Catalog

SSH Remote management   

SSH Key mechanism

Scp Remote Replication

Nfs Shared storage services

Nfs To configure

ftp File transfer

ftp working principle

​ edit ftp build

SSH Remote management   

SSH (Secure Shell） It's a secure channel protocol , It is mainly used for remote login of character interface 、 Remote replication and other functions .

SSH The protocol encrypts the data transmission between the two sides , It includes the user password entered when the user logs in . therefore SSt The protocol has good security .

SSH client ------------------------------>SSH The server

            Data transmission is encrypted , Can prevent information leakage

            Data transmission is compressed , Can improve transmission speed

SSH client ：Putty,xshell,CRT

SSH Server side ：openSSH

c/s framework

OpenSSH It's the realization of sSH Open source software agreement for the project , Applicable to all kinds of UNTX、Linux operating system

Centos 7 The system is installed by default openssh Related packages , And sshd The service is added to start in white . perform "systemctl start sshd" Command to start sshd service

sshd The default port number used by the service is 22

sshd The default configuration file for the service is /etc / ssh/ sshd_config

ssh_config and sshd_config All are ssh The configuration file for the server , The difference between the two is that the former is a configuration file for the client , The latter is for the configuration file of the server .

SSH Key mechanism

Symmetric encryption （ Also known as secret key encryption ）

Use the same set of keys to encrypt

Symmetric encryption has high encryption strength , Hard to crack . But in the process of practical application, we have to face a thorny problem ： How to save safely secret key Well ？ Especially considering the huge number of Client End , It is difficult to guarantee that the key will not be leaked . Once a Client The key of the end is stolen , Then the security of the whole system will no longer exist . To solve this problem , Asymmetric encryption came into being . Asymmetric encryption has two keys ：“ Public key ” and “ Private key ”.

Asymmetric encryption （ Also known as public key encryption ）

1. long-range Server received Client End user TopGun Login request for ,Server Send your public key to the user .

2.Client Use this public key , Encrypt password .

3.Client Send the encrypted password to Server End .

4. long-range Server Use your own private key , Decrypt login password , Then verify its legitimacy .

5. If the verification result , to Client Corresponding response .

Push the key to the target user , No password is required for future login

1. Generate the key

ssh-keygen -t rsa

1. Push the key to the target user

Ssh-copy-id [email protected]

Go directly without a password

Use ssh Process remote login , You can specify the port number , By default, it is used by default 22 port

Ssh -p 1234 [email protected]

Scp Remote Replication

Copy the specified contents of the remote host to the local

Scp [email protected]:/etc/passwd /root/passwd1

Seed the specified content of this machine to the remote host

Scp -r /etc/ssh/ [email protected]:/opt

Nfs Shared storage services

NFs It's based on TCP/IP Transport network file system protocol . By using NFs agreement , The client can access the shared resources in the remote server as if it were a local diary .

For most load balanced clusters , Use Nws Protocol to share data storage is a common practice ,Nws It's also NAS A protocol that storage devices must support . But because of NEs There is no user authentication mechanism , And the data is transmitted in plain text over the network , So the security is very poor , Generally, it can only be used in LAN .

NFS The implementation of a service depends on REC (Remote Process Call, Remote procedure call ） Mechanism , Mapping to the local process .

So you need to install nfs-utils、rpcbind Software package to provide NFS Shared services , Former used NFS Share publishing and access , The latter is used RPC Support .

Actually nfs Also, mount the local disk to the client , After that, the client will go to /data_httpd When storing data , No longer go /dev/sdb1 Local disk , But go to /nfs_data Under the table of contents , Implement data sharing

Nfs To configure

1. install nfs-utils,rpcbind software package

Yum install -y nfs-utils rpcbind

1. Set up shared directory

Mkdir -p /opt/wwwroot

Chmod 777 /opt/wwwroot

Vim /etc/exports

/opt./wwwroot 192.168.80.0/24 ( rw, sync,no_root_squash)

The first thing to write is the shared directory

Allow network segments using mount points

In parentheses, it is defined as 1. Permission to use this shared directory 2. Synchronous data 3. Yes root The user will not reduce the weight

/var/ftp/pub 192.168.4.11(ro) 192.168.4.110 (rw)

