Linux Operations Phase III (i) network configuration and remote management

Linux operation and Maintenance Phase III (i) network configuration and remote management

First, network configuration

1,#hostname (host name View

#hostname FQDN (temporarily modifying host name

#vi/etc/sysconfig/network

Networking=yes ( host name configuration with IPV4

Hostname=fqdn (change host name, restart effective

2.#ifconfig (view IP address

#ifconfig Network Interface IP address netmask subnet mask (temporarily modify IP

#ifconfig Network interface : Virtual connection number IP address netmask Subnet Mask (temporarily modify virtual interface IP

#vi/etc/sysconfig/network-scripts/ifcft-eth0

Device=eth0

Onboot=yes

Bootproto=static/dhcp

Ipaddr=ip Address

netmask= Subnet Mask

Type=ethernet

Nm_controler=yes/no (#serviceNetworkManager stop, add a virtual interface if there is a problem when shutting down this service)

#service Network Restart (after you modify the configuration file, you need to restart the service or system for it to take effect

#ifdown eth0

#ifup eth0

3,#route -N (view gateway, routing information

#route add default GW IP address (temporarily modify the Defaults gateway

#route add-net Target network segment / subnet mask GW IP address (the default route for temporarily adding a network segment

#vi/etc/sysconfig/network-scripts/ifcfg-eth0

Gateway=ip Address (add gateway, restart Service is in effect

4,#vi/etc/sysconfig/network-scripts/ifcfg-eth0

Add: dns1=

dns2= (Configure DNS, restart service is in effect

#vi/etc/resolv.conf

add:nameserver DNS server IP

#nslookup Domain name (only DNS related records can be resolved ,/etc/hosts not valid

5,#vi/etc/hosts

Add: IP Address domain name (local resolution, immediately after adding, no need to restart

Note:the hosts file and DNS Server comparison: The default system First looks up a parse record from the hosts file;hosts file is only valid for the current host;hosts files can be reduced DNS query process, which speeds up access.

6,#netstat-anpt|-anpu

-A (Show all port information

-N (digital display, such as:0.0.0.0

-P (show PID

-T (displays information about TCP ports

-U (displays information about UDP ports

7.#traceroute (trace route, test to target host and how many network devices

8,#ping-C 3-i 0.2-w 3 IP address (connectivity test

-C (specified number of times

-I (specify the interval between pings, in seconds

-W (Specify Wait Time

9,#arp-a|-D| -S (Address Resolution Protocol that resolves IP addresses to MAC addresses

-A (View all

-dip address (delete an arp record

-sip Address MAC address (bind IP address

#nmap-st network segment / subnet mask (Network port scan

Second, remote management:

1. Service Name:ssh; Port number:

server-side configuration file:/etc/ssh/sshd_config

Client configuration file:/etc/ssh/ssh_config (client default, no change required

2. Common Configuration items:

Port (port number

ListenAddress (only listen for ssh online from an IP , if not set then all interfaces will accept ssh online

Permitrootlogin (whether root is allowed to telnet

Permitemptypasswords (whether to allow blank password logon

Maxauthtries (maximum number of logins

Logingracetime (Login freeze Time

Passwordauthentication (User password authentication method, check whether the user name password matches

Pubkeyauthentication (authentication method of the key pair, check whether the public key of the client's private key server matches

Allowuser (allow individual rejection of all

Denyuser (Deny individual permission to all

3. Function module:

#ssh-P Port Server user name @ server address (remote connection

#scp-P Port Local path Server user name @ server address :/ Server valid path (remote upload

#scp-P Port Server user name @ server address :/ File Store path local path (remote download

#sftp-oport= Port Server user name @ server address

Sftp>put file name (upload

Sftp>get file name (Download

4. Key Pair Verification: ( Note: Client user clients , server -side user servers)

$SSH-keygen-t RSA (client clients generate key pair

$SCP/home/client/.ssh/id_rsa.pub [Email protected]:/tmp/ (client uploads the public key file to the server

#mkdir/home/server/.ssh (server-side created with root. SSH directory

#cat/tmp/id_rsa.pub >>/home/server/.ssh/authorized_keys (the server uses root to import files into the. SSH directory file authorized_keys

#vi/etc/ssh/sshd_config (Turn on server-side key pair authentication, turn off password verification

Passwordautentication No

Pubkeyauthentication Yes

Authorizedkeysfile. Ssh/authorized_keys

#service sshd Restart

$ssh [email protected] (client trial login, if not prompted to enter the user name password to verify success

7. Tcapwrappers

configuration files:/etc/hosts.allow,/etc/hosts.deny

Policy format: Service list: Client address List

policy wording: The list of services and the list of client addresses are separated by commas, and the network segment representation method:192.168.1. or 192.168.1.0/255.255.255.0; Domain name representation method:. baidu.com or *.baidu.com

application rules: When not configured, the default is all access, modify the immediate effect without restarting, first view Hosts.allow and then view the Hosts.deny, the match is stopped, and the configuration denies the individual allow all The Hosts.allow file does not have to add any content.

From Brother Lian Training

This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1654826

Linux Operations Phase III (i) network configuration and remote management