ssh远程登录(telnet)
安装包:openssh-5.3p1-84.1.el6.x86_64.rpm
配置文件:/etc/ssh/sshd_config
端口:22
日志:/var/log/secure
启动服务:service sshd restart
登录
[root@robin ~]# ssh root@192.168.10.120
[root@robin ~]# ssh zhb@192.168.10.120
远程拷贝
[root@test tmp]# scp /tmp/aa.txt 172.16.110.1:/tmp/
[root@robin ~]# scp /root/install.log 172.16.110.30:/tmp/
[root@robin ~]# scp 172.16.110.30:/tmp/aa.txt 172.16.110.40:/tmp/
远程执行命令
[root@robin ~]# ssh 172.16.110.30 ls /root/
[root@robin ~]# ssh 172.16.110.30 useradd robin
查看登录信息
[root@robin ~]# w
[root@robin ~]# wall 可以一次输入多行,多字符串,按ctrl+d时需要新起一行
shutdown now !!! save your file !!!!
ctrl+d
[root@robin ~]# wall stop 直接向对方显示,单只能显示一次,并且直传一个字符穿,只能发送一次
[root@robin ~]# write root /dev/pts/12 直接对另一端/pts/12登录的用户root对话,enter发送,多次发送。
stop now!!!!
ctrl+d
[root@robin ~]# netstat -anplt -a all -n 取消解析 -p pid -l 详细信息 -t tcp
[root@robin ~]# netstat -anplt| grep 172.16.110.37
登录的历史信息
[root@robin ~]# last
[root@robin ~]# lastlog 系统用户登录情况
[root@robin ~]# whoami 当前用户身份
root
[root@robin ~]# who i am 原始登录用户身份
root pts/0 2015-12-02 14:56 (:0.0)
密钥登录
[root@robin ~]# ssh-keygen 产生密钥
[root@robin ~]# ls /root/.ssh/
id_rsa id_rsa.pub known_hosts
私钥 公钥 记录主机信息
[root@robin ~]# ssh-copy-id -i 172.16.110.20 或者
[root@robin ~]# scp /root/.ssh/id_rsa.pub 172.16.110.20:/root/.ssh/authorized_keys
禁止密码登录
[root@robin ~]# vim /etc/ssh/sshd_config
PasswordAuthentication no
修改端口
[root@robin ~]# vim /etc/ssh/sshd_config
Port 2222
登录
[root@localhost ~]# ssh 172.16.110.1 -p 22222
[root@robin ~]# scp -P 22222 172.16.110.1:/root/install.log /tmp/
限制root登录
PermitRootLogin no|yes
限制用户登录
DenyUsers 用户名
ssh日志的管理
[root@robin ~]# vim /etc/ssh/sshd_config
SyslogFacility AUTHPRIV
[root@robin ~]# vim /etc/rsyslog.conf
authpriv.* /var/log/secure
使用自定义日志接口
SyslogFacility local2
local2.* /var/log/ssh.log
用户使用自定义日志接口
[root@robin ~]# logger -p local2.debug -f /var/log/ssh.log hello world!!!!
作业:多主机互相登录
文件服务器
nfs网络文件系统
配置文件:/etc/exports
端口:2049
启动服务:service nfs restart
service rpcbind restart
服务端
[root@robin ~]# vim /etc/exports
/nfs 172.16.110.3(rw,sync) 一台服务器
/nfs 172.16.110.3(rw,sync) 172.16.110.4/32(ro) 多台
/nfs 172.16.110.0/24(rw,sync) 网端
[root@robin nfs]# chmod 757 /nfs/
客户端
[root@data1 ~]# showmount -e 172.16.110.1
/nfs 172.16.110.3
[root@data1 ~]# mount -t nfs 172.16.110.1:/nfs /mnt
不修改权限,客户端可以写入
/nfs 172.16.110.3(rw,sync,no_root_squash)
作业:
1.NAS raid+lvm+nfs
2.3自动挂载方式实现nas自动挂载
samba
/etc/samba/ 目录下的东西不能都删除
安装包:samba-3.6.9-151.el6.x86_64.rpm
samba-client-3.6.9-151.el6.x86_64.rpm
配置文件:/etc/samba/smb.conf
启动服务:service smb restart
匿名配置:
vim /etc/samba/smb.conf
security = share
[test]
comment = test
path = /tmp/test 给777 权限
writable = yes
public = yes
browseable = yes | no 隐藏共享
[root@robin 桌面]# service smb restart
客户端:
windows
地址栏 \172.16.110.1
linux
[root@robin ~]# smbclient -L //172.16.110.1 查询
[root@robin ~]# smbclient //172.16.110.1/test
挂载使用
[root@data1 ~]# mount -t cifs //172.16.110.1/test /mnt/
用户验证方式
vim /etc/samba/smb.conf
security = user
[kkk]
comment = king dir
