【轉載&翻譯】Debian配置Networking 和 apt-get 源資訊 & 開啟root遠端登入許可權
阿新 • • 發佈:2018-12-04
1 簡介
初始安裝完debian 7.7.0時,需要首先配置網路及apt-get源,才能正常使用。
2 debian配置
2.1 debian 7.7.0配置網路及apt-get源
2.1.1 配置網路-靜態IP
修改檔案/etc/network/interfaces
vi /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).
配置完成後檔案資訊為
# The loopback network interface
$ auto lo
$ iface lo inet loopback
# 增加如下選項
$ iface eth0 inet static
$ address 192.168.1.18
$ netmask 255.255.255.0
$ gatway 192.168.1.1
使網路配置生效
[email protected]:~# ifdown eth0
2.1.2 配置網路-DHCP方式(訪問外網)
# 修改檔案/etc/network/interfaces
$ vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
配置完成後檔案資訊為
# The loopback network interface
$ auto lo
$ iface lo inet loopback
# 增加如下選項
$ allow-hotplug eth0
$ iface eth0 inet dhcp使網路配置生效
[email protected]:~# ifdown eth0
[email protected]:~# ifup eth0
2.2 配置apt-get源
2.2.1 預設從cd介質安裝
2.2.2 更改為網路源
[email protected]:~# vi /etc/apt/sources.list
首先遮蔽掉本地源
# 註釋掉原來的apt-get源,這個是載入光碟的源,如果需要載入光碟中的源,而不用網路上的源,請不要註釋
# deb cdrom:[Debian GNU/Linux 7.7.0 _Wheezy_ - Official amd64 DVD Binary-1 2014101
8-13:06]/ wheezy contrib main然後新增列表到sources.list檔案裡
# 設定apt-get源為163映象站的源
$ deb http://mirrors.163.com/debian wheezy main non-free contrib
$ deb-src http://mirrors.163.com/debian wheezy main non-free contrib
#在配置檔案中增加163軟體更新源。
$ deb http://mirrors.163.com/debian wheezy-updates main non-free contrib
$ deb-src http://mirrors.163.com/debian wheezy-updates main non-free contrib
#在配置檔案中增加163安全軟體更新源。
$ deb http://security.debian.org/ wheezy/updates main
$ deb-src http://security.debian.org/ wheezy/updates mainPS: Debian-9.6的配置源方法 Debian-7的版本代號為 wheezy Debain-8的代號為Jessie Debian-9的版本代號為stretch,不同版本,下面的代號改為對應的英文單詞即可,此處使用Debian-9的英文代號 stretch
修改配置檔案/etc/apt/sources.list
修改成163源:
deb http://mirrors.163.com/debian/ stretch main non-free contrib
deb http://mirrors.163.com/debian/ stretch-updates main non-free contrib
deb http://mirrors.163.com/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.163.com/debian/ stretch-backports main non-free contrib
deb http://mirrors.163.com/debian-security/ stretch/updates main non-free contrib
deb-src http://mirrors.163.com/debian-security/ stretch/updates main non-free contrib
修改成清華源:
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-updates main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-backports main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-updates main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-backports main non-free contrib
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security/ stretch/updates main non-free contrib
deb-src https://mirrors.tuna.tsinghua.edu.cn/debian-security/ stretch/updates main non-free contrib
修改成科大源:
deb http://mirrors.ustc.edu.cn/debian/ stretch main non-free contrib
deb http://mirrors.ustc.edu.cn/debian/ stretch-updates main non-free contrib
deb http://mirrors.ustc.edu.cn/debian/ stretch-backports main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch-updates main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian/ stretch-backports main non-free contrib
deb http://mirrors.ustc.edu.cn/debian-security/ stretch/updates main non-free contrib
deb-src http://mirrors.ustc.edu.cn/debian-security/ stretch/updates main non-free contrib
2.3 更新配置
# 更新配置
[email protected]:~# apt-get update
# 測試安裝一個htop元件
[email protected]:~# apt-get install htop
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages: strace ltrace
The following NEW packages will be installed: htop
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 63.7 kB of archives.
