zoukankan      html  css  js  c++  java
  • Linux云自动化运维第六课

    Linux云自动化运维第六课

    第九单元  openssh-server

    一、openssh-server

    功能:让远程主机可以通过网络访问sshd服务,开始一个安全shell

    二、客户端连接方式

    ssh 远程主机用户@远程主机ip   ###连接远程主机

    ssh 远程主机用户@远程主机ip -X   ###调用远程主机图形工具

    ssh 远程主机用户@远程主机ip command   ###直接在远程主机运行某条命令

    eg:[kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242    ###连接远程主机,远程主机用户@远程主机ip

    The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.

    ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

    Are you sure you want to continue connecting (yes/no)? yes   ###首次连接,建立认证关系yes

    Warning: Permanently added '172.25.254.242' (ECDSA) to the list of known hosts.

    fuwu@172.25.254.242's password:    ###输入远程主机用户密码

    Last login: Sun Mar 26 21:38:42 2017 from 172.25.254.142

    [fuwu@localhost ~]$ gedit   ###登陆成功

    (gedit:5238): Gtk-WARNING **: cannot open display:    ###无法调用远程主机图形工具

    [fuwu@localhost ~]$ exit

    登出

    Connection to 172.25.254.242 closed.

    [kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 -X   ###-X,调用远程主机图形工具

    fuwu@172.25.254.242's password:

    Last login: Sun Mar 26 21:46:51 2017 from 172.25.254.42

    [fuwu@localhost ~]$ gedit   ###登陆成功,远程主机图形工具调用成功

    ** (gedit:5350): WARNING **: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-UKyLlmteU7: 拒绝连接

    [fuwu@localhost ~]$ exit

    登出

    Connection to 172.25.254.242 closed.

    [kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 touch /home/fuwu/Desktop/file{1..3}   ###直接在远程主机运行命令touch,建立文件;文件建立在远程主机fuwu用户桌面

    fuwu@172.25.254.242's password:

    [kiosk@foundation42 Desktop]$ ssh fuwu@172.25.254.242 rm -fr  /home/fuwu/Desktop/file{1..3}   ###直接在远程主机运行命令rm,删除远程主机fuwu用户桌面文件

    fuwu@172.25.254.242's password:

    [kiosk@foundation42 Desktop]$ ssh root@172.25.254.242 reboot   ###直接在远程主机运行命令reboot,重启远程主机

    root@172.25.254.242's password:

    Connection to 172.25.254.242 closed by remote host.

    [kiosk@foundation42 Desktop]$

    [kiosk@foundation42 Desktop]$ scp fuwu@172.25.254.242:/home/fuwu/Desktop/file .   ###将远程主机fuwu用户桌面文件file复制到当前目录

    fuwu@172.25.254.242's password:

    file                                          100%    8     0.0KB/s   00:00    

    [kiosk@foundation42 Desktop]$ scp file fuwu@172.25.254.242:/home/fuwu/Desktop   ###将当前目录的文件file复制到远程主机fuwu用户的桌面

    fuwu@172.25.254.242's password:

    file                                          100%    8     0.0KB/s   00:00    

    [kiosk@foundation42 Desktop]$

    三、sshkey加密

    1.生成公钥私钥

    eg:[fuwu@localhost ~]$ ssh-keygen   ###生成公钥私钥工具

    Generating public/private rsa key pair.

    Enter file in which to save the key (/home/fuwu/.ssh/id_rsa):    ###加密字符保存文件(回车键,默认)

    Created directory '/home/fuwu/.ssh'.

    Enter passphrase (empty for no passphrase):    ###密钥密码,>4个字符(回车键也可)

    Enter same passphrase again:    ###确认密码

    Your identification has been saved in /home/fuwu/.ssh/id_rsa.   ###私钥路径

    Your public key has been saved in /home/fuwu/.ssh/id_rsa.pub.   ###公钥路径

    The key fingerprint is:

    95:55:ed:da:28:22:4a:1c:fb:f6:84:e8:d6:55:0e:54 fuwu@localhost

    The key's randomart image is:

