Linux基础命令（四）

news2026/4/8 8:47:32

Linux基础命令四1. 秘钥登录Linux设备间登录1.1 环境准备克隆2台虚拟设备【server1、server2】# 新增2台设备的基本信息server1 ip10.1.8.21/24 hostname: server1.harvy.iCloud server2 ip:10.1.8.22/24 hostname: server2.harvy.iCloud配置服务器 - 修改网络配置【以server1为例】# 设置hostname[rootserver1 ~ 09:31:13]# hostnamectl set-hostname server1.harvy.iCloud# 设置ip地址[rootserver1 ~ 09:31:13]# cd /etc/sysconfig/network-scripts/[rootserver1 network-scripts 09:24:52]# vim ifcfg-ens33# 修改IP地址为 10.1.8.11IPADDR10.1.8.11# 重新加载配置文件[rootserver1 network-scripts 09:24:52]# nmcli connection reload# 激活配置[rootserver1 network-scripts 09:24:52]# nmcli connection up ens33# 修改hosts配置[rootserver1 ~ 09:49:22]# vim /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6# 最后追加解析记录10.1.8.21 server1.harvy.iCloud server110.1.8.22 server2.harvy.iCloud server2#ping server2 测试hosts配置效果[rootserver1 ~ 09:47:30]# ping server2PING server2.harvy.iCloud(10.1.8.22)56(84)bytes of data.64bytes from server2.harvy.iCloud(10.1.8.22):icmp_seq1ttl64time0.845ms64bytes from server2.harvy.iCloud(10.1.8.22):icmp_seq2ttl64time6.70ms1.2 配置过程配置server1秘钥登录server2[rootserver1 ~10:01:12]# ssh-keygenGenerating public/private rsa key pair. Enterfileinwhichto save the key(/root/.ssh/id_rsa): Created directory/root/.ssh.Enter passphrase(emptyforno passphrase): Enter same passphrase again: Your identification has been savedin/root/.ssh/id_rsa. Your public key has been savedin/root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:EBTcgjW7Nak3gf/VT5PYM0eOXBjZwgZoWxPvGtMyl0E rootserver1.harvy.icloud The keys randomart image is: ---[RSA 2048]---- | *o .oEo | | . o..o ooo.| | .. o o.o| | * o. oB.| | o S *.O*| | . o . B o| | . . .| | | | | ----[SHA256]----- # 将秘钥转发给server2服务器 [rootserver1 ~ 10:06:59]# ssh-copy-id harvyserver2 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub The authenticity of host server2(10.1.8.22) cant be established. ECDSA key fingerprint is SHA256:/19YcQjixIz/nHvrkswn5fVTQo/qlbsC8TdZEFQ128. ECDSA key fingerprint is MD5:31:7c:9e:87:6d:fd:b8:98:39:5a:44:e7:9e:79:9b:a8. Are you sure you want tocontinueconnecting(yes/no)?yes/usr/bin/ssh-copy-id: INFO: attempting to loginwith the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO:1key(s)remain to be installed --ifyou are prompted now it is toinstallthe new keys harvyserver2s password: Permission denied, please try again. harvyserver2s password: Number of key(s)added:1Now try logging into the machine, with:ssh harvyserver2and check tomakesure that only the key(s)you wanted were added.# 免密登录执行命令验证[rootserver1 ~10:08:46]# ssh harvyserver2 hostnameserver2.harvy.icloud免密互登效果2. 