Linux operation and Maintenance Phase III (i) network configuration and remote management
First, network configuration
1,#hostname (host name View
#hostname FQDN (temporarily modifying host name
#vi/etc/sysconfig/network
Networking=yes ( host name configuration with IPV4
Hostname=fqdn (change host name, restart effective
2.#ifconfig (view IP address
#ifconfig Network Interface IP address netmask subnet mask (temporarily modify IP
#ifconfig Network interface : Virtual connection number IP address netmask Subnet Mask (temporarily modify virtual interface IP
#vi/etc/sysconfig/network-scripts/ifcft-eth0
Device=eth0
Onboot=yes
Bootproto=static/dhcp
Ipaddr=ip Address
netmask= Subnet Mask
Type=ethernet
Nm_controler=yes/no (#serviceNetworkManager stop, add a virtual interface if there is a problem when shutting down this service)
#service Network Restart (after you modify the configuration file, you need to restart the service or system for it to take effect
#ifdown eth0
#ifup eth0
3,#route -N (view gateway, routing information
#route add default GW IP address (temporarily modify the Defaults gateway
#route add-net Target network segment / subnet mask GW IP address (the default route for temporarily adding a network segment
#vi/etc/sysconfig/network-scripts/ifcfg-eth0
Gateway=ip Address (add gateway, restart Service is in effect
4,#vi/etc/sysconfig/network-scripts/ifcfg-eth0
Add: dns1=
dns2= (Configure DNS, restart service is in effect
#vi/etc/resolv.conf
add:nameserver DNS server IP
#nslookup Domain name (only DNS related records can be resolved ,/etc/hosts not valid
5,#vi/etc/hosts
Add: IP Address domain name (local resolution, immediately after adding, no need to restart
Note:the hosts file and DNS Server comparison: The default system First looks up a parse record from the hosts file;hosts file is only valid for the current host;hosts files can be reduced DNS query process, which speeds up access.
6,#netstat-anpt|-anpu
-A (Show all port information
-N (digital display, such as:0.0.0.0
-P (show PID
-T (displays information about TCP ports
-U (displays information about UDP ports
7.#traceroute (trace route, test to target host and how many network devices
8,#ping-C 3-i 0.2-w 3 IP address (connectivity test
-C (specified number of times
-I (specify the interval between pings, in seconds
-W (Specify Wait Time
9,#arp-a|-D| -S (Address Resolution Protocol that resolves IP addresses to MAC addresses
-A (View all
-dip address (delete an arp record
-sip Address MAC address (bind IP address
#nmap-st network segment / subnet mask (Network port scan
Second, remote management:
1. Service Name:ssh; Port number:
server-side configuration file:/etc/ssh/sshd_config
Client configuration file:/etc/ssh/ssh_config (client default, no change required
2. Common Configuration items:
Port (port number
ListenAddress (only listen for ssh online from an IP , if not set then all interfaces will accept ssh online
Permitrootlogin (whether root is allowed to telnet
Permitemptypasswords (whether to allow blank password logon
Maxauthtries (maximum number of logins
Logingracetime (Login freeze Time
Passwordauthentication (User password authentication method, check whether the user name password matches
Pubkeyauthentication (authentication method of the key pair, check whether the public key of the client's private key server matches
Allowuser (allow individual rejection of all
Denyuser (Deny individual permission to all
3. Function module:
#ssh-P Port Server user name @ server address (remote connection
#scp-P Port Local path Server user name @ server address :/ Server valid path (remote upload
#scp-P Port Server user name @ server address :/ File Store path local path (remote download
#sftp-oport= Port Server user name @ server address
Sftp>put file name (upload
Sftp>get file name (Download
4. Key Pair Verification: ( Note: Client user clients , server -side user servers)
$SSH-keygen-t RSA (client clients generate key pair
$SCP/home/client/.ssh/id_rsa.pub [Email protected]:/tmp/ (client uploads the public key file to the server
#mkdir/home/server/.ssh (server-side created with root. SSH directory
#cat/tmp/id_rsa.pub >>/home/server/.ssh/authorized_keys (the server uses root to import files into the. SSH directory file authorized_keys
#vi/etc/ssh/sshd_config (Turn on server-side key pair authentication, turn off password verification
Passwordautentication No
Pubkeyauthentication Yes
Authorizedkeysfile. Ssh/authorized_keys
#service sshd Restart
$ssh [email protected] (client trial login, if not prompted to enter the user name password to verify success
7. Tcapwrappers
configuration files:/etc/hosts.allow,/etc/hosts.deny
Policy format: Service list: Client address List
policy wording: The list of services and the list of client addresses are separated by commas, and the network segment representation method:192.168.1. or 192.168.1.0/255.255.255.0; Domain name representation method:. baidu.com or *.baidu.com
application rules: When not configured, the default is all access, modify the immediate effect without restarting, first view Hosts.allow and then view the Hosts.deny, the match is stopped, and the configuration denies the individual allow all The Hosts.allow file does not have to add any content.
From Brother Lian Training
This article is from the "Linux Operational Difficulty Learning notes" blog, please be sure to keep this source http://jowin.blog.51cto.com/10090021/1654826
Linux Operations Phase III (i) network configuration and remote management