    +--[ RSA 2048]----+

    |           .E... |

    |          .o    .|

    |         .o    . |

    |      .  .. .   .|

    |     . oS  +   + |

    |      +...o o o .|

    |     ..+.o.. .   |

    |     .o +.       |

    |     ... ..      |

    +-----------------+

    [fuwu@localhost ~]$ ls .ssh/

    id_rsa  id_rsa.pub

    id_rsa   ###私钥,就是钥匙

    id_rsa.pub   ###公钥,就是锁

    2.添加key认证方式

    [root@server0 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub  root@172.25.0.11

    ssh-copy-id   ###添加key认证方式的工具

    -i   ###指定加密key文件

    /root/.ssh/id_rsa.pub   ###加密key

    root   ###加密用户为root

    172.25.0.11   ###被加密主机ip

    eg:[fuwu@localhost ~]$ ssh-copy-id -i /home/fuwu/.ssh/id_rsa.pub fuwu@172.25.254.242

    The authenticity of host '172.25.254.242 (172.25.254.242)' can't be established.

    ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

    Are you sure you want to continue connecting (yes/no)? yes

    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    fuwu@172.25.254.242's password:

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'fuwu@172.25.254.242'"

    and check to make sure that only the key(s) you wanted were added.

    [fuwu@localhost ~]$ ls .ssh/

    authorized_keys  id_rsa  id_rsa.pub  known_hosts

    3.分发钥匙给client主机

    eg:[fuwu@localhost ~]$ su -

    Password:

    Last login: Sun Mar 26 21:23:11 EDT 2017 on :0

    [root@localhost ~]# vim /etc/ssh/sshd_config   ###进入编辑状态,79 PasswordAuthentication yes,yes改为no

    [root@localhost ~]# systemctl restart sshd.service

    [root@localhost ~]# exit

    logout

    [fuwu@localhost ~]$ scp /home/fuwu/.ssh/id_rsa kiosk@172.25.254.42:/home/kiosk/.ssh/   ###分发钥匙给主机kiosk用户

    id_rsa                                        100% 1675     1.6KB/s   00:00    

    [fuwu@localhost ~]$

    4.测试

    [kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242   ###通过钥匙打开,不需要密码

    Last login: Sun Mar 26 22:04:38 2017

    [fuwu@localhost ~]$   

    eg:[fuwu@localhost ~]$ rm -fr .ssh/authorized_keys    ###删除authorized_keys

    [kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242    ###远程连接失败

    Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

    [fuwu@localhost ~]$ cp .ssh/id_rsa.pub .ssh/authorized_keys   ###复制id_rsa.pub到authorized_keys

    [fuwu@localhost ~]$ ls .ssh/

    authorized_keys  id_rsa  id_rsa.pub  known_hosts

    [kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242   ###远程连接成功

    Last login: Sun Mar 26 23:00:47 2017 from 172.25.254.42

    四、提升openssh的安全级别

    1.openssh-server配置文件

    [root@localhost ~]# vim /etc/ssh/sshd_config    ###进入编辑状态

    78 PasswordAuthentication yes|no   ###是否开启用户密码认证,yes为支持no为关闭

    48 PermitRootLogin yes|no   ###是否允许超级用户登陆

    49 AllowUsers student westos   ###用户白名单,只有在名单中出现的用户可以使用sshd建立shell

    50 DenyUsers westos   ###用户黑名单

    eg:[root@localhost ~]# vim /etc/ssh/sshd_config   ###进入编辑状态,48 PermitRootLogin no,不允许超级用户登陆

    [root@localhost ~]# systemctl restart sshd.service

    [kiosk@foundation42 ~]$ ssh root@172.25.254.242   ###密码正确输入三次,超级用户无法登录

    root@172.25.254.242's password:

    Permission denied, please try again.

    root@172.25.254.242's password:

    Permission denied, please try again.

    root@172.25.254.242's password:

    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

    [root@localhost ~]# vim /etc/ssh/sshd_config   ###进入编辑状态,50 Denyusers student,用户黑名单,不允许student用户登陆

    [root@localhost ~]# systemctl restart sshd.service

    [kiosk@foundation42 ~]$ ssh student@172.25.254.242   ###密码正确输入三次,student用户无法登录

    student@172.25.254.242's password:

    Permission denied, please try again.

    student@172.25.254.242's password:

    Permission denied, please try again.

    student@172.25.254.242's password:

    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

    [kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242   ###fuwu用户没加入黑名单,可以登陆

    fuwu@172.25.254.242's password:

    Last login: Sun Mar 26 23:42:15 2017 from 172.25.254.42

    [fuwu@localhost ~]$ exit

    登出

    Connection to 172.25.254.242 closed.

