Configure the logon server for Centos7

Configure the logon server for Centos7
Overview

This document describes how to use Centos7 as the login server configuration.

During the automated O & M process, if you use Ansible to manage Servers Based on SSH, you can deploy Ansible on the login server. to log on to the server, you must use the SSH key to log on to the managed server.

Configuration process

1. Use the root user to create a new useropsAnd set the password

# useradd ops# passwd ops

2. Configure The sudo permission and set the ops user to use sudo without a password.

# visudo

Addops ALL=(ALL) ALL

## Allow root to run any commands anywhereroot    ALL=(ALL)       ALLops     ALL=(ALL)     NOPASSWD:ALL

3. Generate the ops user's key

# su ops$ ssh-keygen -t dsa

• The key location is/home/ops/.ssh/
• When generating a key, enter the private key password (passphrase)

For security reasons, we do not recommend that you do not set a private key password when generating a private key. After the private key password is generated, you must enter the private key password each time you use the private key.

4. Create a user on the managed Server

Create an ops user in the managed server and set the password

useradd opspasswd ops

Configure sudo

# visudo

Addops ALL=(ALL) ALL

## Allow root to run any commands anywhereroot    ALL=(ALL)       ALLops     ALL=(ALL)     NOPASSWD:ALL

5. Upload the Public Key

Log on to the server and copy the public key of the ops user to the managed server. Replace the following IP addresses with your managed Server IP address.

ssh-copy-id -i /home/ops/.ssh/id_dsa.pub ops@192.168.1.200

At this point, you can use the secret key to log on to the managed server. However, it is not convenient to enter the private key password for each login, configure the keychain to cache the private key password.

6 keychain Configuration

Install the keychain on the server. Use the extended yum source in Centos7.

rpm -Uvh http://packages.psychotic.ninja/7/base/x86_64/RPMS/psychotic-release-1.0.0-1.el7.psychotic.noarch.rpm

Install keychain

yum --enablerepo=psychotic install keychain

Edit/home/ops/.bash_profile, Add the following content

/usr/bin/keychain ~/.ssh/id_dsa source ~/.keychain/$HOSTNAME-sh > /dev/null

After each restart of the login server, when the ops user logs on to the server for the first time, the system will prompt the output of the private key password. Then, the private key password will be cached when logging on to the server, when using the private key later, you do not need to enter the private key password.