1.配置桥接并验证
[root@bogon ~]# nmcli c add type bridge con-name br1 ifname br1_dev ipv4.addresses 192.168.127.170/24 ipv4.gateway 192.168.127.2 ipv4.dns 114.114.114.114 ipv4.method manual
[root@bogon ~]# nmcli c add type bridge-slave con-name br1-port1 ifname ens160 master br1
[root@bogon ~]# nmcli c add type bridge-slave con-name br1-port2 ifname ens224 master br1
[root@localhost ~]# nmcli c up br1-port1
[root@localhost ~]# nmcli c up br1-port2
2.配置team多网卡绑定验证
[root@bogon ~]# nmcli c add type team con-name team0 ifname team0 config '{"runner": {"name":"activebackup","hwaddr_policy":"by_active"}}' ipv4.addresses 192.168.127.160/24 ipv4.gateway 192.168.127.2 ipv4.dns 8.8.8.8 ipv4.method manual
[root@bogon ~]# nmcli c add type team-slave con-name team0-port1 ifname ens160 master team0
[root@bogon ~]# nmcli c add type team-slave con-name team0-port2 ifname ens224 master team0
[root@bogon ~]# nmcli c up team0-port1
[root@bogon ~]# nmcli c up team0-port2
[root@bogon ~]# teamdctl team0 stat
setup:
runner: activebackup
ports:
ens160
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
ens224
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: ens160
[root@bogon ~]# nmcli d disconnect ens160
[root@bogon ~]# teamdctl team0 stat
setup:
runner: activebackup
ports:
ens224
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: ens224
[root@bogon ~]# nmcli d connect ens160
[root@bogon ~]# teamdctl team0 stat
setup:
runner: activebackup
ports:
ens160
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
ens224
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
active port: ens224
3.配置ssh免密登录(基于公钥的认证)
1).客户端生成公钥和私钥
[root@kehuduan ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PkHJQC+0Ef56v3OFaY/ZtLnWn30ptVsFDcF+7MBl3Bg root@kehuduan
The key's randomart image is:
+---[RSA 3072]----+
| .*. .E=.|
| o * . oo=|
| + = o.+.|
| + +.o|
| S o +.|
| o . + o.o|
| . + . B.++|
| . o. +.*o*|
| o+ .o+*|
+----[SHA256]-----+
2).将客户端的公钥放在服务端的文件中
[root@kehuduan ~]# ssh-copy-id 192.168.127.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.127.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.127.131'"
and check to make sure that only the key(s) you wanted were added.
[root@fuwuduan ~]# cd .ssh/
[root@fuwuduan .ssh]# ls
authorized_keys
3).验证操作:可以不输入密码登录
[root@kehuduan ~]# ssh root@192.168.127.131
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Sat May 7 17:24:14 2022
[root@fuwuduan ~]#
4.什么是对称加密,什么是非对称加密,以及对称加密和非对称加密存在的问题?
对称加密:使用同一个秘钥进行加密和解密
特点:速度快,效率高
问题:安全性低
非对称加密:使用不同的秘钥进行加密或解密,即使用一个密钥对数据进行加密,使用另一个密钥对数据进行解密,这两个密钥之间是有联系的
问题:客户端如何确保自己请求的就是服务器或者说,现在客户端请求之后拿到的公钥就是服务器提供的公钥,而不是黑客提供的
