2.Linux.0403.随堂笔记

张开发
2026/4/19 22:42:03 15 分钟阅读

最新文章

推荐文章

相关文章

分享文章

2.Linux.0403.随堂笔记
Linux-0403-笔记一、window终端工具使用密钥登陆1、生成密钥对私钥和公钥xshell为例点击工具 - 打开用户密钥管理者 - 生成 - 直接下一步下一步 不用设置密码暂时找到刚刚生成的私钥 - 属性 - 公钥 复制公钥2、写入文件~/.ssh/authorized_keys#进入准备的文件写入刚才生成的公钥[rootcontenOS7 ~18:22:58]# vim .ssh/authorized_keys#查看文件的权限[rootcontenOS7 ~18:37:25]# ll .ssh/authorized_keys-rw-r--r--1root root389Apr318:37 .ssh/authorized_keys#修改文件权限为600[rootcontenOS7 ~18:37:47]# chmod 600 .ssh/authorized_keys3、验证登陆的时候选择验证方式为公钥并指定对应的公钥测试结果可以直接通过公钥登陆不需要输入密码二、ssh工具配置文件~/.ssh/config用户级别给用户自己定制优先级更高/etc/ssh/sshd_config针对sshd服务生效。/etc/ssh/ssh_config系统全局级别默认设置针对系统中所有用户生效sshd 服务配置文件控制root用户登录。因为所有Linux系统管理员都是root防止暴力破解。 PermitRootLogin no 禁止登录 PermitRootLogin prohibit-password 禁止使用密码登录如果版本低的话可以使用without-password#防止出现问题可以先复制一下文件备份[rootcontenOS7 ~18:43:57]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.20260403#进入到配置文件里面进行修改[rootcontenOS7 ~18:53:21]# vim /etc/ssh/sshd_config#重新加载服务[rootcontenOS7 ~19:18:05]# systemctl reload sshd/Root定位。如果第一个搜索到的内容不是需要的使用nnext查找下一个。yy 复制对应行p 粘贴到下一行。保留原有行删除#取消掉注释w 跳转到yes位置cw 替换一个单词输入prohibit-password按escZZ 保存退出验证结果就是输入密码登陆不进只能使用密钥登陆三、man帮助[rootcontenOS7 ~19:18:21]# man --helpUsage:man[OPTION...][SECTION]PAGE... -C, --config-fileFILE use this user configurationfile-d,--debugemit debugging messages -D,--defaultreset all options to their default values --warnings[WARNINGS]enablewarnings from groff Main modes of operation: -f,--whatisequivalent to whatis -k,--aproposequivalent toapropos-K, --global-apropos searchfortextinall pages -l, --local-file interpret PAGE argument(s)aslocalfilename(s)-w, --where, --path,--locationprint physical location ofmanpage(s)-W, --where-cat, --location-cat print physical location ofcatfile(s)-c,--catmanused by catman to reformat out ofdatecatpages -R,--recodeENCODING outputsourcepage encodedinENCODING Finding manual pages: -L,--localeLOCALE define the localeforthis particularmansearch -m,--systemsSYSTEM use manual pages from other systems -M,--manpathPATHsetsearch pathformanual pages toPATH-S, -s,--sectionsLIST use colon separated section list -e,--extensionEXTENSION limit search to extensiontypeEXTENSION -i, --ignore-caselookforpages case-insensitively(default)-I, --match-caselookforpages case-sensitively--regexshow all pages matching regex--wildcardshow all pages matching wildcard --names-onlymake--regexand--wildcardmatch page names only, not descriptions -a,--allfindall matching manual pages -u,--updateforce a cache consistency check --no-subpages dont try subpages, e.g. manfoo bar manfoo-bar Controlling formatted output: -P, --pagerPAGER use program PAGER to display output -r, --promptSTRING provide the lesspager with a prompt -7,--asciidisplay ASCII translation of certain latin1 chars -E,--encodingENCODING use selected output encoding --no-hyphenation,--nhturn off hyphenation --no-justification,--njturn off justification -p,--preprocessorSTRING STRING indicateswhichpreprocessors to run: e -[n]eqn, p - pic, t - tbl, g - grap, r - refer,v- vgrind -t,--troffuse groff toformatpages -T, --troff-device[DEVICE]use groff with selected device -H, --html[BROWSER]use elinks or BROWSER to display HTML output -X, --gxditview[RESOLUTION]use groff and display through gxditview(X11):-X-TX75,-X100-TX100, -X100-12-TX100-12 -Z,--ditroffuse groff and force it to produce ditroff -?,--helpgive thishelplist--usagegive a short usage message -V,--versionprint program version Mandatory or optional arguments to long options are also mandatory or optionalforany corresponding short options. Report bugs to cjwatsondebian.org.查询配置文件例如man sshd_config可以使用*/*进行搜索关键词四、软件包4.1 软件包查询与更新#查看当前软件包的版本[rootcontenOS7 ~19:21:54]# rpm -q openssh-serveropenssh-server-7.4p1-23.el7_9.x86_64#查询可用软件包版本[rootcontenOS7 ~19:31:29]# yum list openssh-server --showduplicatesLoaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Installed Packages#已安装的软件包openssh-server.x86_647.4p1-23.el7_9 updates Available Packages#可安装的软件包openssh-server.x86_647.4p1-21.el7 base openssh-server.x86_647.4p1-22.el7_9 updates openssh-server.x86_647.4p1-23.el7_9 updates#升级版本[rootcontenOS7 ~19:34:22]# yum update -y openssh-server4.2 vmware 三种网络模式bash-completion 命令行补全vim 高亮显示编辑器进入文件并修改open-vm-tools vmware 更好地控制虚拟机lrzsz 上传和下载unzip 解压ziprsync 同步sshpass 传递密码五、日志systemd-journal systemd子系统rsyslog 服务对应5.1rsyslog 将日志记录到对应的文件中/var/log/messages :大多数系统日志排除认证、邮件、定时任务、调试日志)/var/log/secure :安全/认证相关日志如ssh登录、用户验证/var/log/maillog :邮件服务相关日志如sendmail/postfix/var/log/cron :定时任务执行日志crontab/anacron/var/log/boot.log :系统启动过程中的非syslog控制台消息#查看一下日志无操作[rootcontenOS7 ~19:34:22]# tail -f /var/log/secureApr318:21:21 contenOS7 sshd[989]: Server listening on :: port22. Apr318:22:58 contenOS7 sshd[1252]: Accepted passwordforroot from10.1.8.1 port58185ssh2 Apr318:22:58 contenOS7 sshd[1252]: pam_unix(sshd:session): session openedforuser root by(uid0)Apr318:43:57 contenOS7 sshd[1286]: Accepted publickeyforroot from10.1.8.1 port59453ssh2: RSA SHA256:4JEpIGxxoV0E7b8Cw6/6wtRcyTi20RyRy13jYlRupvY Apr318:43:57 contenOS7 sshd[1286]: pam_unix(sshd:session): session openedforuser root by(uid0)Apr319:18:21 contenOS7 polkitd[730]: Registered Authentication Agentforunix-process:1338:342620(system bus name :1.23[/usr/bin/pkttyagent --notify-fd5--fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)Apr319:18:21 contenOS7 sshd[989]: Received SIGHUP;restarting. Apr319:18:21 contenOS7 polkitd[730]: Unregistered Authentication Agentforunix-process:1338:342620(system bus name :1.23, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)(disconnected from bus)Apr319:18:21 contenOS7 sshd[989]: Server listening on0.0.0.0 port22. Apr319:18:21 contenOS7 sshd[989]: Server listening on :: port22. ^c#查看日志终端连接关闭再重启查看日志状态[rootcontenOS7 ~19:48:18]# tail -f /var/log/secureApr318:43:57 contenOS7 sshd[1286]: Accepted publickeyforroot from10.1.8.1 port59453ssh2: RSA SHA256:4JEpIGxxoV0E7b8Cw6/6wtRcyTi20RyRy13jYlRupvY Apr318:43:57 contenOS7 sshd[1286]: pam_unix(sshd:session): session openedforuser root by(uid0)Apr319:18:21 contenOS7 polkitd[730]: Registered Authentication Agentforunix-process:1338:342620(system bus name :1.23[/usr/bin/pkttyagent --notify-fd5--fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)Apr319:18:21 contenOS7 sshd[989]: Received SIGHUP;restarting. Apr319:18:21 contenOS7 polkitd[730]: Unregistered Authentication Agentforunix-process:1338:342620(system bus name :1.23, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)(disconnected from bus)Apr319:18:21 contenOS7 sshd[989]: Server listening on0.0.0.0 port22. Apr319:18:21 contenOS7 sshd[989]: Server listening on :: port22.##################################################################################################Apr319:48:37 contenOS7 sshd[1252]: pam_unix(sshd:session): session closedforuser root Apr319:48:38 contenOS7 sshd[1356]: Accepted publickeyforroot from10.1.8.1 port61570ssh2: RSA SHA256:4JEpIGxxoV0E7b8Cw6/6wtRcyTi20RyRy13jYlRupvY Apr319:48:38 contenOS7 sshd[1356]: pam_unix(sshd:session): session openedforuser root by(uid0)5.2 模拟sshd故障#备份一下文件防止中途出现问题[rootcontenOS7 ~19:48:57]# cp /etc/ssh/sshd_config{,.study}#插入不相关的字符串[rootcontenOS7 ~20:03:13]# echo abc123 /etc/ssh/sshd_config#启动时发现出现了问题[rootcontenOS7 ~20:03:52]# systemctl restart sshdJobforsshd.service failed because the control process exited with error code. Seesystemctl status sshd.serviceandjournalctl -xefordetails.#根据提示查看sshd状态[rootcontenOS7 ~20:04:45]# systemctl status sshd.service● sshd.service - OpenSSH server daemon Loaded: loaded(/usr/lib/systemd/system/sshd.service;enabled;vendor preset: enabled)Active: activating(auto-restart)(Result: exit-code)since Fri2026-04-0320:04:49 CST;7s ago Docs: man:sshd(8)man:sshd_config(5)Process:1344ExecReload/bin/kill-HUP$MAINPID(codeexited,status0/SUCCESS)Process:1410ExecStart/usr/sbin/sshd-D$OPTIONS(codeexited,status255)Main PID:1410(codeexited,status255)Apr 0320:04:49 contenOS7 systemd[1]: Failed to start OpenSSH server daemon. Apr 0320:04:49 contenOS7 systemd[1]: Unit sshd.service entered failed state. Apr 0320:04:49 contenOS7 systemd[1]: sshd.service failed.######发现显示faild报错#查看日志[rootcontenOS7 ~20:04:57]# tail /var/log/messagesApr320:04:49 contenOS7 systemd: sshd.service failed. Apr320:05:32 contenOS7 systemd: sshd.service holdofftimeover, scheduling restart. Apr320:05:32 contenOS7 systemd: Stopped OpenSSH server daemon. Apr320:05:32 contenOS7 systemd: Starting OpenSSH server daemon...###########################注意注意注意##################################Apr320:05:32 contenOS7 sshd: /etc/ssh/sshd_config: line143: Bad configuration option: abc123#################line143第143行有问题optionabc123#################Apr320:05:32 contenOS7 sshd: /etc/ssh/sshd_config: terminating,1bad configuration options Apr320:05:32 contenOS7 systemd: sshd.service: main process exited,codeexited,status255/n/a Apr320:05:32 contenOS7 systemd: Failed to start OpenSSH server daemon. Apr320:05:32 contenOS7 systemd: Unit sshd.service entered failed state. Apr320:05:32 contenOS7 systemd: sshd.service failed.#进入配置文件进行检查并修改[rootcontenOS7 ~20:06:36]# vim /etc/ssh/sshd_config#修复完成之后重启并查看shhd运行状态[rootcontenOS7 ~20:08:20]# systemctl restart sshd[rootcontenOS7 ~20:08:42]# systemctl is-active sshdactive

更多文章