1 简介
初始安装完debian 7.7.0时,需要首先配置网络及apt-get源,才能正常使用。
2 debian配置
2.1 debian 7.7.0配置网络及apt-get源
2.1.1 配置网络-静态IP
修改文件/etc/network/interfaces
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).配置完成后文件信息为
# The loopback network interface
$ auto lo
$ iface lo inet loopback
# 增加如下选项
$ iface eth0 inet static
$ address 192.168.1.18
$ netmask 255.255.255.0
$ gatway 192.168.1.1使网络配置生效
root@debian:~# ifdown eth0
root@debian:~# ifup eth0
2.1.2 配置网络-DHCP方式(访问外网)
# 修改文件/etc/network/interfaces
$ vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
配置完成后文件信息为
# The loopback network interface
$ auto lo
$ iface lo inet loopback
# 增加如下选项
$ allow-hotplug eth0
$ iface eth0 inet dhcp使网络配置生效
root@debian:~# ifdown eth0
root@debian:~# ifup eth0
2.2 配置apt-get源
2.2.1 默认从cd介质安装
2.2.2 更改为网络源
root@debian:~# vi /etc/apt/sources.list
首先屏蔽掉本地源
# 注释掉原来的apt-get源,这个是加载光盘的源,如果需要加载光盘中的源,而不用网络上的源,请不要注释
# deb cdrom:[Debian GNU/Linux 7.7.0 _Wheezy_ - Official amd64 DVD Binary-1 2014101
8-13:06]/ wheezy contrib main然后添加列表到sources.list文件里
# 设置apt-get源为163镜像站的源
$ deb http://mirrors.163.com/debian wheezy main non-free contrib
$ deb-src http://mirrors.163.com/debian wheezy main non-free contrib#在配置文件中增加163软件更新源。
$ deb http://mirrors.163.com/debian wheezy-updates main non-free contrib
$ deb-src http://mirrors.163.com/debian wheezy-updates main non-free contrib
#在配置文件中增加163安全软件更新源。
$ deb http://security.debian.org/ wheezy/updates main
$ deb-src http://security.debian.org/ wheezy/updates mainPS: Debian-9.6的配置源方法 Debian-7的版本代号为 wheezy Debain-8的代号为Jessie Debian-9的版本代号为stretch,不同版本,下面的代号改为对应的英文单词即可,此处使用Debian-9的英文代号 stretch
修改配置文件/etc/apt/sources.list
修改成163源:
deb http://mirrors.163.com/debian/ stretch main non-free contrib
deb http://mirrors.163.com/debian/ stretch-updates main non-free contrib
deb http://mirrors.163.com/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch-backports main non-free contrib
deb http://mirrors.163.com/debian-security/ stretch/updates main non-free contrib
deb-src http://mirrors.163.com/debian-security/ stretch/updates main non-free contrib
修改成清华源:
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-updates main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-backports main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-updates main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-backports main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security/ stretch/updates main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security/ stretch/updates main non-free contrib
修改成科大源:
deb http://mirrors.ustc.edu.cn/debian/ stretch main non-free contrib
deb http://mirrors.ustc.edu.cn/debian/ stretch-updates main non-free contrib
deb http://mirrors.ustc.edu.cn/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch-backports main non-free contrib
deb http://mirrors.ustc.edu.cn/debian-security/ stretch/updates main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian-security/ stretch/updates main non-free contrib
2.3 更新配置
# 更新配置
root@debian:~# apt-get update
# 测试安装一个htop组件
root@debian:~# apt-get install htop
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages: strace ltrace
The following NEW packages will be installed: htop
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 63.7 kB of archives.
After this operation, 209 kB of additional disk space will be used.
Get:1 http://mirrors.163.com/debian/ squeeze/main htop amd64 0.8.3-1 [63.7 kB]
Fetched 63.7 kB in 0s (99.9 kB/s)
Selecting previously unselected package htop.
(Reading database ... 25847 files and directories currently installed.)
Unpacking htop (from .../htop_0.8.3-1_amd64.deb) ...
Processing triggers for man-db ...
Setting up htop (0.8.3-1) ...
# 修改网络源成功!2.4 更新源后,第一时间安装vim
# 安装vim
$ sudo apt-get install vim2.5 开启Debian root账户远程ssh登录(默认安装后无法正常登录)
安装完成DebianLinux后,默认无法ssh远程登录的,当你尝试登录时,会出现下面情况(目录Debian9/Debian8都是这样的)
$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,password).开启SSH远程登录,您应当配置ssh server , 使用vim打开 /etc/ssh/sshd_config ,把PermitRootLogin改为 yes
$ sudo vim /etc/ssh/sshd_config
...
# 进入sshd_config配置文件,修改PermitRootLogin参数
FROM:
PermitRootLogin without-password
TO:
PermitRootLogin yes改完后重启ssh server
# /etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.然后在其他机器上,使用ssh命令远程登录
$ ssh [email protected]
[email protected]'s password: The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux system 下的软件是免费自由的,各个发行版的版权声明在/usr/share/doc/*/copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law. 受相应法律许可,Debian GNU/Linux 是没有授权费用的
另外注意:如果您是在mac电脑上登录,记得ssh前最好加上sudo,不然可能会被本地的权限给禁止
命令演示:sudo ssh -p 22 [email protected]
MacdeMacBook-Pro:~ mac$ sudo ssh -p 22 [email protected]
Password:
The authenticity of host '192.168.1.91 (192.168.1.91)' can't be established.