    [root@localhost ~]# vim /etc/ssh/sshd_config   ###进入编辑状态,49 Allowusers student,用户白名单,只允许登陆student用户

    [root@localhost ~]# systemctl restart sshd.service

    [kiosk@foundation42 ~]$ ssh student@172.25.254.242    ###student用户在白名单上,可以登陆

    student@172.25.254.242's password:

    Last failed login: Sun Mar 26 23:46:33 EDT 2017 from 172.25.254.42 on ssh:notty

    There were 3 failed login attempts since the last successful login.

    [student@localhost ~]$ exit

    登出

    Connection to 172.25.254.242 closed.

    [kiosk@foundation42 ~]$ ssh fuwu@172.25.254.242   ###fuwu用户不在白名单上,无法登陆

    fuwu@172.25.254.242's password:

    Permission denied, please try again.

    fuwu@172.25.254.242's password:

    Permission denied, please try again.

    fuwu@172.25.254.242's password:

    Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

    [kiosk@foundation42 ~]$

    第十二单元  不同系统之间的文件传输

    一、文件归档

    1.文件归档,就是把多个文件变成一个归档文件

    2.tar c ###创建

          f ###指定归档文件名称

          t ###显示归档文件中的内容

          r ###向归档文件中添加文件

          --get ###取出单个文件

          --delete ###删除单个文件

          x ###取出归档文件中的所有内容

          -C ###指定解档目录

          -z ###gz格式压缩

          -j ###bz2格式压缩

          -J ###xz格式压缩

    eg:[root@localhost Desktop]# ls -ld dir/

    drwxr-xr-x. 5 root root 4096 Mar 27 21:36 dir/

    [root@localhost Desktop]# tar cf dir.tar dir/   ###打包dir,指定归档文件名dir.tar

    [root@localhost Desktop]# ls

    dir  dir.tar  etc.tar

    [root@localhost Desktop]# du -sh dir/

    4.0K dir/

    [root@localhost Desktop]# du -sh dir.tar    ###查看归档文件大小

    12K dir.tar

    [root@localhost Desktop]# tar tf dir.tar    ###显示归档文件中的内容

    dir/

    dir/class1

    dir/class2

    dir/file1

    dir/file2

    dir/dir1/

    dir/dir1/wenjian

    dir/dir2/

    dir/dir2/wenjian2

    [root@localhost Desktop]# ls

    dir  dir.tar  etc.tar  file

    [root@localhost Desktop]# tar rf dir.tar file    ###向归档文件中添加file文件

    [root@localhost Desktop]# tar tf dir.tar

    dir/

    dir/class1

    dir/class2

    dir/file1

    dir/file2

    dir/dir1/

    dir/dir1/wenjian

    dir/dir2/

    dir/dir2/wenjian2

    file

    [root@localhost Desktop]# rm -fr file

    [root@localhost Desktop]# ls

    dir  dir.tar  etc.tar

    [root@localhost Desktop]# tar f dir.tar --get file   ###取出归档文件中单个文件

    [root@localhost Desktop]# ls

    dir  dir.tar  etc.tar  file

    [root@localhost Desktop]# tar f dir.tar --delete file    ###删除归档文件中单个文件

    [root@localhost Desktop]# tar tf dir.tar

    dir/

    dir/class1

    dir/class2

    dir/file1

    dir/file2

    dir/dir1/

    dir/dir1/wenjian

    dir/dir2/

    dir/dir2/wenjian2

    [root@localhost Desktop]# ls

    dir.tar  etc.tar  file

    [root@localhost Desktop]# tar xf dir.tar    ###取出归档文件中所有内容

    [root@localhost Desktop]# ls

    dir  dir.tar  etc.tar  file

    [root@localhost Desktop]# ls /mnt/

    [root@localhost Desktop]# tar xf dir.tar -C /mnt/    ###指定解档目录为/mnt/

    [root@localhost Desktop]# ls /mnt/

    dir

    二、压缩

    1.gz

    gzip etc.tar ###压缩成gz格式

    gunzip  etc.tar.gz ###解压gz格式压缩包

    tar zcf etc.tar.gz /etc ###把文件归档为tar并压缩成gz

    tar zxf etc.tar.gz ###解压并解档gz格式压缩包

    eg:[root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# du -sh etc   ###查看目录etc的大小

