包
tar zcf etc.tar.gz /etc ###把文件归档为tar并压缩成gz
tar zxf etc.tar.gz ###解压并解档gz格式压缩包
eg:[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# du -sh etc ###查看目录etc的大小
34M etc
[root@localhost Desktop]# du -sh etc.tar ###查看归档文件etc.tar的大小
30M etc.tar
[root@localhost Desktop]# gzip etc.tar ###将etc.tar压缩成gz格式
[root@localhost Desktop]# ls
dir etc etc.tar.gz
[root@localhost Desktop]# du -sh etc.tar.gz ###压缩后变小
8.4M etc.tar.gz
[root@localhost Desktop]# gunzip etc.tar.gz ###解压
[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# rm -fr etc.tar
[root@localhost Desktop]# ls
dir etc
[root@localhost Desktop]# tar zcf etc.tar.gz etc ###把文件归档为tar并压缩成gz
[root@localhost Desktop]# ls
dir etc etc.tar.gz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir etc.tar.gz
[root@localhost Desktop]# tar zxf etc.tar.gz ###解压并解档gz格式压缩包
[root@localhost Desktop]# ls
dir etc etc.tar.gz
2.bz2
bzip2 etc.tar ###压缩成bz2格式
bunzip2 etc.tar.bz2 ###解压bz2格式压缩包
tar jcf etc.tar.bz2 /etc ###把文件归档为tar并压缩成bz2
tar jxf etc.tar.bz2 ###解压并解档bz2格式压缩包
eg:[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# bzip2 etc.tar ###压缩成bz2格式
[root@localhost Desktop]# ls
dir etc etc.tar.bz2
[root@localhost Desktop]# du -sh etc.tar.bz2 ###变小
7.0M etc.tar.bz2
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir etc.tar.bz2
[root@localhost Desktop]# bunzip2 etc.tar.bz2 ###解压bz2格式压缩包
[root@localhost Desktop]# ls
dir etc.tar
[root@localhost Desktop]# tar xf etc.tar
[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# rm -fr etc.tar
您在 /var/spool/mail/root 中有邮件
[root@localhost Desktop]# ls
dir etc
[root@localhost Desktop]# tar jcf etc.tar.bz2 etc ###把文件归档为tar并压缩成bz2
[root@localhost Desktop]# ls
dir etc etc.tar.bz2
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir etc.tar.bz2
[root@localhost Desktop]# tar jxf etc.tar.bz2 ###解压并解档bz2格式压缩包
[root@localhost Desktop]# ls
dir etc etc.tar.bz2
3.xz
xz etc.tar ###压缩成xz格式
unxz etc.tar.xz ###解压xz格式压缩包
tar Jcf etc.tar.xz /etc ###把文件归档为tar并压缩成xz
tar Jxf etc.tar.xz ###解压并解档xz格式压缩包
eg:[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# xz etc.tar ###压缩成xz格式
[root@localhost Desktop]# ls
dir etc etc.tar.xz
[root@localhost Desktop]# du -sh etc.tar.xz ###变小
5.7M etc.tar.xz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir etc.tar.xz
[root@localhost Desktop]# unxz etc.tar.xz ###解压xz格式压缩包
[root@localhost Desktop]# ls
dir etc.tar
[root@localhost Desktop]# tar xf etc.tar
[root@localhost Desktop]# rm -fr etc.tar
[root@localhost Desktop]# ls
dir etc
[root@localhost Desktop]# tar Jcf etc.tar.xz etc ###把文件归档为tar并压缩成xz
[root@localhost Desktop]# ls
dir etc etc.tar.xz
[root@localhost Desktop]# rm -fr etc
[root@localhost Desktop]# ls
dir etc.tar.xz
[root@localhost Desktop]# tar Jxf etc.tar.xz ###解压并解档xz格式压缩包
[root@localhost Desktop]# ls
dir etc etc.tar.xz
4.zip
zip -r etc.tar.zip etc.tar ###压缩成zip格式
unzip etc.tar.zip ###解压
eg;[root@localhost Desktop]# ls
dir etc etc.tar
[root@localhost Desktop]# zip -r etc.tar.zip etc.tar ###压缩成zip格式
adding: etc.tar (deflated 72%)
[root@localhost Desktop]# ls
dir etc etc.tar etc.tar.zip
[root@localhost Desktop]# du -sh etc.tar.zip ###变小
16M etc.tar.zip
[root@localhost Desktop]# rm -fr etc.tar etc
[root@localhost Desktop]# ls
dir etc.tar.zip
[root@localhost Desktop]# unzip etc.tar.zip ###解压
Archive: etc.tar.zip
inflating: etc.tar
[root@localhost Desktop]# ls
dir etc.tar etc.tar.zip
三、系统中的文件传输
scp file username@ip:/dir ###上传,速度慢
scp username@ip:/dir/file /dir ###下载,速度慢
rsync [参数] file username@ip:/dir ###速度快
rsync -r ###同步目录
-l ###不忽略链接
-p ###不忽略文件权限
-t ###不忽文件时间戳
-g ###不忽文件所有组
-o ###不忽文件所有人
-D ###不忽略设备文件
eg:[root@localhost Desktop]# scp dir/adjtime kiosk@172.25.254.42:/home/kiosk/Desktop/dir/
kiosk@172.25.254.42's password:
adjtime 100% 16 0.0KB/s 00:00
[root@localhost Desktop]# scp kiosk@172.25.254.42:/home/kiosk/Desktop/dir/adjtime .