After this operation, 209 kB of additional disk space will be used.
Get:1 http://mirrors.163.com/debian/ squeeze/main htop amd64 0.8.3-1 [63.7 kB]
Fetched 63.7 kB in 0s (99.9 kB/s)
Selecting previously unselected package htop.
(Reading database ... 25847 files and directories currently installed.)
Unpacking htop (from .../htop_0.8.3-1_amd64.deb) ...
Processing triggers for man-db ...
Setting up htop (0.8.3-1) ...
# 修改網路源成功!
2.4 更新源後,第一時間安裝vim
# 安裝vim
$ sudo apt-get install vim
2.5 開啟Debian root賬戶遠端ssh登入(預設安裝後無法正常登入)
安裝完成DebianLinux後,預設無法ssh遠端登入的,當你嘗試登入時,會出現下面情況(目錄Debian9/Debian8都是這樣的)
$ ssh [email protected]
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied (publickey,password).
開啟SSH遠端登入,您應當配置ssh server , 使用vim開啟 /etc/ssh/sshd_config ,把PermitRootLogin改為 yes
$ sudo vim /etc/ssh/sshd_config
...
# 進入sshd_config配置檔案,修改PermitRootLogin引數
FROM:
PermitRootLogin without-password
TO:
PermitRootLogin yes改完後重啟ssh server
# /etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.然後在其他機器上,使用ssh命令遠端登入
$ ssh [email protected]
[email protected]'s password: The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux system 下的軟體是免費自由的,各個發行版的版權宣告在/usr/share/doc/*/copyright
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law. 受相應法律許可,Debian GNU/Linux 是沒有授權費用的
另外注意:如果您是在mac電腦上登入,記得ssh前最好加上sudo,不然可能會被本地的許可權給禁止
命令演示:sudo ssh -p 22 [email protected]
MacdeMacBook-Pro:~ mac$ sudo ssh -p 22 [email protected]
Password:
The authenticity of host '192.168.1.91 (192.168.1.91)' can't be established.
ECDSA key fingerprint is SHA256:lSl0n+ChmDz7Ajm+20NU5ZnWFKJfHTl2vwghpenvFu0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.91' (ECDSA) to the list of known hosts.
[email protected]'s password:
Linux debian-stable 4.9.0-8-686-pae #1 SMP Debian 4.9.130-2 (2018-10-27) i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Dec 3 08:08:57 2018
[email protected]:~$
[email protected]:~$
[email protected]:~$
[email protected]:~$
另外附:RedHat系Linux的啟用ssh方法
# 在虛擬機器(Vmware Workstation)下,安裝了CentOS7,現在想通過SSH工具連線虛擬機器中的CentOS7
1、首先,要確保CentOS7安裝了 openssh-server
在終端中輸入
yum list installed | grep openssh-server
此處顯示已經安裝了 openssh-server
如果又沒任何輸出顯示錶示沒有安裝 openssh-server 通過輸入
yum install openssh-server
來進行安裝openssh-server
2、找到了/etc/ssh/ 目錄下的sshd服務配置檔案 sshd_config,用Vim編輯器開啟
