RHCE （2）

题目：

1.配置ntp时间服务器，确保客户端主机能和服务主机同步时间​

2.配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接

---

一、配置ntp时间服务器，确保客户端主机能和服务主机同步时间​ 

服务器端 IP  192.168.101.112/24    主机名 [root@Rhce~]

客 户 端   IP  192.168.101.152/24     主机名  [root@localhost ~]

前置操作首先保证时区一致

[root@Rhce ~]# timedatectl  使用该命令查看 保证时区和ntp service 都是active状态
 
systemctl stop firewalld  防火墙关闭
setenforce 0           关闭selinux

 服务器配置：

[root@Rhce~]# vim /etc/chrony.conf  对其配置文件进行编辑
 
修改如下内容
#pool 2.rhel.pool.ntp.org iburst  服务器端不需要向上层同步时间
allow 192.168.101.0/24    允许客户端向本服务器同步时间
local stratum 10  定义本地主机时间服务器在第10层级    15以内保证偏差在1-50ms 
 
 
[root@Rhce ~]# systemctl  restart chronyd  重启软件以加载配置

客户端配置：

扫描二维码关注公众号，回复： 15640299 查看本文章

[root@localhost ~]# vim /etc/chrony.conf
 
修改如下内容
pool 192.168.101.112  iburst  从该服务器处同步时间
 
[root@localhost ~]# systemctl restart chronyd  重启chronyd 服务

测试：

[root@Rhce ~]# date
Sat Apr  8 16:35:00 CST 2023
[root@localhost ~]# date
Sat Apr  8 16:35:16 CST 2023    保持一致

服务器修改时间 检查客户机
 
[root@Rhce ~]# date 111110102023.20
Fri Nov 11 10:10:20 CST 2023     
[root@Rhce ~]# systemctl restart chronyd
 
[root@localhost ~]# date
Fri Nov 11 10:10:20 CST 2023

二、配置ssh免密登陆，能够通过客户端主机通过redhat用户和服务端主机基于公钥验证方式进行远程连接。

创建新用户：

[root@node1 ~]# useradd t1
[root@npde1 ~]# passwd t1
更改用户 t1 的密码 。
新的密码： 
无效的密码： 密码少于 8 个字符
重新输入新的密码： 
passwd：所有的身份验证令牌已经成功更新。

创建新的密钥对，并且发送到指定目录：

 
[t1@node1 root]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:peN3IXp4nusrQ5Ca/umHNzX6fO6SPJSSf6LCnv2mNc8 redhat@node1
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|       .  .      |
|      o  o       |
|     o .S....    |
|    o  .++=. .   |
|   . . o+B*o.    |
|    . ++BBO*o    |
|     +*++@X@E    |
+----[SHA256]-----+
[t1@node1 root]$ 
[t1@node1 root]$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 
 
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

客户端测试：

 
[t1@node1 root]$ ssh [email protected]
Activate the web console with: systemctl enable --now cockpit.socket
 
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Mar 18 19:58:18 2023 from 192.168.101.125
[root@server ~]# 

切换完成