ECDSA key fingerprint is SHA256:lSl0n+ChmDz7Ajm+20NU5ZnWFKJfHTl2vwghpenvFu0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.91' (ECDSA) to the list of known hosts.
[email protected]'s password:
Linux debian-stable 4.9.0-8-686-pae #1 SMP Debian 4.9.130-2 (2018-10-27) i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Dec 3 08:08:57 2018
miazzy@debian-stable:~$
miazzy@debian-stable:~$
miazzy@debian-stable:~$
miazzy@debian-stable:~$
另外附:RedHat系Linux的启用ssh方法
# 在虚拟机(Vmware Workstation)下,安装了CentOS7,现在想通过SSH工具连接虚拟机中的CentOS7
1、首先,要确保CentOS7安装了 openssh-server
在终端中输入
yum list installed | grep openssh-server
此处显示已经安装了 openssh-server
如果又没任何输出显示表示没有安装 openssh-server 通过输入
yum install openssh-server
来进行安装openssh-server
2、找到了/etc/ssh/ 目录下的sshd服务配置文件 sshd_config,用Vim编辑器打开
将文件中,关于监听端口、监听地址前的 # 号去除
然后开启允许远程登录
最后,开启使用用户名密码来作为连接验证
保存文件,退出
3、开启 sshd 服务,输入
sudo service sshd start
检查 sshd 服务是否已经开启,输入ps -e | grep sshd
或者输入netstat -an | grep 22 检查 22 号端口是否开启监听
4、在Vmware Workstation中,查看CentOS7的属性,发现网络连接方式是采用的 NAT 方式连接的
5、在Vmware Workstation中,点击编辑=》虚拟网络编辑器,进入虚拟网络编辑器,查看发现 NAT 模式的连接采用的网络适配器名称为VMnet8
6、在 windows 主机中,在命令行中输入ipconfig 查看主机IP,找到 VMnet8 的连接信息,此处 ip 为192.168.30.1
7、在CentOS中,输入ifconfig查看网络连接地址,发现CentOS的网络地址为192.168.112.128
8、在CentOS中,输入ping 192.168.30.1 测试是否能连通主机,发现可以连通
9、在主机中,输入 ping 192.168.112.128,测试主机是否能连通CentOS,发现连不通
如果可以连得通,可以直接跳至第12 步
10、在主机,打开网络配置,选择网络适配器 VMnet8 的 TCP/IPv4 的属性,进行一下网络配置
要求子网掩码、默认网关均和CentOS一致,并将IP地址修改为 192.168.112.1,即保证主机的 IP 和 CentOS 的 IP 在同一网络区段中
11、再在主机中,输入 ping 192.168.112.128,已经可以连接得通了
12、在SSH工具(此处使用的XShell)中,新建连接,输入 CentOS 的 IP 地址、用户名、密码即可连接成功
13、为了免去每次开启 CentOS 时,都要手动开启 sshd 服务,可以将 sshd 服务添加至自启动列表中,输入systemctl enable sshd.service
可以通过输入systemctl list-unit-files | grep sshd,查看是否开启了sshd 服务自启动另附:启用公钥免密登录
1.通过yum删除现有的openssh-server,然后重新安装openssh-server
#yum -y remove openssh-server
#yum -y install openssh-server
2.设置密钥
#
#sshd-keygen
3.修改sshd_config配置文件中的PubkeyAuthentication选项,设置该选项值为yes
PubkeyAuthentication yes
4.启动sshd
#/usr/sbin/sshdpwd
5.通过其他服务器连接该container
[root@centos-cloudera-1 ~]# ssh 10.10.200.4
[email protected]'s password:
[email protected]:Miazzy/Demo.git
模型分析
假设 A (192.168.20.59)为客户机器,B(192.168.20.60)为目标机;
要达到的目的:
A机器ssh登录B机器无需输入密码;
加密方式选 rsa|dsa均可以,默认dsa
ssh-keygen -t rsa #使用rsa加密tho
二、具体操作流程
单向登陆的操作过程(能满足上边的目的):
1、登录A机器
2、ssh-keygen -t [rsa|dsa],将会生成密钥文件和私钥文件 id_rsa,id_rsa.pub或id_dsa,id_dsa.pub
3、将 .pub 文件复制到B机器的 .ssh 目录, 并 cat id_dsa.pub >> ~/.ssh/authorized_keys
4、大功告成,从A机器登录B机器的目标账户,不再需要密码了;(直接运行 #ssh 192.168.20.60 )
vim
双向登陆的操作过程:
1、ssh-keygen做密码验证可以使在向对方机器上ssh ,scp不用使用密码.具体方法如下:
2、两个节点都执行操作:#ssh-keygen -t rsa
然后全部回车,采用默认值.
3、这样生成了一对密钥,存放在用户目录的~/.ssh下。
将公钥考到对方机器的用户目录下 ,并将其复制到~/.ssh/authorized_keys中(操作命令:#cat id_dsa.pub >> ~/.ssh/authorized_keys )。
4、设置文件和目录权限:
设置authorized_keys权限
$ chmod 600 authorized_keys
设置.ssh目录权限
$ chmod 700 -R .ssh
5、要保证.ssh和authorized_keys都只有用户自己有写权限。否则验证无效。中文转载来源:http://blog.csdn.net/jesseyoung/article/details/41387393
配置转载来源:https://blog.csdn.net/krupzone/article/details/78957013
免密登录转载来源:https://blog.csdn.net/wh_19910525/article/details/7433164