ntp
NTP是网络时间协议(Network Time Protocol),它是用来同步网络中各个计算机的时间的协议。
在计算机的世界里,时间非常地重要,例如对于火箭发射这种科研活动,对时间的统一性和准确性要求就非常地高,是按照A这台计算机的时间,还是按照B这台计算机的时间?NTP就是用来解决这个问题的,NTP(Network Time Protocol,网络时间协议)是用来使网络中的各个计算机时间同步的一种协议。它的用途是把计算机的时钟同步到世界协调时UTC,其精度在局域网内可达0.1ms,在互联网上绝大多数的地方其精度可以达到1-50ms。
配置步骤:
[[email protected] ~]#systemctl stop dhcpd
[[email protected] ~]#systemctl disable dhcpd
[[email protected] ~]#yum –y install ntp
[[email protected] ~]#/etc/ntp.conf
注释掉server0-3的时间来源
增加一行 server asia.pool.ntp.org iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server asia.pool.ntp.org iburst
更改restrict 192.168.96.0 mask 255.255.255.0 nomodify notrap
[[email protected] ~]# systemctl restart ntpd
[[email protected] ~]# systemctl enable ntpd
以上是服务端的配置
其他段的配置
[[email protected] ~]# yum -y install ntp
[[email protected] ~]# vim /etc/ntp.conf
增加一行 server 192.168.254.100 iburst
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.254.100 iburst
[[email protected] ~]# systemctl restart ntpd
[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
[[email protected] ~]# ntpq -p查看
remote refid st t when poll reach delay offset jitter
===========================================================================
*192.168.254.100 211.233.84.186 3 u 38 64 3 0.375 0.863 0.832
[[email protected] ~]# date
Wed Oct 12 10:11:00 CST 2016
[[email protected] ~]# timedatectl
Local time: Wed 2016-10-12 10:12:26 CST
Universal time: Wed 2016-10-12 02:12:26 UTC
RTC time: Wed 2016-10-12 10:05:52
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: no
RTC in local TZ: no
DST active: n/a
其他段就会自动同步。同步可能有点慢,要耐心等待!
-
FreeIPA
FreeIPA是一款集成的安全信息管理解决方案。FreeIPA包含Linux (Fedora),389 Directory Server MIT Kerberos, NTP, DNS, Dogtag (Certificate System)等等身份,认证和策略功能。
配置如下
[[email protected] ~]# yum -y install ipa-server ipa-server-dns bind bind-dyndb-ldap
dns查表原则----本地文件-------外网解析
[[email protected] ~]# vim /etc/hosts
192.168.254.100 workstation.example.com
[[email protected] ~]# ipa-server-install --setup-dns
[[email protected] ~]# kinit admin
Password for [email protected]:
[[email protected] ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: [email protected]
Valid starting Expires Service principal
10/12/2016 10:56:06 10/13/2016 10:56:00 krbtgt/[email protected] [[email protected] ~]# ipa user-add ruiyung --first=Yun --last=Rui --passwordPassword:
Enter Password again to verify:
--------------------
Added user "ruiyung"
--------------------
User login: ruiyung
First name: Yun
Last name: Rui
Full name: Yun Rui
Display name: Yun Rui
Initials: YR
Home directory: /home/ruiyung
GECOS: Yun Rui
Login shell: /bin/sh
Kerberos principal: [email protected]
Email address: [email protected]
UID: 1980200001
GID: 1980200001
Password: True
Member of groups: ipausers
Kerberos keys available: True
[[email protected] ~]# ipa user-find ruiyung
--------------
1 user matched
--------------
User login: ruiyung
First name: Yun
Last name: Rui
Home directory: /home/ruiyung
Login shell: /bin/sh
Email address: [email protected]
UID: 1980200001
GID: 1980200001
Account disabled: False
Password: True
Kerberos keys available: True
----------------------------
Number of entries returned 1
----------------------------
[[email protected] ~]# ipa dnsrecord-add example.com server1 --a-rec 192.168.254.101
Record name: server1
A record: 192.168.254.101
安装ipa-client
[[email protected] ~]# yum -y install ipa-client
[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
修改DNS 指向服务的ip
[[email protected] ~]# systemctl restart network
[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 192.168.254.100
[[email protected] ~]# ipa-client-install
。。。。。。。。。。。。。
[[email protected] ~]# authconfig --enablemkhomedir --update
如果不行。请把selinux打开
ssh
SSH 为 Secure Shell 的缩写,由 IETF 的网络小组(Network Working Group)所制定;SSH 为建立在应用层基础上的安全协议。SSH 是目前较可靠,专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。SSH最初是UNIX系统上的一个程序,后来又迅速扩展到其他操作平台。SSH在正确使用时可弥补网络中的漏洞。SSH客户端适用于多种平台。几乎所有UNIX平台—包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix,以及其他平台,都可运行SSH。
配置
[[email protected] ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b7:e4:e7:46:10:24:2b:e5:6b:a5:26:82:a7:a9:3f:74 [email protected]
The key‘s randomart image is:
+--[ RSA 2048]----+
| o.. |
| o o. |
| . o .. |
| . . +. |
| . o . S o. |
| .+E. + + .. |
| .o. o.. |
| .. o. |
|.... .. |
+-----------------+
(输入密码还要配置ssh-keygen)
[[email protected] ~]# ssh-copy-id -i server1.example.com
[[email protected] ~]# vi /etc/ssh/sshd_config
#17 去掉注释 Port 40010 端口号
#49 更改为no PermitRootLogin no 允许root登录
#79改为no PasswordAuthentication no 不允许密码登录
[[email protected] ~]# systemctl restart sshd
[[email protected] ~]# systemctl enable sshd
如有雷同 纯属巧合