Linux 第23天: 练习和作业

cd .ssh
cat known_hosts 公钥
cd /etc/ssh
cat ssh_host_rsa_key 私钥

md5sum f1 f2 f3  digest数据一样则md5sum哈希值一样

sha512sum f1

md5sum f1 > f1.md5
md5sum --check f1.md5
f1: ok
echo >> f1
md5sum --check f1.md5
f1: FAILED

openssl enc -e -des3 -a -salt -in fstab -out fstab.des3
rm fstab -f
cat fstab.des3
openssl enc -d -des3 -a -salt -in fstab -out fstab
man ENC 不是man openssl

openssl dgst -md5 fstab
md5sum fstab
(umask 066;openssl genrsa -out root.key -des 2048)

openssl rsa -in root.key -pubout -out root.key.pub
cat root.key.pub

vim /etc/pki/tls/openssl.cnf
rpm -qf /etc/pki/tls/openssl.cnf
ls /etc/pki/CA
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
cd /etc/pki/CA
ls
(umask 066;openssl genrsa -out private/cakey.pem 2048) 生成私钥
cd private/
cat cakey.pem
openssl req -new -x509 -key cakey.pem -days 365 -out /etc/pki/CA/cacert.pem
openssl x509 -in cacert.pem -noout -text
openssl x509 -in cacert.pem -noout -dates
openssl x509 -in cacert.pem -noout -subject
openssl x509 -in cacert.pem -noout -issuer

(umask 066;openssl genrsa -out /etc/pki/tls/private/httpd.key 2048)生成私钥
cd /etc/pki/tls/private
cat httpd.key
openssl req -new -key /etc/httpd/ssl/httpd.key -days 365 -out /etc/httpd/ssl/httpd.csr
scp httpd.csr 10.1.2.252.213:
openssl ca -in httpd.csr -out certs/httpd.crt
vi /etc/pki/tls/openssl.cnf
cat index.txt
cat serial
openssl x509  -in httpd.crt -noout -text

openssl ca -revoke httpd.crt
echo 01 > /etc/pki/CA/crlnumber
openssl ca -gencrl -out /etc/pki/CA/crl/ca.crl
openssl crl -in cat crl/ca.crl -noout -text

gpg -c fstab  对称加密
scp fstab.gpg 10.1.252.213
gpg -d fstab  对称解密
gpg -o fstab -d fstab.gpg

gpg --gen-key
cd .gnupg/
ls
ll
gpg --list-key 查看公钥
gpg -a --export -o wang.pub
cat wang.pub
scp wang.pub 10.1.252.213:
gpg --list-key
gpg --gen-key
gpg --import wang.pub
gpg -e -r wang f1
ll f1.gpg
scp f1.gpg 10.1.252.210:
gpg -d f1.gpg
gpg -o f1 -d f1.gpg
gpg --delete-secret-keys magedu
cd .gnupg/
ll
gpg --delete-keys wang

rpm -q openssh server
ip addr add 10.1.252.210/16 dev eth0

cat known_hosts

vim /etc/ssh/sshd_config
Port 22222
systemctl restart sshd
ss -ntl
tail /var/log/messages
semanage port -a -t PORT_TYPE -p tcp 22222 版本7改6不改

vim /etc/ssh/ssh_config 客户端不带d
Port 22222

ssh -X ?.?.?.? 加X运行图形窗口
system-config-users 不论init3或5都窗口

ssh -t 10.1.252.210 ssh 10.1.253.1 强制伪终端-t
netstat -nt

ssh-keygen
cat id_rsa
cat id_rsa.pub

ssh-copy-id -i .sh/id_rsa 10.1.252.213

cat .ssh/id_rsa.pub
cat .ssh/authorized_keys

scp id_rsa* 10.1.253.1:/root/.ssh

ssh-keygen -p 加上密码

ssh-agent bash 代理
ssh-add
ssh-add 图形界面下不需代理

cat /root/id_rsa_1024\ \(2\).pub >> authorized_keys 导入公钥

scp Identity.pub 10.1.252.210:
cat authorized_keys
ssh-keygen -i -f Identity.pub >> .ssh/authorized_keys

scp f1 10.1.252.213

dd if=/dev/zero of=f1 bs=1M count=500
cd .ssh
ls
cat known_hosts     主机公钥 来自/etc/ssh/ssh_host_rsa_key.pub
cat authorized_keys 用户公钥 来自ssh-keygen 每用户家目录生成

cp f1 f2
cp f1 f3
scp -p f1 f2 f3 10.1.252.213:/testdir
cd .ssh
rm -rf *
cd
scp -p f1 f2 f3 10.1.252.213:/testdir
echo >> f1
ll
scp -p f1 f2 f3 10.1.252.213:/testdir

rsync -av f1 f2 f3 10.1.252.213:/testdir 只更新不照搬

sftp 10.1.252.213
put fstab
get 51clickup.sh

systemctl start telnet.socket
ss -ntl
iptable -F

telnet 10.1.252.213

netstat -ntl

netstat -nt

ssh -L 9527:10.1.252.213:23 -N 10.1.252.210

telnet 127.0.0.1 9527