    34M etc

    [root@localhost Desktop]# du -sh etc.tar   ###查看归档文件etc.tar的大小

    30M etc.tar

    [root@localhost Desktop]# gzip etc.tar    ###将etc.tar压缩成gz格式

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.gz

    [root@localhost Desktop]# du -sh etc.tar.gz    ###压缩后变小

    8.4M etc.tar.gz

    [root@localhost Desktop]# gunzip etc.tar.gz    ###解压

    [root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# rm -fr etc.tar

    [root@localhost Desktop]# ls

    dir  etc

    [root@localhost Desktop]# tar zcf etc.tar.gz etc   ###把文件归档为tar并压缩成gz

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.gz

    [root@localhost Desktop]# rm -fr etc

    [root@localhost Desktop]# ls

    dir  etc.tar.gz

    [root@localhost Desktop]# tar zxf etc.tar.gz   ###解压并解档gz格式压缩包

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.gz

    2.bz2

    bzip2 etc.tar ###压缩成bz2格式

    bunzip2 etc.tar.bz2 ###解压bz2格式压缩包

    tar jcf etc.tar.bz2 /etc ###把文件归档为tar并压缩成bz2

    tar jxf etc.tar.bz2  ###解压并解档bz2格式压缩包

    eg:[root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# bzip2 etc.tar ###压缩成bz2格式  

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.bz2

    [root@localhost Desktop]# du -sh etc.tar.bz2   ###变小

    7.0M etc.tar.bz2

    [root@localhost Desktop]# rm -fr etc

    [root@localhost Desktop]# ls

    dir  etc.tar.bz2

    [root@localhost Desktop]# bunzip2 etc.tar.bz2  ###解压bz2格式压缩包

    [root@localhost Desktop]# ls

    dir  etc.tar

    [root@localhost Desktop]# tar xf etc.tar

    [root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# rm -fr etc.tar

    您在 /var/spool/mail/root 中有邮件

    [root@localhost Desktop]# ls

    dir  etc

    [root@localhost Desktop]# tar jcf etc.tar.bz2 etc   ###把文件归档为tar并压缩成bz2

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.bz2

    [root@localhost Desktop]# rm -fr etc

    [root@localhost Desktop]# ls

    dir  etc.tar.bz2

    [root@localhost Desktop]# tar jxf etc.tar.bz2     ###解压并解档bz2格式压缩包

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.bz2

    3.xz

    xz etc.tar ###压缩成xz格式

    unxz  etc.tar.xz ###解压xz格式压缩包

    tar Jcf etc.tar.xz /etc ###把文件归档为tar并压缩成xz

    tar Jxf etc.tar.xz ###解压并解档xz格式压缩包

    eg:[root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# xz etc.tar   ###压缩成xz格式

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.xz

    [root@localhost Desktop]# du -sh etc.tar.xz   ###变小

    5.7M etc.tar.xz

    [root@localhost Desktop]# rm -fr etc

    [root@localhost Desktop]# ls

    dir  etc.tar.xz

    [root@localhost Desktop]# unxz etc.tar.xz    ###解压xz格式压缩包

    [root@localhost Desktop]# ls

    dir  etc.tar

    [root@localhost Desktop]# tar xf etc.tar

    [root@localhost Desktop]# rm -fr etc.tar

    [root@localhost Desktop]# ls

    dir  etc

    [root@localhost Desktop]# tar Jcf etc.tar.xz etc   ###把文件归档为tar并压缩成xz

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.xz

    [root@localhost Desktop]# rm -fr etc

    [root@localhost Desktop]# ls

    dir  etc.tar.xz

    [root@localhost Desktop]# tar Jxf etc.tar.xz     ###解压并解档xz格式压缩包

    [root@localhost Desktop]# ls

    dir  etc  etc.tar.xz

    4.zip

    zip -r etc.tar.zip etc.tar ###压缩成zip格式

    unzip etc.tar.zip ###解压

    eg;[root@localhost Desktop]# ls

    dir  etc  etc.tar

    [root@localhost Desktop]# zip -r etc.tar.zip etc.tar   ###压缩成zip格式

      adding: etc.tar (deflated 72%)

