##############系统服务的控制##########
1.systemd
系统的初始化程序,系统开始额第一个进程,pid为1
2.systemctl 命令
systemctl list-units #####列出当前系统服务的状态
systemctl list-unit-files #####列出服务的开机状态
systemctl status sshd #####查看指定服务的状态
systemctl stop sshd #####关闭指定服务
systemctl start sshd #####开启指定服务
systemctl restart sshd #####重新启指制定服务
systemctl enable sshd #####设定指定服务开机开启
systemctl disable sshd #####设定指定服务开机关闭
systemctl reload sshd #####使制定服务重新加载配置
systemctl list-dependences sshd ###查看制定服务的依赖关系
sysytemctl mask sshd ####冻结指定服务
sysytemcrl unmask sshd ####启用服务
systemctl set-defult multi-user.target ###开机不开启图形
systemctl set-defult graphical.target ###开机开启图形
3.服务状态
systemctl status 服务名称
loaded #####系统服务已经初始化完成,加载过配置
active(running) #####正有一个或多个程序正在系统中执行
vsftpd就是这种模式
active(exited) #####仅执行一次就正常结束的服务
目前并没有任何程序在系统中执行
active(waiting) #####正在执行当中
不过还在等待其他事件才能继续处理
inactive #####服务关闭
enabled #####服务开机启动
disabled #####服务开机不自启
static #####服务开机启动项不可被管理
##########openssh-server#######
###1.openssh-server###
功能:让远程主机可以通过网络访问ssh服务,开始一个安全的shell
###2.客户端连接方式###
ssh远程主机用户@远程主机ip
实验:用desktop机远程控制server机
[root@localhost .ssh]# ssh root@172.25.28.11 ###连接远程主机用户
The authenticity of host '172.25.28.11 (172.25.28.11)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes ###连接陌生主机需要建立认证关系
Warning: Permanently added '172.25.28.11' (ECDSA) to the list of known hosts.
root@172.25.28.11's password: ###远程主机用户密码
[root@localhost ~]# ###连接成功
在desktop机的.ssh/下会生成known_hosts,里面记录你访问过客户端的公钥。删除(>known_hosts)后,再次访问该客户端,需重新建立认证关系。
ssh 远程主机用户@远程主机ip -X###调用运城主机图形工具
在server机打开
[root@localhost .ssh]# vim /etc/motd
输入内容
在desktop机远程控制server机时,就会出现该输入内容。
[root@localhost .ssh]# ssh root@172.25.28.11
root@172.25.28.11's password:
Last login: Sun Nov 6 22:34:14 2016 from 172.25.28.10
zou ni!!!
啦啦啦
#####3.ssh-keygen####
#在server机中
1.生成公钥私钥
[root@localhost .ssh]# ssh-keygen ###生成公钥私钥工具
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): [enter] ###加密字符保存文件(建议使用默认)
Enter passphrase (empty for no passphrase): [enter] ###密码钥匙,必须>4个字符
Enter same passphrase again: [enter] ###确认密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d5:e5:dc:98:ed:d6:fe:c5:4e:bc:c7:25:a6:21:f4:90 root@localhost
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| . |
| . + = |
| ... = o|
| .E ..|
| S. o +|
| . o o=.|
| . + oB|
| . o*|
| .+|
+-----------------+
[root@localhost .ssh]# ls/root/.ssh/
id_rsa ###私钥。就是钥匙
id_rsa.pub ###公钥。就是锁
2.添加key认证方式
[root@localhost .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.28.11
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.28.11's password:
Permission denied, please try again.
root@172.25.28.11's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.28.11'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]#
ssh-copy-id###添加key认证方式的工具
-i ###指定加密key文件
/root/.ssh/id_rsa.pub ###加密key
root ###加密用户为root
172.25.28.11 ###被加密主机ip
3.分发钥匙给client主机
[root@localhost ~]# scp /root/.ssh/id_rsa root@172.25.28.10:/root/.ssh/
root@172.25.28.10's password:
id_rsa 100% 1675 1.6KB/s 00:00
4.测试
用desktop机
[root@localhost ~]# ssh root@172.25.28.11 ###通过id_sra直接连接不需要输入密码
Last login: Mon Nov 7 00:32:45 2016 from 172.25.28.10
[root@localhost ~]# su - student
[student@localhost ~]$ ssh @172.25.28.11
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport] [-Q protocol_feature]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
######sshd服务的简单配置#######
vim /etc/ssh/sshd_config ###sshd服务的配置文件
48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###从新加载配置
###ip的基础知识###
ipv4 ###2进制32位--------10进制
172.25.28.10/255.255.255.0
172.25.28.10 ###ip地址
255.255.255.0 ###子网掩码
子网掩码255对应的ip位为网络位
子网掩码0对应的ip位为主机位
###配置ip####
1.ifconfig eth0 172.25.28.200 netmask 255.255.255.0 ###临时更改ip
2.nm-connection-editor ###图形界面改ip(永久的)
systemctl restart network ###重启网络
3.nmtui ###文本界面改ip(永久的)
systemctl restart network ###重启
4.文件
dhcpd ####动态获取
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 ##接口使用设备
BOOTPROTO=dhcp ##网卡工作模式
ONBOOT=yes ##网络服务开启时自动激活
NAME=eth0 ##网络接口名称
systemctl restart network ####重启网络
static|none ####静态网络
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static|none
ONBOOT=yes
NAME=eth0
IPADDR=172.25.28.100 ##IP
NETNASK=255.255.255.0 | PREFIX=24 ##子网掩码
systemctl restart network ####重启网络
########gateway网关########
1.路由器
主要功能是用来作nat的
dnat目的地地址转换
snat源地址转换
3.设定网关
systemctl stop NetwrokManager
vim /etc/sysconfig/network ##全局网关
GATEWAY=网关ip
vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件 ##网卡接口网关
GATEWAY=网关ip
systemctl restart netwrok
route -n ##查询网关
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 (网关)172.25.28.254 0.0.0.0 UG 0 0 0 eth0
172.25.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
2.设定dns
vim /etc/resolv.conf
nameserver dns服务器ip
vim /etc/sysconfig/network-scripts/ifcfg-网卡配置文件
DNS1=dns服务器ip
3.本地解析文件
vim /etc/hosts
ip主机名称
4.本地解析文件和dns读取的优先级调整
/etc/nsswitch.conf
38 #hosts: db files nisplus nis dns
39 hosts: files dns ##files代表本地解析文件,dns代表dns服务器,那个在前面那个优先
5.dhcp服务的配置
