linux基础:2、网络配置和用使用putty连接
一、网络配置
1、查看网络配置
命令:ifconfig
========================================================================= [root@san01 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:F4:A4:5A inet addr:192.168.0.41 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fef4:a45a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:690437 errors:0 dropped:0 overruns:0 frame:0 TX packets:8209 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:65851958 (62.8 MiB) TX bytes:1041079 (1016.6 KiB) Interrupt:19 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:32 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2688 (2.6 KiB) TX bytes:2688 (2.6 KiB) ==========================================================================
#linux下的网卡名称命名规则是,eth0、eth1...
#lo网卡的功能是在计算机内部进行信息交换
2、DHCP自动获取ip地址
命令:dhclient
#当我们刚刚安装完系统,如果未在安装过程中配置网络,你就会发现eth0网卡是未启动的,这个时候我们就用得到dhclient来获取ip了
#使用此命令的前提是网卡配置文件中BOOTPROTO设置为dhcp
================================================================= [root@san01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 HWADDR=00:0C:29:F4:A4:5A TYPE=Ethernet UUID=ab0c175d-2938-423b-9546-eab0303a12f5 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=dhcp =================================================================
3、设置静态IP
================================================================== #配置文件 [root@san01 ~]# ls /etc/sysconfig/network-scripts/ifcfg* /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-lo #可以看到eth0和lo的配置文件,下面我们来配置eth0 [root@san01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 #修改eth0的配置文件 DEVICE=eth0 HWADDR=00:0C:29:F4:A4:5A TYPE=Ethernet UUID=ab0c175d-2938-423b-9546-eab0303a12f5 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static #这里设置为static IPADDR=192.168.0.41 #配置IP地址 GATEWAY=192.168.0.1 #配置网关 NETMASK=255.255.255.0 #配置子网掩码 DNS1=192.168.0.1 #配置DNS [root@san01 ~]# service network restart #重启网络服务,让我们再次查看网络信息看看 [root@san01 ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:F4:A4:5A inet addr:192.168.0.41 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fef4:a45a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49787 errors:0 dropped:0 overruns:0 frame:0 TX packets:5770 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:10866317 (10.3 MiB) TX bytes:538852 (526.2 KiB) Interrupt:19 Base address:0x2000 #ip地址已经变为192.168.0.41了 =================================================================
4、配置多个IP
================================================================= [root@san01 ~]# cd /etc/sysconfig/network-scripts/ [root@san01 network-scripts]# cp ifcfg-eth0 ifcfg-eth0:1 [root@san01 network-scripts]# vi ifcfg-eth0:1 DEVICE=eth0:1 HWADDR=00:0C:29:F4:A4:5A TYPE=Ethernet UUID=ab0c175d-2938-423b-9546-eab0303a12f5 ONBOOT=yes NM_CONTROLLED=yes BOOTPROTO=static IPADDR=192.168.0.42 #配置IP地址为192.168.0.42 GATEWAY=192.168.0.1 NETMASK=255.255.255.0 DNS1=192.168.0.1 [root@san01 network-scripts]# service network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: Determining if ip address 192.168.0.41 is already i n use for device eth0... [ OK ] #让我们查看一下ip地址(用ip addr) [root@san01 network-scripts]# ip addr | grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 inet 192.168.0.41/24 brd 192.168.0.255 scope global eth0 inet 192.168.0.42/24 brd 192.168.0.255 scope global secondary eth0 [root@san01 ~]# ifconfig |grep -A1 eth0 #查看eth0网卡 eth0 Link encap:Ethernet HWaddr 00:0C:29:F4:A4:5A inet addr:192.168.0.41 Bcast:192.168.0.255 Mask:255.255.255.0 -- eth0:1 Link encap:Ethernet HWaddr 00:0C:29:F4:A4:5A inet addr:192.168.0.42 Bcast:192.168.0.255 