    [root@localhost Desktop]# ls

    dir  etc  etc.tar  etc.tar.zip

    [root@localhost Desktop]# du -sh etc.tar.zip    ###变小

    16M etc.tar.zip

    [root@localhost Desktop]# rm -fr etc.tar etc

    [root@localhost Desktop]# ls

    dir  etc.tar.zip

    [root@localhost Desktop]# unzip etc.tar.zip  ###解压

    Archive:  etc.tar.zip

      inflating: etc.tar                 

    [root@localhost Desktop]# ls

    dir  etc.tar  etc.tar.zip

    三、系统中的文件传输

    scp file username@ip:/dir ###上传,速度慢

    scp username@ip:/dir/file  /dir ###下载,速度慢

    rsync [参数] file username@ip:/dir   ###速度快

    rsync -r ###同步目录

    -l ###不忽略链接

    -p ###不忽略文件权限

    -t ###不忽文件时间戳

    -g ###不忽文件所有组

    -o ###不忽文件所有人

    -D ###不忽略设备文件

    eg:[root@localhost Desktop]# scp dir/adjtime kiosk@172.25.254.42:/home/kiosk/Desktop/dir/

    kiosk@172.25.254.42's password:

    adjtime                                       100%   16     0.0KB/s   00:00    

    [root@localhost Desktop]# scp kiosk@172.25.254.42:/home/kiosk/Desktop/dir/adjtime .

    kiosk@172.25.254.42's password:

    adjtime                                       100%   16     0.0KB/s   00:00    

    [kiosk@foundation42 Desktop]$ ls -l adjtime

    -rw-r--r-- 1 kiosk kiosk 18 Mar 20 00:45 adjtime

    [kiosk@foundation42 Desktop]$ rsync -r adjtime root@172.25.254.142:/root/Desktop/ ###同步目录

    root@172.25.254.142's password:

    [root@localhost Desktop]# ls -l adjtime

    -rw-r--r--. 1 root root 18 Mar 28 11:01 adjtime

    [kiosk@foundation42 Desktop]$ rsync -tr adjtime root@172.25.254.142:/root/Desktop/  ###不忽文件时间戳

    root@172.25.254.142's password:

    [root@localhost Desktop]# ls -l adjtime

    -rw-r--r--. 1 root root 18 Mar 19 12:45 adjtime

    [kiosk@foundation42 Desktop]$ rsync -gr adjtime root@172.25.254.142:/root/Desktop/   ###不忽文件所有组

    root@172.25.254.142's password:

    [root@localhost Desktop]# ls -l adjtime

    -rw-r--r--. 1 root student 18 Mar 28 11:03 adjtime

    [kiosk@foundation42 Desktop]$ rsync -or adjtime root@172.25.254.142:/root/Desktop/   ###不忽文件所有人

    root@172.25.254.142's password:

    [root@localhost Desktop]# ls -l adjtime

    -rw-r--r--. 1 student root 18 Mar 28 11:04 adjtime

    第十一单元  管理网络

    一、ip基础知识(ipv4)

    2进制32位-----10进制

    172.25.0.10/255.255.255.0

    172.25.0.10:ip地址

    255.255.255.0:子网掩码

    子网掩码255位对应的ip位为网络位

    子网掩码0对应的ip位为主机位

    二、配置ip

    1.图形化界面

    nm-connection-editor

    2.文本化图形

    nmtui

    <<命令>>

    ifconfig 网卡 ip netmask ##临时设定

    nmcli connection add ethernet con-name westos ifname eth0 autoconnect yes

    nmcli connection add type ethernet con-name westos ifname eth0 ip4 ip/24

    nmcli connection delete westos

    nmcli connection show

    nmcli connection down westos

    nmcli connection up westos

    nmcli connection modify "westos" ipv4.addresses newip/24

    nmcli connection modify "westos" ipv4.method <auto|manual>

    nmcli device connect eth0

    nmcli device disconnect eth0

    nmcli device show

    nmcli device status

    eg:[root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 autoconnect yes   ###网络服务开启时自动激活

    Connection 'westos' (55e75ad1-f03b-4388-b5d3-bd564ec6431d) successfully added.

    [root@localhost Desktop]# nmcli connection delete westos    ###删除网络

    [root@localhost Desktop]# nmcli device connect eth0

    Error: Device activation failed: The device has no connections available.

    [root@localhost Desktop]# nmcli connection add type ethernet con-name westos ifname eth0 ip4 172.25.254.142/24

    Connection 'westos' (9ff61eec-d85a-4a31-abd1-c7b40b5e623b) successfully added.

    [root@localhost Desktop]# nmcli device connect eth0 Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.

