NFS服務、SSHD服務

時間 2019-11-16

標籤 nfs 服務 sshd 欄目 Linux 简体版

原文原文鏈接

本章內容：linux

NFS服務
SSHD服務

NFS服務

NFS（Network File System）即網絡文件系統,用以在網絡上與他人共享文件和目錄；NFS是運行在應用層的協議；基於Client/Server架構。vim

部署NFS

server端部署

第一步：下載nfs和rpcbind安全

rpcbind服務：因爲在使用NFS服務進行文件共享以前，須要使用RPC（Remote Procedure Call，遠程程序調用）服務將NFS服務器的IP地址和端口號等信息發送給客戶端。所以，在啓動NFS服務以前，還須要順帶重啓並啓用rpcbind服務程序服務器

╭─root@server /home/du  
╰─➤  yum install nfs-utils rpcbind -y

...
Complete!

第二步：配置nfs文件網絡

╭─root@server /home/du  
╰─➤  vim /etc/exports      #補充編輯文件內容
...
/du 192.168.80.4/24(rw) 
/du 192.168.80.0/24(rw)
/du *(rw)  
...

第三步：重啓nfs服務和rpcbind服務架構

╭─root@server /home/du  
╰─➤  systemctl restart rpcbind nfs

第四步：更改共享目錄「/du」屬主爲nfsnobodyapp

╭─root@server /home/du  
╰─➤  chown -R nfsnobody: /du

client端部署

第一步：下載nfsdom

╭─root@client ~  
╰─➤  yum install nfs-utils -y

...
完畢！

第二步：查看共享ssh

╭─root@client ~  
╰─➤  showmount -e 192.168.80.3
Export list for 192.168.80.3:
/du (everyone)

第三步：掛載使用ide

╭─root@client ~  
╰─➤  mkdir /du             #建立掛載目錄 
╭─root@client ~  
╰─➤  mount -t nfs 192.168.80.3:/du /du      #-t：--type   vfstype
╭─root@client ~  
╰─➤  df -h      #查看掛載
文件系統             容量  已用  可用 已用% 掛載點
/dev/mapper/cl-root   17G  4.7G   13G   28% /
devtmpfs             473M     0  473M    0% /dev
tmpfs                489M  144K  489M    1% /dev/shm
tmpfs                489M  7.1M  482M    2% /run
tmpfs                489M     0  489M    0% /sys/fs/cgroup
/dev/sda1           1014M  173M  842M   18% /boot
tmpfs                 98M   24K   98M    1% /run/user/0
/dev/sr0             4.1G  4.1G     0  100% /run/media/root/CentOS 7 x86_64
192.168.80.3:/du      17G  1.3G   16G    8% /du
╭─root@client ~  
╰─➤  cd /du        #進入到掛載目錄
╭─root@client /du  
╰─➤  touch cjk        #若是sever端沒有更改共享目錄的屬主就會報錯 
touch: 正在設置"cjk" 的時間: 權限不夠
╭─root@client /du  
╰─➤  touch cjk        #sever端執行第四步：更改屬主後  
╭─root@client /du  
╰─➤  ls
1903班學員基本信息表(1).xlsx  cjk  威武.docx

SSHD服務

SSH（ Secure Shell ）即安全外殼協議；SSH 爲創建在應用層和傳輸層基礎上的安全協議；

做用1：是遠程鏈接linux系統的一種服務協議，經常使用於加密傳輸數據。

做用2：相比較以前用telnet方式來傳輸文件要安全不少，由於telnet使用明文傳輸，ssh是加密傳輸；

做用3：sshd服務使用SSH協議能夠用來進行遠程控制，或在計算機之間傳送文件；

SSH協議默認端口22，這個端口通常是能夠更改或者添加的，配置文件位置在：/etc/ssh/sshd_config經過編輯文件能夠修改sshd服務的相關配置；

ssh配置文件

/etc/ssh/ssh_config   #客戶端配置文件
/etc/sshd_config   #服務器端配置文件

SSH服務安裝(系統已經默認安裝並開機自啓)

╭─root@localhost.localdomain ~  
╰─➤  yum -y install openssh openssh-clients openssh-server openssh-askpass

