标签:YL 管理 openssh 192.168 ssh key 日志 root id
目录日志管理
调试级别系统
[root@YL ~]# dmesg |tail -3
[ 10.982033] vmxnet3 0000:0b:00.0 eth1: NIC Link is Up 10000 Mbps
[ 456.837356] ISO 9660 Extensions: Microsoft Joliet Level 3
[ 456.843736] ISO 9660 Extensions: RRIP_1991A
系统标准错误日志信息;非内核产生的引导信息;各子系统产生的信息
[root@YL ~]# cat /var/log/messages |tail -5
Jul 19 13:45:08 YL systemd[1]: man-db-cache-update.service: Succeeded.
Jul 19 13:45:08 YL systemd[1]: Started man-db-cache-update.service.
Jul 19 13:45:08 YL systemd[1]: run-rd0b2ca889a964e6d9677ccc622702a3a.service: Succeeded.
Jul 19 13:49:01 YL systemd[1]: Started Session 4 of user root.
Jul 19 13:49:01 YL systemd[1]: session-4.scope: Succeeded.
与安全相关的日志信息
[root@YL ~]# cat /var/log/secure |tail -3
Jul 19 13:53:32 YL sshd[2271]: Accepted password for root from 192.168.124.1 port 64605 ssh2
Jul 19 13:53:32 YL systemd[2276]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 19 13:53:32 YL sshd[2271]: pam_unix(sshd:session): session opened for user root by (uid=0)
facility可以理解为日志的来源或设备,目前常用的facility有以下几种:
|auth #认证相关的
authpriv #权限、授权相关的
cron #任务计划相关的
daemon #守护进程相关的
kern #内核相关的
lpr #打印机关的
mail #邮件相关的
mark #标记相关的
news #新闻相关的
security #安全相关的,与auth类似
syslog #syslog自己的
user #用户相关的
uucp #unix to unix cp相关的
local0到local7 #用户自定义使用
* # *表示所有的facility
priority(log level)日志的级别,一般有以下几种级别(从低到高),级别越低,信息越详细:
debug #程序或系统的调试信息
info #一般信息
notice #不影响正常功能,需要注意的消息
warning/warn #可能影响系统功能,需要提醒用户的重要事件
err/error #错误信息
crit #紧急,比较严重的
alert #必须马上处理的
emerg/panic #会导致系统不可用的
* # 表示所有的日志级别
none #跟相反,表示啥也没有
action(动作)日志记录的位置:
系统上的绝对路径 #普通文件,如:/var/log/xxx
| COMMAND #管道,通过管道送给其他的命令处理
终端 #终端,如:/dev/console
@HOST #远程主机(远程主机必须要监听在tcp或udp协议514端口上提供服务),如:@10.0.0.1
用户 #系统用户,如:root
* #登录到系统上的所有用户,一般emerg级别的日志是这样定义的
事件产生的日期时间 主机 进程(pid): 事件内容
将授权的所有一般信息,都放入到/root/opt/lt这个目录下
authpriv.info /root/opt/lt
邮箱的一般信息都放入到192.168.124.128这个主机上
mail.info @192.168.124.128
[root@YL ~]# cat /var/log/messages |tail -1
Jul 19 15:07:25 YL rsyslogd[2563]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8 try https://www.rsyslog.com/e/0 ] //七月十九日启动的这个时间 在YL这个主机下 进程为2563 事件内容imjournal: journal files changed,
配置rsyslog服务器:
编辑配置文件(/etc/rsyslog.conf),将下列内容前面的注释去掉,然后重启rsyslog服务即可:
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
Provides TCP syslog reception
for parameters see http://www.rsyslog.com/doc/imtcp.html
module(load="imtcp") # needs to be done just once
input(type="imtcp" port="514")
[root@YL ~]# systemctl restart rsyslog.service
lastlog命令:显示当前系统每一个用户最近一次的登录时间
[root@YL ~]# lastlog
Username Port From Latest
root pts/0 192.168.124.1 Tue Jul 19 13:53:32 +0800 2022
bin **Never logged in**
daemon **Never logged in**
服务端免密登录
使用ssh-keygen创建公私密钥
[root@YL ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OmsmuAnIvCshMrBpFUzMjqRFYPWdUck8IWLm0eE9Bv4 root@YL
The key's randomart image is:
+---[RSA 3072]----+
|.+Bo =.==oo |
|...== *.*= |
|o.o .o = +. |
|o. o o . |
|.o. SE |
|@. . |
|*= . o |
|..o.. oo |
|.o+. +. |
+----[SHA256]-----+
将公钥复制给远程主机
[root@YL ~]# ssh-copy-id root@192.168.124.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.124.129's password:
Permission denied, please try again.
root@192.168.124.129's password:
Number of key(s) added: 1
进行免密登录
[root@YL network-scripts]# ssh root@192.168.124.129
Last login: Tue Jul 19 18:45:20 2022 from 192.168.124.129
[root@liu ~]#
客户端免密登录
使用ssh-keygen创建公私密钥
[root@liu ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ThGdiS+5IzUyCSLdybVBFhOU+7ixe+7ZeEfC95pcUA8 root@liu
The key's randomart image is:
+---[RSA 3072]----+
| . o =X+.o o |
|. o =..+..+ |
| . . ..o.o E |
| = =.. . o |
| *S= . .|
| +o+ o o. |
| =.. + .. |
| o .+...o. |
| .==...+. |
+----[SHA256]-----+
将公钥复制到远程主机上
[root@liu ~]# ssh-copy-id root@192.168.124.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.124.12's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.124.12'"
and check to make sure that only the key(s) you wanted were added.
进行免密登录
[root@liu ~]# ssh root@192.168.124.12
Last login: Tue Jul 19 18:48:46 2022 from 192.168.124.128
[root@YL ~]#
远程传输文件
使用 ssh 命令无命令登录远程主机
将1这个文件传输到另外一个主机,然后删掉他,通过ssh将他从另外一个主机下载回来
[root@YL ~]# scp 1 root@192.168.124.12:/opt
root@192.168.124.12's password:
1 100% 0 0.0KB/s 00:00
[root@YL ~]# ls
1 anaconda-ks.cfg passwd
[root@YL ~]# rm -rf 1
[root@YL ~]# scp root@192.168.124.12:/opt/1 .
root@192.168.124.12's password:
Permission denied, please try again.
root@192.168.124.12's password:
1 100% 0 0.0KB/s 00:00
[root@YL ~]# ls
1 anaconda-ks.cfg passwd
标签:YL,管理,openssh,192.168,ssh,key,日志,root,id 来源: https://www.cnblogs.com/TQingS/p/16495350.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。