kiosk@172.25.254.42's password:
adjtime 100% 16 0.0KB/s 00:00
[kiosk@foundation42 Desktop]$ ls -l adjtime
-rw-r--r-- 1 kiosk kiosk 18 Mar 20 00:45 adjtime
[kiosk@foundation42 Desktop]$ rsync -r adjtime root@172.25.254.142:/root/Desktop/ ###同步目录
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root root 18 Mar 28 11:01 adjtime
[kiosk@foundation42 Desktop]$ rsync -tr adjtime root@172.25.254.142:/root/Desktop/ ###不忽文件时间戳
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root root 18 Mar 19 12:45 adjtime
[kiosk@foundation42 Desktop]$ rsync -gr adjtime root@172.25.254.142:/root/Desktop/ ###不忽文件所有组
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 root student 18 Mar 28 11:03 adjtime
[kiosk@foundation42 Desktop]$ rsync -or adjtime root@172.25.254.142:/root/Desktop/ ###不忽文件所有人
root@172.25.254.142's password:
[root@localhost Desktop]# ls -l adjtime
-rw-r--r--. 1 student root 18 Mar 28 11:04 adjtime
第十一单元 管理网络
一、ip基础知识(ipv4)
2进制32位-----10进制
172.25.0.10/255.255.255.0
172.25.0.10:ip地址
255.255.255.0:子网掩码
子网掩码255位对应的ip位为网络位
子网掩码0对应的ip位为主机位
二、配置ip
1.图形化界面
nm-connection-editor
2.文本化图形
nmtui
<<命令>>
ifconfig 网卡 ip netmask ##临时设定
nmcli connection add ethernet con-name westos ifname eth0 autoconnect yes
nmcli connection add type ethernet con-name westos ifname eth0 ip4 ip/24
nmcli connection delete westos
nmcli connection show
nmcli connection down westos
nmcli connection up westos
nmcli connection modify "westos" ipv4.addresses newip/24
nmcli connection modify "westos" ipv4.method <auto|manual>
nmcli device connect eth0
nmcli device disconnect eth0
nmcli device show
nmcli device status
eg:[root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 autoconnect yes ###网络服务开启时自动激活
Connection 'westos' (55e75ad1-f03b-4388-b5d3-bd564ec6431d) successfully added.
[root@localhost Desktop]# nmcli connection delete westos ###删除网络
[root@localhost Desktop]# nmcli device connect eth0
Error: Device activation failed: The device has no connections available.
[root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 ip4 172.25.254.142/24
Connection 'westos' (9ff61eec-d85a-4a31-abd1-c7b40b5e623b) successfully added.
[root@localhost Desktop]# nmcli device connect eth0 Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.
[root@localhost Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
westos 9ff61eec-d85a-4a31-abd1-c7b40b5e623b 802-3-ethernet eth0
[root@localhost Desktop]# nmcli connection down westos
[root@localhost Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
westos 9ff61eec-d85a-4a31-abd1-c7b40b5e623b 802-3-ethernet --
[root@localhost Desktop]# nmcli connection up westos
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)
[root@localhost Desktop]# nmcli connection show
NAME UUID TYPE DEVICE
westos 9ff61eec-d85a-4a31-abd1-c7b40b5e623b 802-3-ethernet eth0
[root@localhost Desktop]# nmcli connection modify "westos" ipv4.addresses 172.25.254.242/24
[root@localhost Desktop]# systemctl restart network
[root@localhost Desktop]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.242 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:2a0a prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:2a:0a txqueuelen 1000 (Ethernet)
RX packets 49300 bytes 3266084 (3.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9112 bytes 790252 (771.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 3822 bytes 435530 (425.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3822 bytes 435530 (425.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost Desktop]# nmcli device disconnect eth0
[root@localhost Desktop]# nmcli device show
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 52:54:00:00:2A:0A
GENERAL.MTU: 1500
GENERAL.STATE: 30 (disconnected)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
WIRED-PROPERTIES.CARRIER: on
GENERAL.DEVICE: lo
GENERAL.TYPE: loopback
GENERAL.HWADDR: 00:00:00:00:00:00
GENERAL.MTU: 65536
GENERAL.STATE: 10 (unmanaged)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
IP4.ADDRESS[1]: ip = 127.0.0.1/8, gw = 0.0.0.0
IP6.ADDRESS[1]: ip = ::1/128, gw = ::
[root@localhost Desktop]# nmcli device connect eth0
Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.