    [root@localhost Desktop]# nmcli connection show

    NAME    UUID                                  TYPE            DEVICE

    westos  9ff61eec-d85a-4a31-abd1-c7b40b5e623b  802-3-ethernet  eth0   

    [root@localhost Desktop]# nmcli connection down westos

    [root@localhost Desktop]# nmcli connection show

    NAME    UUID                                  TYPE            DEVICE

    westos  9ff61eec-d85a-4a31-abd1-c7b40b5e623b  802-3-ethernet  --     

    [root@localhost Desktop]# nmcli connection up westos

    Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)

    [root@localhost Desktop]# nmcli connection show

    NAME    UUID                                  TYPE            DEVICE

    westos  9ff61eec-d85a-4a31-abd1-c7b40b5e623b  802-3-ethernet  eth0   

    [root@localhost Desktop]# nmcli connection modify "westos" ipv4.addresses 172.25.254.242/24

    [root@localhost Desktop]# systemctl restart network

    [root@localhost Desktop]# ifconfig

    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

            inet 172.25.254.242  netmask 255.255.255.0  broadcast 172.25.254.255

            inet6 fe80::5054:ff:fe00:2a0a  prefixlen 64  scopeid 0x20<link>

            ether 52:54:00:00:2a:0a  txqueuelen 1000  (Ethernet)

            RX packets 49300  bytes 3266084 (3.1 MiB)

            RX errors 0  dropped 0  overruns 0  frame 0

            TX packets 9112  bytes 790252 (771.7 KiB)

            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

            inet 127.0.0.1  netmask 255.0.0.0

            inet6 ::1  prefixlen 128  scopeid 0x10<host>

            loop  txqueuelen 0  (Local Loopback)

            RX packets 3822  bytes 435530 (425.3 KiB)

            RX errors 0  dropped 0  overruns 0  frame 0

            TX packets 3822  bytes 435530 (425.3 KiB)

            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    [root@localhost Desktop]# nmcli device disconnect eth0

    [root@localhost Desktop]# nmcli device show

    GENERAL.DEVICE:                         eth0

    GENERAL.TYPE:                           ethernet

    GENERAL.HWADDR:                         52:54:00:00:2A:0A

    GENERAL.MTU:                            1500

    GENERAL.STATE:                          30 (disconnected)

    GENERAL.CONNECTION:                     --

    GENERAL.CON-PATH:                       --

    WIRED-PROPERTIES.CARRIER:               on

    GENERAL.DEVICE:                         lo

    GENERAL.TYPE:                           loopback

    GENERAL.HWADDR:                         00:00:00:00:00:00

    GENERAL.MTU:                            65536

    GENERAL.STATE:                          10 (unmanaged)

    GENERAL.CONNECTION:                     --

    GENERAL.CON-PATH:                       --

    IP4.ADDRESS[1]:                         ip = 127.0.0.1/8, gw = 0.0.0.0

    IP6.ADDRESS[1]:                         ip = ::1/128, gw = ::

    [root@localhost Desktop]# nmcli device connect eth0

    Device 'eth0' successfully activated with '9ff61eec-d85a-4a31-abd1-c7b40b5e623b'.

    [root@localhost Desktop]# nmcli device show

    GENERAL.DEVICE:                         eth0

    GENERAL.TYPE:                           ethernet

    GENERAL.HWADDR:                         52:54:00:00:2A:0A

    GENERAL.MTU:                            1500

    GENERAL.STATE:                          100 (connected)

    GENERAL.CONNECTION:                     westos

    GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/13

    WIRED-PROPERTIES.CARRIER:               on

    IP4.ADDRESS[1]:                         ip = 172.25.254.242/24, gw = 0.0.0.0

    IP6.ADDRESS[1]:                         ip = fe80::5054:ff:fe00:2a0a/64, gw = ::

    GENERAL.DEVICE:                         lo

    GENERAL.TYPE:                           loopback

    GENERAL.HWADDR:                         00:00:00:00:00:00

    GENERAL.MTU:                            65536

    GENERAL.STATE:                          10 (unmanaged)

    GENERAL.CONNECTION:                     --

    GENERAL.CON-PATH:                       --

    IP4.ADDRESS[1]:                         ip = 127.0.0.1/8, gw = 0.0.0.0

    IP6.ADDRESS[1]:                         ip = ::1/128, gw = ::

