Linux Advanced op koriyuki xxx,pssh tools use

Source: Internet
Author: User
Tags sha1 pscp

Build * * * Virtual line:

GRE ××× 只支持linux   内核内置的功能  内核也是模块化设计的 PPTP ×××    通信不加密  被发现了容易被加防火墙L2TP+IPSEC ×××  通信加密  专有通道走公网ip的线路 再在这个线路上开一个私有的线路192。。***linux系统天生就是路由器!! echo "1" > /proc/sys/net/ipv4/ip_forward 打开路由功能

GREXXX:
Enable kernel module Ip_gre
Create a virtual XXX tunnel (10.10.10.0/24)
Achieve point-to-point tunnel communication between two hosts

    使用lsmod查看当前计算机已经加载的模块    使用modprobe加载Linux内核模块    使用modinfo可以查看内核模块的信息    modprobe ip_gre         并没有开机自动加载    lsmod |grep -i gre          modinfo ip_gre    filename:   /lib/modules/3.10.0-693.el7.x86_64/kernel/net/ipv4/ip_gre.ko.xz            存在这个路径下。    tunnel 隧道   remote远程的       peer同等的人

Step:
modprobe ip_gre enable GRE module
IP tunnel add tun0 mode GRE remote 201.1.2.10 local 201.1.2.5 create tunnel
IP link show tu N0
IP Link set tun0 up enable the tunnel
IP addr Add 10.10.10.5/24 peer 10.10.10.10/24 Dev tun0 Configure tunnel IP address
//Set local IP address for tunnel Tun0 (10 .10.10.10.10/24)
//Tunnel IP for host IP 10.10.10.5/24
IP a s tun0
turn on route forwarding, off SELinux, firewall
echo "1" >/proc/sys/ Net/ipv4/ip_forward
Setenforce 0
Firewall-cmd--set-default-zone=trusted
[[email protected] ~] The other one has to build a tunnel, repeat the above operation IP to reverse the
Verify:
Ping 10.10.10.5 ping each other

PPTP * * *: Communication not encrypted
Create a tunnel connection that supports authentication using the PPTP protocol
Using MPPE to encrypt data
Assigning a 192.168.3.0/24 address pool to clients
The client connects to the user named Jacob, with a password of 123456
Steps:
Yum-y Install PPTPD//installing PPTP software
Rpm-qi pptpd
RPM-QC pptpd
Modify configuration file: three X
Vim/etc/pptpd.conf
Localip 201.1.2.5//server local IP
REMOTEIP 192.168.3.1-50//remote IP assigned to
Vim/etc/ppp/options.pptpd
require-mppe-128//Encrypt data with MPPE
Ms-dns 8.8.8.8//dns Server
Vim/etc/ppp/chap-secrets//Modify account Profile
Jacob 123456
User Name server tag password client
echo "1" >/proc/sys/net/ipv4/ip_forward//Turn on route forwarding
Firewall-cmd--set-default-zone=trusted
Systemctl Start pptpd
Systemctl Enable PPTPD
XXX Settings//enable Snat forwarding
Iptables-t nat-a postrouting-s 192.168.3.0/24 \

-j SNAT--to-source 201.1.2.5
Client settings:
Start a Windows virtual machine, bridge the virtual machine NIC to Public2, and configure the IP address to 201.1.2.20
Create a new network connection, enter the XXX server account and password, connect XXX and test network connectivity

L2TP+IPSECXXX:
Create a tunnel connection that supports authentication and encryption using the L2TP protocol
Encrypting data by Using IPSec
Assigning a 192.168.3.0/24 address pool to clients
The user name of the client connection is: Jacob, Password: 123456
Pre-shared key is: Randpass
Steps:
Deploying IPSec Services
Yum-y Install Libreswan
RPM-QC Libreswan
Cat/etc/ipsec.conf
include/etc/ipsec.d/. conf//Load all configuration files in this directory
VIRTUAL_PRIVATE=%V4:10.0.0.0/8,%V4:192.168.0.0/16,%V4:172.16.0.0/12,
%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
New IPSec key authentication configuration file
Vim/etc/ipsec.d/myipsec.conf
Create this file, refer to Lnmp_soft/***/myipsec.conf
Conn Idc-psk-nat
RIGHTSUBNET=VHOST:%PRIV//Allow established XXX virtual network
Also=idc-psk-nonat
Conn Idc-psk-nonat
Authby=secret//encryption Authentication
ike=3des-sha1;modp1024//algorithm
phase2alg=aes256-sha1;modp2048//algorithm
Pfs=no
Auto=add
Keyingtries=3
Rekey=no
ikelifetime=8h
Keylife=3h
Type=transport
LEFT=201.1.2.200//important, server native IP for external network
leftprotoport=17/1701
Right=%any//Allow any client connection
Rightprotoport=17/%any
Cat/etc/ipsec.secrets//View only, do not modify the file
Include/etc/ipsec.d/
. Secrets
To create a predefined shared key for IPSec
Vim/etc/ipsec.d/mypass.secrets
201.1.2.200%ANY:PSK 123456
(PSK P Share key pre-shared key)//201.1.2.200 is the IP of the XXX server
Start the IPSec service
Systemctl start IPSec
Ss-natulp | grep Pluto View 4500 500 ports
Deploying XL2TP Services
Yum Localinstall xl2tpd-1.3.8-2.el7.x86_64.rpm
RPM-QC xl2tpd
vim/etc/xl2tpd/xl2tpd.conf//Modify master configuration file
[Global]
.. ..
[LNS Default]
.. ..
IP range = 192.168.3.128-192.168.3.254//IP pool assigned to client
Local IP = 201.1.2.200//xxx server IP Address