[root@localhost Desktop]# nmcli device show
GENERAL.DEVICE: eth0
GENERAL.TYPE: ethernet
GENERAL.HWADDR: 52:54:00:00:2A:0A
GENERAL.MTU: 1500
GENERAL.STATE: 100 (connected)
GENERAL.CONNECTION: westos
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/ActiveConnection/13
WIRED-PROPERTIES.CARRIER: on
IP4.ADDRESS[1]: ip = 172.25.254.242/24, gw = 0.0.0.0
IP6.ADDRESS[1]: ip = fe80::5054:ff:fe00:2a0a/64, gw = ::
GENERAL.DEVICE: lo
GENERAL.TYPE: loopback
GENERAL.HWADDR: 00:00:00:00:00:00
GENERAL.MTU: 65536
GENERAL.STATE: 10 (unmanaged)
GENERAL.CONNECTION: --
GENERAL.CON-PATH: --
IP4.ADDRESS[1]: ip = 127.0.0.1/8, gw = 0.0.0.0
IP6.ADDRESS[1]: ip = ::1/128, gw = ::
[root@localhost Desktop]# nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected westos
lo loopback unmanaged --
<<文件>>
dhcp ###动态获取
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 ###接口使用设备
BOOTPROTO=dhcp ###网卡工作模式
ONBOOT=yes ###网络服务开启时自动激活
NAME=eth0 ###网络接口名称
:wq
systemctl restart network
static|none ###静态网络
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 ###设备
BOOTPROTO=static|none ###设备工作方式
ONBOOT=yes ###开启网络服务激活设备
NAME=eth0 ##3网络接口名称
IPADDR=172.25.0.100 ###IP
NETNASK=255.255.255.0 | PREFIX=24 ###子网掩码
三、gateway 网关
1.路由器
主要功能是用来作nat的
dnat 目的地地址转换
snat 源地址转换
2.网关
路由器上和自己处在同一个网段的那个ip
3.设定网关
systemctl stop NetwrokManager
vim /etc/sysconfig/network ###全局网关
GATEWAY=网关ip
vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件 ##网卡接口网关
GATEWAY=网关ip
systemctl restart netwrok
route -n ###查询网关
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 (网关)172.25.0.254 0.0.0.0 UG 0 0 0 eth0
172.25.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
四、dns
1.dns
dns是一台服务器
这太服务器提供了回答客户主机名和ip对应关系的功能
2.设定dns
vim /etc/resolv.conf
nameserver dns服务器ip
vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件
DNS1=dns服务器ip
3.本地解析文件
vim /etc/hosts
ip 主机名称
4.本地解析文件和dns读取的优先级调整
/etc/nsswitch.conf
38 #hosts: db files nisplus nis dns
39 hosts: files dns ##files代表本地解析文件,dns代表dns服务器,那个在前面那个优先
5.dhcp服务的配置
unit6-作业
1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz
[root@localhost Desktop]# tar zcf /mnt/etc.tar.gz /etc
tar: Removing leading `/' from member names
2.复制server主机中的etc.tar.gz到desktop主机的/mnt中
[root@localhost Desktop]# scp /mnt/etc.tar.gz root@172.25.254.142:/mnt/
root@172.25.254.142's password:
etc.tar.gz 100% 8537KB 8.3MB/s 00:00
3.同步server中的/etc中的所有文件到desktop主机中的/mnt中,包含链接文件
[root@localhost Desktop]# rsync -lr /etc root@172.25.254.142:/mnt/
root@172.25.254.142's password:
4.在系统中创建set-ip-tool命令要求如下:当在系统中执行set-ip-tool 172.25.254.x后
*)会自动显示ifconfig命令的输出
*)系统ip被设定为:172.25.254.x
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost Desktop]# systemctl restart network
#vim编辑内容:
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
NAME=eth0
IPADDR=172.25.254.242
NETNASK=255.255.255.0
*)系统网关被设定为:172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network
#vim编辑内容:GATEWAY=172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
#vim编辑内容:GATEWAY=172.25.254.250
[root@localhost Desktop]# systemctl restart network
*)系统dns被设定为:172.25.254.250
[root@localhost Desktop]# vim /etc/resolv.conf
#vim编辑内容:nameserver 172.25.254.250
[root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
#vim编辑内容:DNS1=172.25.254.250