    [root@localhost Desktop]# nmcli device status

    DEVICE  TYPE      STATE      CONNECTION

    eth0    ethernet  connected  westos     

    lo      loopback  unmanaged  --         

    <<文件>>

    dhcp ###动态获取

    vim /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0 ###接口使用设备

    BOOTPROTO=dhcp ###网卡工作模式

    ONBOOT=yes ###网络服务开启时自动激活

    NAME=eth0 ###网络接口名称

    wq

    systemctl restart network

    static|none ###静态网络

    vim /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=eth0  ###设备

    BOOTPROTO=static|none  ###设备工作方式

    ONBOOT=yes  ###开启网络服务激活设备

    NAME=eth0  ##3网络接口名称

    IPADDR=172.25.0.100   ###IP

    NETNASK=255.255.255.0 | PREFIX=24 ###子网掩码

    三、gateway 网关

    1.路由器

    主要功能是用来作nat的

    dnat 目的地地址转换

    snat 源地址转换

    2.网关

    路由器上和自己处在同一个网段的那个ip

    3.设定网关

    systemctl stop NetwrokManager

    vim /etc/sysconfig/network ###全局网关

    GATEWAY=网关ip

    vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件 ##网卡接口网关

    GATEWAY=网关ip

    systemctl restart netwrok

    route -n ###查询网关

    Kernel IP routing table

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

    0.0.0.0   (网关)172.25.0.254    0.0.0.0         UG    0      0        0 eth0

    172.25.0.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

    四、dns

    1.dns

    dns是一台服务器

    这太服务器提供了回答客户主机名和ip对应关系的功能

    2.设定dns

    vim /etc/resolv.conf

    nameserver dns服务器ip

    vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件

    DNS1=dns服务器ip

    3.本地解析文件

    vim /etc/hosts

    ip 主机名称

    4.本地解析文件和dns读取的优先级调整

    /etc/nsswitch.conf

     38 #hosts:     db files nisplus nis dns

     39 hosts:      files dns ##files代表本地解析文件,dns代表dns服务器,那个在前面那个优先

    5.dhcp服务的配置

    unit6-作业

    1.在server主机中把/etc目录打包压缩到/mnt中,名字为etc.tar.gz

    [root@localhost Desktop]# tar zcf /mnt/etc.tar.gz /etc

    tar: Removing leading `/' from member names

    2.复制server主机中的etc.tar.gz到desktop主机的/mnt中

    [root@localhost Desktop]# scp /mnt/etc.tar.gz root@172.25.254.142:/mnt/

    root@172.25.254.142's password:

    etc.tar.gz                                    100% 8537KB   8.3MB/s   00:00

    3.同步server中的/etc中的所有文件到desktop主机中的/mnt中,包含链接文件

    [root@localhost Desktop]# rsync -lr /etc root@172.25.254.142:/mnt/

    root@172.25.254.142's password:

    4.在系统中创建set-ip-tool命令要求如下:当在系统中执行set-ip-tool 172.25.254.x后

    *)会自动显示ifconfig命令的输出

    *)系统ip被设定为:172.25.254.x

    [root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

    [root@localhost Desktop]# systemctl restart network

    #vim编辑内容:

    DEVICE=eth0

    BOOTPROTO=static

    ONBOOT=yes

    NAME=eth0

    IPADDR=172.25.254.242

    NETNASK=255.255.255.0

    *)系统网关被设定为:172.25.254.250

    [root@localhost Desktop]# vim /etc/sysconfig/network

    #vim编辑内容:GATEWAY=172.25.254.250

    [root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

    #vim编辑内容:GATEWAY=172.25.254.250

    [root@localhost Desktop]# systemctl restart network

    *)系统dns被设定为:172.25.254.250

    [root@localhost Desktop]# vim /etc/resolv.conf

    #vim编辑内容:nameserver 172.25.254.250

    [root@localhost Desktop]# vim /etc/sysconfig/network-scripts/ifcfg-eth0

    #vim编辑内容:DNS1=172.25.254.250

  • 相关阅读:
    pandas
    简单的图片滑动&标签页的前进后退
    xpath 语法&元素交互操作&选项卡操作
    Selenium请求库-day5下午
    初始python
    异步多线程下载网页爬取的视频
    python学习-day4上午
    爬虫初试
    爬虫
    内置模块--又称为常用模块
  • 原文地址:https://www.cnblogs.com/Virgo-sept/p/6636607.html
Copyright © 2011-2022 走看看