/share * ( rw, sync)

1. start-up nfs service

Systemctl start rpcbind

Systemctl enable rpcbind

Systemctl start nfs

Systemctl enable rpcbind

1. Showmount -e Query the shared directory published locally

Showmount -e 192.168.239.128

View the shared directories that this machine can use

1. Manually mount the shared directory. This operation is operated in another machine

Create a directory on another machine

Mkdir /data

Mount 192.168.239.128:/opt/wwwroot /data

1. Permanently mount

Vim /etc/fstab

1. To verify

stay /data Create a file in the directory

Touch 1.txt

Echo “123123” >>1.txt

Switch to nfs Server

ftp File transfer

       FTP （File TransferProtocol, File transfer protocol ） Is a typical c/s Application layer protocol of architecture , The server software is required 、 The two parts of the client software jointly realize the file transfer function

FTP The connection between the client and the server is reliable , Connection oriented , It provides reliable guarantee for data transmission .tcp agreement :20,2.1 port

FTP It's a file transfer protocol , It supports two modes , One way is called standard( That is to say Active, Active way ), One is Passive( That is to say PASV, Passive way ).Standard Pattern FTP The client sends PORT Order to FTP server.Passive Pattern FTP The client sends PASV Order to FTP server

standard Pattern

FTP The client first communicates with FTP Server Of TCP

21 Port establish connection , Send commands through this channel , When the client needs to receive data, it will send it on this channel PORT command .

PORT The command contains what port the client uses to receive data . When transmitting data , Server side through their own TCP 20 Port send data .FTPserver A new connection must be established with the client to transmit data .

Passive Pattern

When establishing the control connection and inversion Standard Similar model , When the client sends through this channel pASV When ordered ,FTPserver Open a window located in 1024 and 5000 And notify the client of the request to transmit data on this port , then FTP server Data will be transmitted through this port , This is the time FTP server There is no longer a need to establish a new connection with the client .

ftp working principle

ftp build

1. Install the software

Yum install -y vsftpd

The main configuration file

/etc/vsftpd/vsftpd.conf   //ftp The main profile of the server

/etc/pam.d/vsftpd

/etc/vsftpd/ftpusers  // No login user list , Default root Unable to land

/etc/vsftpd/user list

/var/ftp

/var/ftp/pub

1. Set anonymous user access to ftp Service maximum permission

Vim /etc/vsftpd/vsftpd.conf

anonymous_enakle=YES# Enable anonymous user access . The default is on （FTP)

write_enable=YES # Open server write permissions ( To upload , Must be turned on ). The default is on anon_umask=022# Set the permission mask for anonymous users to upload data ( Unmask ).

anon_upload_enable-YES # Allow anonymous users . Upload files . Default annotated , Need to uncomment

anon_mkdir_write_enable=YES# Allow anonymous users to create ( Upload ) daily record of events . Default annotated , Need to uncomment anon_other_write_enable=YES # Allow others to delete 、 rename 、 Covering and other operations . Need to add

chmod 7T7 /var/ftp/pub/# Access is anonymous ftp Under the root directory of pub Set the maximum permissions for subdirectories , For anonymous users . Upload data

1. Add permissions

Chmod 777 /var/ftp/pub

1. Turn off firewall , Turn on ftp service

Systemctl stop firewalld

Systemctl start vsftpd

1. open windows Of cmd

ftp 192.168.239.128

The user is ftp

The password is empty.

Set Wendi user authentication access ftp, And switching to ftp Other directories

1. Modify the configuration file

Vim /etc/vsftpd/vsftpd.conf

local_enable=Yes# Enable local users

anonymous_enable=No# Turn off anonymous user access

write enable=YES# Open server write permissions （ To upload , Must be turned on )

local_umask=077# It can be set that only the host user has the permission to upload the file ( Unmask )

chroot_local_user=YES# Lock access to the user's Host Directory 102 That's ok

allow_writeable_chroot=YES# Allow restricted user home directory to have write permission

#anon_mkdir_write_enable-YEs notes

#anon_other_write_enable=YES notes

local_root=/var/www/lnj

Systemctl restart vsftpd

Continue to use windows Sign in