path = /tmp/kkk 给文件夹 777的权限
writable = yes
valid users = king @uplooking 允许访问该共享的用户
invalid users = harry 禁止访问的用户
[root@robin tmp]# useradd king
[root@robin tmp]# smbpasswd -a king
[root@robin tmp]# useradd -G uplooking jerry
[root@robin tmp]# useradd -G uplooking tom
[root@robin tmp]# smbpasswd -a tom
[root@robin tmp]# smbpasswd -a jerry
客户端:
[root@data1 ~]# smbclient -L //172.16.110.1
[root@data1 ~]# smbclient -U king%123 //172.16.110.1/kkk
[root@data1 ~]# mount -o username=king,password=123 //172.16.110.1/kkk /mnt/
[kkk]
comment = king dir
path = /tmp/kkk
writable = no
valid users = king @uplooking
write list = king
public = yes 公共的
[kkk]
comment = king dir
path = /tmp/kkk
writable = yes
valid users = king @uplooking
read list = king
user模式下实现匿名访问
security = user
map to guest = bad user
[test]
comment = test
path = /tmp/test
writable = yes
public = yes
guest ok = yes
练习:
1.NAS
2.自动挂载(user)
smb -fstype=cifs,rw,sync,username=king,password=123 ://172.16.110.1/kkk
[boss]
comment = boss
path = /tmp/boss
writable = no
valid user = boss robin zorro king
write list = boss
[cw]
comment = cw
path = /tmp/boss/cw
writable = no
valid user = boss robin tom jerry
write list = robin
[yw]
comment = yw
path = /tmp/boss/yw
writable = no
valid user = boss zorro jack rose
write list = zorro
[kf]
comment = kf
path = /tmp/boss/kf
writable = no
valid user = boss king lili luci
write list = king
[pub]
comment = public
path = /tmp/pub
writable = yes
invalid user = boss
public = yes
查询所有的smb帐号
[root@robin tmp]# pdbedit -L
删除
[root@robin tmp]# smbpasswd -x bossl
samba配置中常见错误收集
一. Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
可能的原因:
1、指定的共享路径path有误,path中不能有中文字符,因为有些版本对中文支持不够好。
2、指定的共享路径不存在,譬如:smb.conf中这样配置:
[global]
workgroup = MYGROUP
server string = Linux Samba Server TestServer
security = share
[tangfu]
path = /sysadm
writeable = yes
public = yes
正确的访问方法应该是:smbclient //samba服务器IP或127.0.0.1/tangfu, 如果这样访问:samclient //127.0.0.1/tangfuu
uu 将会出现以上错误。
二、Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client lanman auth' is disabled
tree connect failed: NT_STATUS_ACCESS_DENIED
可能的原因:
1、在global中配置了security=share,但是在共享片段中没有配置public = yes。例如:
[global]
workgroup = MYGROUP
security = share
[cs2c-tangfu]
path = /home/tangfu
writeable = yes
browseable = yes
此时无论输入密码还是不输入密码均会出现上面的错误。
2、在global中配置了security=share,但是在共享片段中配置了public = yes。例如:
[global]
workgroup = MYGROUP
security = share
[cs2c-tangfu]
path = /home/tangfu
writeable = yes
browseable = yes
public = yes
此时如果不输入密码 可以正常访问,但是如果输入密码会出现以上错误。
三、session setup failed: NT_STATUS_LOGON_FAILURE
可能的原因:
1、在global中配置了guest ok = yes或者public = yes(guest ok=yes和public = yes代表的意思差不多 ),或者是在共享片段中配置 配置了guest ok = yes或者public = yes 。例如:
[global]
workgroup = MYGROUP
guest ok = yes
[cs2c-tangfu]
path = /home/tangfu
writeable = yes
browseable = yes
此时如果不输入密码可以正常访问,但是如果输入密码会出现以上错误。
四、tree connect failed:NET_STATUS_BAD_NETWORK_NAME
可能原因:
1、共享的目录没有相应的权限
五、NET_STATUS_NETWORK_ACCESS_DENIED
可能原因:
1.共享目录没有权限。
网友评论