vim /etc/ppp/options.xl2tpd  //认证配置require-mschap-v2                                         //添加一行,强制要求认证#crtscts                                                //注释或删除该行#lock                                                //注释或删除该行  新版本必须要注释掉vim /etc/ppp/chap-secrets    //修改密码文件jacob   *       123456  *  启动服务systemctl start xl2tpdss -natulp | grep xl2tpd        *:1701端口设置路由转发,防火墙echo "1" > /proc/sys/net/ipv4/ip_forwardfirewall-cmd --set-default-zone=trusted ×××设置iptables -t nat -A POSTROUTING -s 192.168.3.0/24     >  -j SNAT --to-source 201.1.2.200

Client settings

启动一台Windows虚拟机,将虚拟机网卡桥接到public2,配置IP地址为201.1.2.20。新建网络连接,输入×××服务器账户与密码 连接×××并测试网络连通性

NTP Time Synchronization Service:
Some software depends on time to work, so it takes time to synchronize

  yum-y Install CHRONYRPM-QC chronyvim/etc/chrony.conf server 0.centos.pool.ntp.org iburst//server    The user client points to the upper NTP server Iburst start service immediately after synchronization time allow 192.168.4.0/24//permit that IP or network access to NTP #deny 192.168.4.1//deny that IP or network access NTP local stratum 10//Set the number of layers for the NTP server Volume  

PSSH Remote Kit Tool
Use password bulk, multiple concurrent remote other hosts
Use key bulk, multiple concurrent remote other hosts
Bulk, multiple concurrent copying of data to other hosts
Bulk, multiple concurrent downloads of data from other hosts to the native
Processes that kill other hosts in bulk, multiple concurrent
After installing PSSH, the following command is provided:
/usr/bin/pnuke
/usr/bin/prsync
/usr/bin/pscp.pssh
/usr/bin/pslurp
/usr/bin/pssh
RPM-IVH pssh-2.3.1-5.el7.noarch.rpm
Vim/etc/hosts
... ...
192.168.2.100 host1
192.168.2.200 Host2
192.168.4.100 Host3
Vim/root/host.txt//One user name, IP, or domain name per line
... ...br/>[email protected]

Host3
Man Pssh//The Role of tool options through the man Help view
PSSH provides concurrent remote connection capability
-A remote other host with a password (key is used by default)
-I displays the output on the screen
-H set the host that needs to be connected
-H Setting up the host list file
-P Set Concurrent quantity
-T set timeout time
-o dir set standard output information to save directory
-e dir setting error output information saved directory
-X passing parameters to SSH
Use password remote multiple hosts to execute commands, screen display standard and error output information
Pssh-i-a-h ' host1 host2 host3 ' \

-X '-O stricthostkeychecking=no ' echo Hello
Use password remote multiple host to execute command, do not display standard and error output information, read host information by reading Host.txt
Pssh-a-H host.txt \
-X '-O stricthostkeychecking=no ' echo Hello
Use key bulk, multiple concurrent remote other hosts
Ssh-keygen-n '-f/root/.ssh/id_rsa
Ssh-copy-id-i/root/.ssh/id_rsa.pub host1
Ssh-copy-id-i/root/.ssh/id_rsa.pub Host2
Ssh-copy-id-i/root/.ssh/id_rsa.pub Host3
Use a key to remote other hosts
Pssh-h host.txt-x '-o stricthostkeychecking=no ' echo Hello
First time remote must be added-X '-O stricthostkeychecking=no '
Use a key to remote other hosts, write standard output information to the/tmp directory
Pssh-h host.txt-o/tmp/-X '-O stricthostkeychecking=no ' echo Hello
Bulk, multiple concurrent copying of data to other hosts
Man Pscp.pssh//The Role of tool options through the man Help view
PSCP.PSSH provides concurrent copy file functionality
-R Recursive Copy directory
Other options are basically consistent with PSSH
Copy the local etc.tar.gz to the root directory of the remote host
Pscp.pssh-h host.txt \
-X '-o stricthostkeychecking=no ' etc.tar.gz/
Recursively copy the local/etc directory to the/tmp directory of the remote host
Pslurp-r-H host.txt-x '-o stricthostkeychecking=no '/etc/hosts haha will not be automatically overwritten!
Bake each other's/etc/hosts directory to their current directory host1 host2 host3 directory named haha
Pslurp-r-H Host.txt/opt/xixi//Copy directory Easy bugs can only copy small files

Processes that kill other hosts in bulk, multiple concurrent

man pnuke                    //通过man帮助查看工具选项的作用    pnuke提供远程杀死进程的功能    选项与pssh基本一致将远程主机上的sleep进程杀死pnuke  -h host.txt -x ‘-o StrictHostKeyChecking=no‘ sleep将远程主机上的test相关脚本都杀死(如:test1,testtt,test2等等)pnuke  -h host.txt -x ‘-o StrictHostKeyChecking=no‘ test将远程主机上的test.sh脚本杀死pnuke  -h host.txt -x ‘-o StrictHostKeyChecking=no‘ test.sh

Linux Advanced op koriyuki xxx,pssh tools use

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.