Mask:255.255.255.0 #可以看到两个ip地址哦,让我们ping一下测试新ip是否通畅 [root@san01 network-scripts]# ping -c 5 192.168.0.42 PING 192.168.0.42 (192.168.0.42) 56(84) bytes of data. 64 bytes from 192.168.0.42: icmp_seq=1 ttl=64 time=0.075 ms 64 bytes from 192.168.0.42: icmp_seq=2 ttl=64 time=0.042 ms 64 bytes from 192.168.0.42: icmp_seq=3 ttl=64 time=0.042 ms 64 bytes from 192.168.0.42: icmp_seq=4 ttl=64 time=0.043 ms 64 bytes from 192.168.0.42: icmp_seq=5 ttl=64 time=0.044 ms --- 192.168.0.42 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4050ms rtt min/avg/max/mdev = 0.042/0.049/0.075/0.013 ms ===================================================================
#上面介绍的修改配置文件的方式可以使配置永久生效
#当然你也可以用一种临时增加ip的方法:"ifconfig eth0:1 192.168.0.42 netmask 255.255.255.0 up"
二、用putty连接Centos
1、putty简介
putty是一款windows下的,体积小巧、方便快捷的ssh连接linux服务器的远程连接软件
官方网站:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
2、putty的安装与常规连接
安装:putty的安装十分简单,仅需默认选项及下一步就好;
前提条件:1、需要centos服务器的ip地址;2、需要sshd服务开启,并知道此服务的端口;
======================================================================== #利用ifconfig来查看IP地址 [root@san01 ~]# ifconfig eth0 |grep "inet addr" inet addr:192.168.0.41 Bcast:192.168.0.255 Mask:255.255.255.0 #查看sshd服务的端口,是打开sshd的配置文件,路径为"/etc/ssh/sshd_config" [root@san01 ~]# cat /etc/ssh/sshd_config |grep Port #Port 22 #GatewayPorts no ========================================================================
打开putty客户端,把获得的ip和port输入,然后点击open就可以正常连接了
#sshd的默认port就是22,当然,这也是非法者非常喜欢攻击的一个端口,为了安全,可以改掉为其他
#使用上面的基本设置就能保证你正常使用putty去访问Centos了,但如果你希望用putty远程连接Centos更安全的话,你可以使用以下设置,来增强安全性。
3、密钥登录Centos
#先用putty远程连接上Centos;
#用putty自带软件PUTTYGEN.exe生成密钥(生成过程需晃动鼠标),把私钥存到本地,复制公钥内容
鼠标晃动过程中进度条会走到100%
#复制公钥内容
#点击save private key保存私钥到本地
#当然,如果你希望更加安全的话,你可以在key passphrase处设置私钥访问密码
#linux上创建/root/.ssh目录,更改权限700
==================================================== [root@san01 ~]# mkdir /root/.ssh [root@san01 ~]# chmod 700 /root/.ssh [root@san01 ~]# ll -d /root/.ssh drwx------. 2 root root 4096 Feb 14 04:42 /root/.ssh #权限为700意味着只有root用户本身可以访问和修改此目录 ====================================================
#把公钥内容粘贴入 /root/.ssh/authorized_keys,需要将此文件更改权限为600
====================================================================================== [root@san01 ~]# cd /root/.ssh [root@san01 .ssh]# vi authorized_keys **************************************************** #按下i键进入编辑模式 #putty中鼠标右键就是粘帖的意思,点击鼠标右键把公钥内容粘贴到此文件中 ssh-rsa AAAAB3NzaC1yc2E*****JQAAAQEAjS4qJvAk3GQl6uz/jptMMqMMCRkG02+DfqToY+5slEw2yW0LZZkVMC+BV4cbOV3WCSYWu0SPum+vA6ARDtx3MZbuhp3pvuEKO2TmX3Nap9Bvlh/TeBkDNBi+GAy7sK5c67q0dZUE7yNDz/LSY17EJW4pCz1Xs4W+wjNcP3S7opu7cJwgDl1ta+oCkTD/ToIPwFG6m7HVuZY4zR82ZQutB/3Df4HL3VpAAUrfWOxhqeH0YnGOaohxpcYVgIJIJbO+********/sbCVne7lqkwfPJzSDQwW8S5IjhjKHaAXhnTxFbSW4v9Td8G4wKC8Bwj7UBcZD19wNGFYgTBiQ== rsa-key-20150213 #按下ESC键,离开编辑模式 #输入:wq然后按下enter键,":"意思是可以输入命令;"w"意思是write;"q"意思是quit。 **************************************************** [root@san01 .ssh]# chmod 600 authorized_keys #权限600对于普通文件来说意味着,此文件只可被root读写 ======================================================================================
#(此步骤并不是必须的)关闭selinux
===================================================== [root@san01 .ssh]# setenforce 0 [root@san01 .ssh]# getenforce Permissive =====================================================
#设置PuTTY客户端(此时需关闭当前的连接)
#点左侧SSH,选择 Auth 再点右侧的"Browse"选择刚才我们保存到本地的私钥
#最后记得去session处保存一下,不然这样的过程下次登录后还是需要再来一次选择私钥的过程。
#登陆时如果你设置了密码保护私钥的话,需要输入此密码
至此,我们已经成功设置密钥登录完毕
本文出自 “三零妖人” 博客,请务必保留此出处http://301ren.blog.51cto.com/8887653/1614384
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。