RHCE课程作业-01

1. linux配置桥接

[root@zhujd ~]# nmcli connection add type bridge con-name br1 ifname br1 ipv4.addresses 192.168.5.200/24 ipv4.gateway 192.168.5.2 ipv4.method manual
[root@zhujd ~]# nmcli connection add type bridge-slave con-name br1-port1 ifname ens224 master br1
[root@zhujd ~]# nmcli connection up br1-port1 
[root@zhujd ~]# nmcli connection up br1

2. ssh：拒绝用户远程登录
   在/etc/ssh/sshd_config文件中加入AllowUsers Username（不存在的用户名）

[root@zhujd ssh]# vim /etc/ssh/sshd_config 
# override default of no subsystems
Subsystem       sftp    /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
AllowUsers Username

3. ssh免密登录
   先将主机生成的公钥写入authorized_keys，通过远程传输，将文件发到目标主机的~/.ssh/

[root@zhujd ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZKxggISCeeKAZ6dEwrsIHuhU7lgWiItbQ45pthhPt3c root@zhujd
The key's randomart image is:
+---[RSA 3072]----+
|O=+              |
|@+*+.  .         |
|*%+o+   +        |
|OB*=.. +         |
|X*Oo .. S        |
|+*... . E        |
|     . .         |
|                 |
|                 |
+----[SHA256]-----+
[root@zhujd .ssh]# cat id_rsa.pub  >> authorized_keys
[root@zhujd .ssh]# scp authorized_keys 192.168.5.134:~/.ssh/
root@192.168.5.134's password: 
authorized_keys                                                                           100%  564   393.9KB/s   00:00    
[root@zhujd .ssh]#