將檔案中,關於監聽埠、監聽地址前的 # 號去除
然後開啟允許遠端登入
最後,開啟使用使用者名稱密碼來作為連線驗證
儲存檔案,退出
3、開啟 sshd 服務,輸入
sudo service sshd start
檢查 sshd 服務是否已經開啟,輸入ps -e | grep sshd
或者輸入netstat -an | grep 22 檢查 22 號埠是否開啟監聽
4、在Vmware Workstation中,檢視CentOS7的屬性,發現網路連線方式是採用的 NAT 方式連線的
5、在Vmware Workstation中,點選編輯=》虛擬網路編輯器,進入虛擬網路編輯器,檢視發現 NAT 模式的連線採用的網路介面卡名稱為VMnet8
6、在 windows 主機中,在命令列中輸入ipconfig 檢視主機IP,找到 VMnet8 的連線資訊,此處 ip 為192.168.30.1
7、在CentOS中,輸入ifconfig檢視網路連線地址,發現CentOS的網路地址為192.168.112.128
8、在CentOS中,輸入ping 192.168.30.1 測試是否能連通主機,發現可以連通
9、在主機中,輸入 ping 192.168.112.128,測試主機是否能連通CentOS,發現連不通
如果可以連得通,可以直接跳至第12 步
10、在主機,開啟網路配置,選擇網路介面卡 VMnet8 的 TCP/IPv4 的屬性,進行一下網路配置
要求子網掩碼、預設閘道器均和CentOS一致,並將IP地址修改為 192.168.112.1,即保證主機的 IP 和 CentOS 的 IP 在同一網路區段中
11、再在主機中,輸入 ping 192.168.112.128,已經可以連線得通了
12、在SSH工具(此處使用的XShell)中,新建連線,輸入 CentOS 的 IP 地址、使用者名稱、密碼即可連線成功
13、為了免去每次開啟 CentOS 時,都要手動開啟 sshd 服務,可以將 sshd 服務新增至自啟動列表中,輸入systemctl enable sshd.service
可以通過輸入systemctl list-unit-files | grep sshd,檢視是否開啟了sshd 服務自啟動另附:啟用公鑰免密登入
1.通過yum刪除現有的openssh-server,然後重新安裝openssh-server
#yum -y remove openssh-server
#yum -y install openssh-server
2.設定金鑰
#
#sshd-keygen
3.修改sshd_config配置檔案中的PubkeyAuthentication選項,設定該選項值為yes
PubkeyAuthentication yes
4.啟動sshd
#/usr/sbin/sshdpwd
5.通過其他伺服器連線該container
[[email protected] ~]# ssh 10.10.200.4
[email protected]'s password:
[email protected]:Miazzy/Demo.git
模型分析
假設 A (192.168.20.59)為客戶機器,B(192.168.20.60)為目標機;
要達到的目的:
A機器ssh登入B機器無需輸入密碼;
加密方式選 rsa|dsa均可以,預設dsa
ssh-keygen -t rsa #使用rsa加密tho
二、具體操作流程
單向登陸的操作過程(能滿足上邊的目的):
1、登入A機器
2、ssh-keygen -t [rsa|dsa],將會生成金鑰檔案和私鑰檔案 id_rsa,id_rsa.pub或id_dsa,id_dsa.pub
3、將 .pub 檔案複製到B機器的 .ssh 目錄, 並 cat id_dsa.pub >> ~/.ssh/authorized_keys
4、大功告成,從A機器登入B機器的目標賬戶,不再需要密碼了;(直接執行 #ssh 192.168.20.60 )
vim
雙向登陸的操作過程:
1、ssh-keygen做密碼驗證可以使在向對方機器上ssh ,scp不用使用密碼.具體方法如下:
2、兩個節點都執行操作:#ssh-keygen -t rsa
然後全部回車,採用預設值.
3、這樣生成了一對金鑰,存放在使用者目錄的~/.ssh下。
將公鑰考到對方機器的使用者目錄下 ,並將其複製到~/.ssh/authorized_keys中(操作命令:#cat id_dsa.pub >> ~/.ssh/authorized_keys )。
4、設定檔案和目錄許可權:
設定authorized_keys許可權
$ chmod 600 authorized_keys
設定.ssh目錄許可權
$ chmod 700 -R .ssh
5、要保證.ssh和authorized_keys都只有使用者自己有寫許可權。否則驗證無效。
中文轉載來源:http://blog.csdn.net/jesseyoung/article/details/41387393
配置轉載來源:https://blog.csdn.net/krupzone/article/details/78957013
免密登入轉載來源:https://blog.csdn.net/wh_19910525/article/details/7433164