当前位置: 首页 > news >正文

Linux 环境下 NTP 时间同步与 SSH 免密登录实战

news 2025/7/19 14:01:31

一.配置ntp时间服务器,确保客户端主机能和服务主机同步时间

1:服务器端配置(IP:192.168.31.131)

(1)编辑/etc/chrony.conf,配置上游时间源(此处选用阿里云 NTP 服务器),并允许目标客户端网段接入:

[root@master ~]# vim /etc/chrony.conf#在其中复制阿里的时间服务器配置(设置allow参数允许客户端同步时间),如下:
server ntp.aliyun.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
logchange 0.5
logdir /var/log/chrony关键配置内容(添加 / 修改):
allow 192.168.31.132/24

(2)重启服务使配置生效,并通过timedatectl确认时间同步状态:

[root@master ~]# systemctl restart chronyd
[root@master ~]# timedatectlLocal time: 五 2025-07-18 16:54:38 CSTUniversal time: 五 2025-07-18 08:54:38 UTCRTC time: 四 2025-07-17 03:52:02Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yesNTP service: activeRTC in local TZ: no

2.客户端配置(IP:192.168.31.132)

(1)配置客户端主机chrony配置文件

编辑/etc/chrony.conf,将时间源指向自建 NTP 服务器 IP:

[root@node1 ~]# vim /etc/chrony.conf ## 将默认的pool.ntp.org替换为服务器IP
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
server 192.168.31.131  iburst

(2)重启chrony服务,并且查看是否同步

重启服务后,通过chronyc sources -v查看与服务器的同步状态:

[root@node1 ~]# systemctl restart chronyd
[root@node1 ~]# chronyc sources -v.-- Source mode  '^' = server, '=' = peer, '#' = local clock./ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| /             'x' = may be in error, '~' = too variable, '?' = unusable.
||                                                 .- xxxx [ yyyy ] +/- zzzz
||      Reachability register (octal) -.           |  xxxx = adjusted offset,
||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
||                                \     |          |  zzzz = estimated error.
||                                 |    |           \
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 192.168.31.131                3   6     7     9    +15ms[-92521s] +/-   60ms

输出中若出现^* 192.168.31.131*表示当前最优同步源),说明客户端已成功从服务器同步时间。

以下是代码实现具体:

二.配置ssh免密登陆,能够实现客户端主机通过服务器端的redhat账户进行基于公钥验证方式的远程连接

1. 服务器端准备(IP:192.168.31.131)

新建 redhat 账户(可根据需求自定义),并设置密码(后续仅首次验证时需输入):


[root@master ~]# useradd redhat  #创建账户
[root@master ~]# passwd redhat   #设置密码
更改用户 redhat 的密码 。
新的密码: 
无效的密码: 密码少于 8 个字符
重新输入新的密码: 
passwd:所有的身份验证令牌已经成功更新。

2. 客户端配置(IP:192.168.31.132)

(1)生成 RSA 密钥对

使用ssh-keygen生成公私钥对(默认保存路径为/root/.ssh/,文件名分别为id_rsa(私钥)和id_rsa.pub(公钥)):

[root@node1 ~]# ssh-keygen -t rsa    ###第一步:定位客户端,制作公私钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RDUDUu8Z67w2xyKPJfv3oDcnD2MX5rJ5Ii4jQU5GkvM root@node1
The key's randomart image is:
+---[RSA 3072]----+
|     ...+o+      |
|    + .o . o     |
|     =  . o      |
|      E. . +     |
|     =  S +   o  |
|      o  o   o . |
|       .. +.* o  |
|      . +==+OOo  |
|       .oO*BoOo  |
+----[SHA256]-----+

(2)上传公钥至服务器端 redhat 账户

使用ssh-copy-id工具将客户端公钥传输到服务器端 redhat 账户的~/.ssh/authorized_keys文件(该文件用于存储信任的客户端公钥):

[root@node1 ~]# ssh-copy-id redhat@192.168.31.131     ###第二步:定位客户端,将公钥上传到服务器端
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysAuthorized users only. All activities may be monitored and reported.
redhat@192.168.31.131's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'redhat@192.168.31.131'"
and check to make sure that only the key(s) you wanted were added.

(3)验证免密登录

客户端尝试登录服务器端 redhat 账户,若无需输入密码直接进入交互界面,说明配置成功:

[root@node1 ~]# ssh redhat@192.168.31.131   ####第三步:客户端测试Authorized users only. All activities may be monitored and reported.Authorized users only. All activities may be monitored and reported.Welcome to 5.10.0-216.0.0.115.oe2203sp4.x86_64System information as of time: 	2025年 07月 18日 星期五 17:08:23 CSTSystem load: 	0.01
Memory used: 	5.4%
Swap used: 	0%
Usage On: 	8%
IP address: 	192.168.31.134
Users online: 	3
To run a command as administrator(user "root"),use "sudo <command>".
[redhat@master ~]$

以下是具体实现代码:

http://www.lryc.cn/news/592749.html

相关文章:

  • 函数返回值问题,以及返回值的使用问题(c/c++)
  • RWA是什么意思?
  • 李天意考研数学精讲课学习笔记(课堂版)
  • elementui-admin构建
  • MBIST - Memory BIST会对memory进行清零吗?
  • PHP 8.0 升级到 PHP 8.1
  • 机器学习17-Mamba
  • 2025年UDP应用抗洪指南:从T级清洗到AI免疫,实战防御UDP洪水攻击
  • 从0开始学习R语言--Day50--ROC曲线
  • C语言—如何生成随机数+原理详细分析
  • 系统IO对于目录的操作
  • 服务器内存满了怎么清理缓存?
  • 多线程-4-线程池
  • 从零构建监控系统:先“完美设计”还是先“敏捷迭代”?
  • 内存数据库的持久化与恢复策略:数据安全性与重启速度的平衡点
  • 数据结构-3(双向链表、循环链表、栈、队列)
  • SGLang 推理框架核心组件解析:请求、内存与缓存的协同工作
  • 【PTA数据结构 | C语言版】左堆的合并操作
  • LS-DYNA分析任务耗时长,如何避免资源浪费与排队?
  • Machine Learning HW2 report:语音辨识(Hongyi Lee)
  • Glary Utilities(系统优化工具) v6.20.0.24 专业便携版
  • 【Python】一些PEP提案(三):with 语句、yield from、虚拟环境
  • [FDBUS4.2] watcher的使用
  • 利用五边形几何关系计算cos36°及推导黄金比例
  • 50天50个小项目 (Vue3 + Tailwindcss V4) ✨ | NotesApp(便签笔记组件)
  • 深入理解 Spring:事务管理与事件机制全解析
  • 如何将本地Git仓库推送到远程仓库的一个文件中并保留Commit记录
  • 借助AI学习开源代码git0.7之三git-init-db
  • RoboBrain 2.0(具身智能论文阅读)
  • Deep Multi-scale Convolutional Neural Network for Dynamic Scene Deblurring 论文阅读