Difference between revisions of "IT-OS-Admin-Linux"
Jump to navigation
Jump to search
Samerhijazi (talk | contribs) (→SSH) |
Samerhijazi (talk | contribs) (→SSH) |
||
| Line 9: | Line 9: | ||
.. | .. | ||
# Key-Typs: RSA algorithm and DSA algorithm. | # Key-Typs: RSA algorithm and DSA algorithm. | ||
| − | $HOME/.ssh/id_rsa | + | $HOME/.ssh/id_rsa # The file contains the RSA private key. |
| − | $HOME/.ssh/id_rsa.pub | + | $HOME/.ssh/id_rsa.pub # The file contains the RSA public key. |
| − | $HOME/.ssh/authorized_keys | + | $HOME/.ssh/authorized_keys # The file contains the keys that can be used for logging into system. |
.. | .. | ||
sudo nano /etc/ssh/ssh_config | sudo nano /etc/ssh/ssh_config | ||
| Line 19: | Line 19: | ||
PubkeyAuthentication yes | PubkeyAuthentication yes | ||
AuthorizedKeysFile %h/.ssh/authorized_keys | AuthorizedKeysFile %h/.ssh/authorized_keys | ||
| − | PasswordAuthentication no | + | PasswordAuthentication no # Yes: Can login with Password; No: Can’t login with Password |
------------------------------ | ------------------------------ | ||
/etc/init.d/ssh restart | /etc/init.d/ssh restart | ||
Revision as of 21:21, 20 August 2019
Contents
Kostenlose Kurse
SSH
sudo dnf install openssh-client sudo dnf install openssh-server sudo systemctl restart sshd.service sudo systemctl enable sshd.service .. # Key-Typs: RSA algorithm and DSA algorithm. $HOME/.ssh/id_rsa # The file contains the RSA private key. $HOME/.ssh/id_rsa.pub # The file contains the RSA public key. $HOME/.ssh/authorized_keys # The file contains the keys that can be used for logging into system. .. sudo nano /etc/ssh/ssh_config sudo nano /etc/ssh/sshd_config ------------------------------ RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys PasswordAuthentication no # Yes: Can login with Password; No: Can’t login with Password ------------------------------ /etc/init.d/ssh restart .. ssh-keygen -t rsa -b 4096 -C "samerhijazi@hotmail.com" # Generate prv and pub Key ssh-copy-id –i id_rsa.pub user@hostname # Copy Pub-Key to server ssh –i id_rsa user@hotname # Login server with prv-key ..or cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" ssh user@hostname "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys"
Setting Firewall
Service
$ sudo systemctl disable firewalld $ sudo systemctl stop firewalld $ sudo systemctl disable NetworkManager $ sudo systemctl stop NetworkManager $ sudo systemctl enable network $ sudo systemctl start network
Zone
sudo firewall-cmd --get-zones sudo firewall-cmd --get-active-zones sudo firewall-cmd --get-default-zone sudo firewall-cmd --get-services sudo firewall-cmd --list-all sudo firewall-cmd --list-ports
Zone-home
sudo firewall-cmd --zone=home --list-all sudo firewall-cmd --zone=home --list-ports sudo firewall-cmd --zone=home --list-services
Setting
sudo firewall-cmd --set-default-zone=home sudo firewall-cmd --zone=home --change-interface=eth0 sudo firewall-cmd --zone=home --add-service=http sudo firewall-cmd --zone=home --add-port=80/tcp --permanent
New Zone "boxblue"
sudo firewall-cmd --permanent --new-zone=boxblue sudo firewall-cmd --permanent --zone=boxblue --add-service=ssh sudo firewall-cmd --permanent --zone=boxblue --add-service=http sudo firewall-cmd --permanent --zone=boxblue --add-service=https sudo firewall-cmd --permanent --zone=boxblue --add-port=80/tcp sudo firewall-cmd --permanent --zone=boxblue --add-port=22/tcp sudo firewall-cmd --permanent --zone=boxblue --change-interface=wlp0s19f2u1 sudo firewall-cmd --permanent --set-default-zone=boxblue
Update
sudo firewall-cmd --reload sudo systemctl restart network sudo systemctl reload firewalld