遠程鏈接線上服務器

語法：ssh[遠程主機用戶名]@遠程主機ip地址

第一步：ssh鏈接（確保能ping通）

方法一：ssh root@192.168.80.4
方法二：ssh 192.168.80.4

╭─root@localhost.localdomain ~  
╰─➤  ssh 192.168.80.4              
The authenticity of host '192.168.80.4 (192.168.80.4)' can't be established.
ECDSA key fingerprint is SHA256:m+YjLnd/Q27EtPXBv+ZkEawNSjcgcExVmGZCFC6M0v8.
ECDSA key fingerprint is MD5:2c:8c:34:b9:0c:00:5f:41:9e:f8:03:bf:ce:50:de:27.
Are you sure you want to continue connecting (yes/no)? yes  #輸入yes
Warning: Permanently added '192.168.80.4' (ECDSA) to the list of known hosts.
root@192.168.80.4's password:      #輸入密碼
Last login: Sun Jun  2 13:42:47 2019 from 192.168.80.1
╭─root@localhost.localdomain ~  
╰─➤  ip a                                                                   
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:2e:d0:de brd ff:ff:ff:ff:ff:ff
    inet 192.168.80.4/24 brd 192.168.80.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::5e15:9431:4cf4:2bd5/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:8f:de:b3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:8f:de:b3 brd ff:ff:ff:ff:ff:ff

第二步：退出遠程服務器

╭─root@localhost.localdomain ~  
╰─➤  exit
Connection to 192.168.80.4 closed.
╭─root@localhost.localdomain ~  
╰─➤  ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:7f:e5:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.80.3/24 brd 192.168.80.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe7f:e512/64 scope link 
       valid_lft forever preferred_lft forever

免密登陸遠程主機

第一步：生成密鑰對

╭─root@localhost.localdomain ~  
╰─➤  ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sIQ7fonPlTfI4JKe9VGl/yqOr4YqLCi3sLJ2NkvZFe0 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|     .  .        |
|    . o. .  .    |
|     o oo  o     |
|    o o.SEo      |
|   .o=.+ + .     |
|o. o=.=.* o .    |
|=+== B.o.+.. .   |
|*+++*.o.++o....  |
+----[SHA256]-----+

第二步：查看生成的祕鑰

╭─root@localhost.localdomain ~  
╰─➤  ls /root/.ssh     #公鑰在/root/.ssh 目錄下
id_rsa   id_rsa.pub   known_hosts

———————— #其中：
id_rsa: 私鑰（執行ssh-keygen生成）
id_rsa.pub: 公鑰（執行ssh-keygen生成）
known_hosts: 主機信息
————————

第三步：傳輸公鑰

╭─root@localhost.localdomain ~  
╰─➤  ssh-copy-id root@192.168.80.4   
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.80.4's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.80.4'"
and check to make sure that only the key(s) you wanted were added.

第四步：免密登陸

╭─root@localhost.localdomain ~  
╰─➤  ssh 'root@192.168.80.4'        
Last login: Sun Jun  2 19:01:49 2019 from 192.168.80.3

第五步：退出遠程服務器

╭─root@localhost.localdomain ~  
╰─➤  exit
Connection to 192.168.80.4 closed.

拓展：scp

做用：
scp能夠實現遠程主機之間的文件複製
scp使用ssh協議，全部想要免密進行復制，須要發送祕鑰給相應的節點

option：
-r: 複製目錄時使用
-P：大寫的P指定端口

演示：

╭─root@localhost.localdomain /home/du  
╰─➤  ls
3  cjk  default  更名.docx
╭─root@localhost.localdomain /home/du  
╰─➤  scp cjk 192.168.80.4:/home       #scp發送主機文件到遠程節點
The authenticity of host '192.168.80.4 (192.168.80.4)' can't be established.
ECDSA key fingerprint is 2c:8c:34:b9:0c:00:5f:41:9e:f8:03:bf:ce:50:de:27.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.80.4' (ECDSA) to the list of known hosts.
root@192.168.80.4's password:           #輸入密碼
cjk                                                                                                    100%    6     0.0KB/s   00:00    
╭─root@localhost.localdomain /home/du  
╰─➤  scp 192.168.80.4:/home/cjk /home     #scp拉取遠程節點文件到本地
root@192.168.80.4's password:            #輸入密碼
cjk                                                                                                    100%    6     0.0KB/s   00:00    
╭─root@localhost.localdomain /home/du  
╰─➤  ls /home
cjk  du  test1  test2