Directory
1. Environment preparation
2. Configure Chrony to build a time server
1. Configure the Chrony configuration file on the host side (server side)
2. Configure the Chrony configuration file on the client side (host1 side)
3. Time server configuration results
4. Configure ssh to realize password-free login configuration
1. Locate the server and make a key pair
2. Locate the server and upload the public key
3. Repeat the above operations to locate the client, and create a secret-free login from the client to the server
Five. ssh two-way password-free login configuration results
1. Environment preparation
1. Linux operating system (RedHat9)
2. Install the software:
[root@server ~]# yum install chrony -y # Installation is used to build ntp time server [root@server ~]# systemctl enable chronyd # Boot up [root@server ~]# systemctl start chronyd # start service [root@server ~]# yum install openssh-server #Installation is used to realize ssh password-free login
3. There are 2 hosts in total, one server and one node
4. All hosts can be connected to the Internet and are familiar with network information
5. Turn off all security software
2. Configure Chrony to build a time server
1. Configure the Chrony configuration file on the host side (server side)
1. Enter the chorny configuration file
vim /etc/chrony.conf
2. Modify the configuration file
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (https://www.pool.ntp.org/join.html). server ntp.aliyun.com iburst //The host uses the ntp service provided by Alibaba Cloud # Allow NTP client access from local network. allow 192.168.163.0/24 //Here configure the range of clients that allow ntp service access
3. Restart the time synchronization service
[root@server ~]# systemctl restart chronyd
4. Synchronize time
[root@server ~]# chronyc sourcestats -v .- Number of sample points in measurement set. / .- Number of residual runs with same sign. | / .- Length of measurement set (time). | | / .- Est. clock freq error (ppm). | | | / .- Est. error in freq. | | | | / .- Est. offset. | | | | | | On the -. | | | | | | samples. \ | | | | | | | Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev ==================================================== ============================== 203.107.6.88 16 8 20m -0.149 9.018 -11us 2700us
2. Configure the Chrony configuration file on the client side (host1 side)
1. Enter the chorny configuration file
vim /etc/chrony.conf
2. Modify the configuration file
# Use public servers from the pool.ntp.org project. # Please consider joining the pool (https://www.pool.ntp.org/join.html). pool 192.168.163.132 iburst //Here only need to change this to the IP address of the host
3. Restart the time synchronization service
[root@host1 ~]# systemctl restart chronyd
4. Synchronize time
[root@node1 ~]# chronyc sources -v .-- Source mode '^' = server, '=' = peer, '#' = local clock. / .- Source state '*' = current best, ' + ' = combined, '-' = not combined, | / 'x' = may be in error, '~' = too variable, '?' = unusable. || .- xxxx [ yyyy ] + /- zzzz || Reachability register (octal) -. | xxxx = adjusted offset, || Log2(Polling interval) --. | | yyyy = measured offset, || \ | | zzzz = estimated error. || | | \ MS Name/IP address Stratum Poll Reach LastRx Last sample ==================================================== =============================== ^* 192.168.163.132 3 6 347 21 -3989us[-2622us] + /- 37ms
3. Time server configuration results
Check if srever is time synchronized
[root@server ~]# timedatectl status Local time: Sun 2023-05-21 10:05:22 CST Universal time: Sun 2023-05-21 02:05:22 UTC RTC time: Sun 2023-05-21 02:05:22 Time zone: Asia/Shanghai (CST, + 0800) System clock synchronized: yes # yes means the time is synchronized NTP service: active RTC in local TZ: no
Check whether host1 time is synchronized
[root@node1 ~]# timedatectl status Local time: Sun 2023-05-21 11:48:36 CST Universal time: Sun 2023-05-21 03:48:36 UTC RTC time: Sun 2023-05-21 03:48:36 Time zone: Asia/Shanghai (CST, + 0800) System clock synchronized: yes NTP service: active RTC in local TZ: no
4. Configure ssh to realize password-free login configuration
1. Locate the server and make a key pair
[root@server ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): #Enter Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): #Enter Enter same passphrase again: #Enter Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:c7zFdtFQrplVma9jwGuSTcaYoJwNKhZThV1QSWuA8cw root@server The key's randomart image is: + ---[RSA 3072]----+ | .o* + = + . ..=| | o o + o.o. *.| | o oE=o. = . =| | o . + ...o.* *.| | . . S o= + o=. | | oo + + . + | | .o . . | | | | | + ----[SHA256]----- +
2. Locate the server and upload the public key
[root@server ~]# ssh-copy-id [email protected] #Enter the IP address of the client The authenticity of host '192.168.163.133 (192.168.163.133)' can't be established. ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes #Enter yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: #Enter the root user password of the peer Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
3. Repeat the above operation to locate the client and create a password-free login from the client to the server
[root@node1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:63lh4RPV1pazNJfEGAZUFpW + + ZHEpsUjYI6cmvQC32c root@node1 The key's randomart image is: + ---[RSA 3072]----+ |.ooBB++| | o + .oO + | | . =...=.=| | . . + o. . X | | + S. o * =| | = + = E . = | | o.oo o| | . .. .| | o. | + ----[SHA256]----- + [root@node1 ~]# ssh-copy-id [email protected] The authenticity of host '192.168.163.132 (192.168.163.132)' can't be established. ED25519 key fingerprint is SHA256:L5k0SIvpc7knC1e7ELbAUaXgR0sHulQrE/jXBmYoKFs. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
Five. ssh two-way password-free login configuration results
node1 login server
[root@node1 ~]# ssh 192.168.163.132 Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Sat May 20 10:56:14 2023 from 192.168.163.1 [root@server ~]#
server login node1
[root@server ~]# ssh [email protected] Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Sat May 20 12:06:18 2023