时间设置2.1 DATE命令[rootserver1 ~10:16:06]# dateTue Apr710:33:59 CST2026# 查看LANG变量值[rootserver1 ~10:34:03]# echo $LANGen_US.UTF-8# 设置LANG变量值[rootserver1 ~10:37:45]# LANGzh_CN.UTF-8# 验证date命令效果[rootserver1 ~10:38:28]# date2026年 04月 07日星期二10:38:37 CST# 格式化时间命令[rootserver1 ~10:38:37]# date -s Tue Apr 7 10:28:27 CST 20262026年 04月 07日星期二10:28:27 CST2.2 设置东八区的时间[rootserver1 ~10:28:27]# tzselectPlease identify a location so thattimezone rules can besetcorrectly. Pleaseselecta continent or ocean.1)Africa2)Americas3)Antarctica4)Arctic Ocean5)Asia6)Atlantic Ocean7)Australia8)Europe9)Indian Ocean10)Pacific Ocean11)none - I want to specify thetimezone using the Posix TZ format.#? 5Pleaseselecta country.1)Afghanistan18)Israel35)Palestine2)Armenia19)Japan36)Philippines3)Azerbaijan20)Jordan37)Qatar4)Bahrain21)Kazakhstan38)Russia5)Bangladesh22)Korea(North)39)Saudi Arabia6)Bhutan23)Korea(South)40)Singapore7)Brunei24)Kuwait41)Sri Lanka8)Cambodia25)Kyrgyzstan42)Syria9)China26)Laos43)Taiwan10)Cyprus27)Lebanon44)Tajikistan11)East Timor28)Macau45)Thailand12)Georgia29)Malaysia46)Turkmenistan13)Hong Kong30)Mongolia47)United Arab Emirates14)India31)Myanmar(Burma)48)Uzbekistan15)Indonesia32)Nepal49)Vietnam16)Iran33)Oman50)Yemen17)Iraq34)Pakistan#? 9Pleaseselectone of the followingtimezone regions.1)Beijing Time2)Xinjiang Time#? 1The following information has been given: China Beijing Time ThereforeTZAsia/Shanghaiwill be used. Localtimeis now: Tue Apr710:31:42 CST2026. Universal Time is now: Tue Apr702:31:42 UTC2026. Is the above information OK?1)Yes2)No#? 1You canmakethis change permanentforyourself by appending the lineTZAsia/Shanghai;exportTZ to thefile.profileinyour home directory;thenlog out and loginagain. Here is that TZ value again, thistimeon standard output so that you can use the /usr/bin/tzselectcommandinshell scripts: Asia/Shanghai[rootserver1 ~10:31:45]# date2026年 04月 07日星期二10:31:47 CST2.3 自动对时# 安装chrony自动对时工具[rootserver1 ~10:34:21]# yum install chrony -y已加载插件fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com......略作为依赖被安装: libseccomp.x86_640:2.3.1-4.el7 完毕# 修改chrony的配置文件添加aliyun的时间服务器[rootserver1 ~10:36:21]# vim /etc/chrony.conf# 启动chrony服务[rootserver1 ~10:42:07]# systemctl start chronyd# 时间同步有延时[rootserver1 ~10:42:25]# date2026年 04月 07日星期二10:42:28 CST# 时间完成同步[rootserver1 ~10:42:28]# date2026年 04月 07日星期二10:54:07 CST[rootserver1 ~10:54:25]# chronyc sources -v210Number of sources1.-- Source mode^server,peer,#localclock. / .- Source state*current synced,combined ,-not combined,|/?unreachable,xtimemay beinerror,~timetoo variable.||.- xxxx[yyyy]/- zzzz||Reachability register(octal)-.|xxxxadjusted offset,||Log2(Polling interval)--.||yyyymeasured offset,||\||zzzzestimated error.||||\MS Name/IP address Stratum Poll Reach LastRx Last sample^*203.107.6.8826173915ms[22ms]/- 79ms3. 网络管理3.1 网络查看ip命令[rootserver1 ~10:58:27]# ip -br alo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP10.1.8.21/24 fe80::20c:29ff:fe83:b423/64# -br -brief 简介模式# 查看特定网卡IP地址[rootserver1 ~11:21:56]# ip -br a show ens33ens33 UP10.1.8.21/24 fe80::20c:29ff:fe83:b423/64# 查看MAC地址[rootserver1 ~11:23:06]# ip -br linklo UNKNOWN 00:00:00:00:00:00LOOPBACK,UP,LOWER_UPens33 UP 00:0c:29:83:b4:23BROADCAST,MULTICAST,UP,LOWER_UP# 查看网关rootserver1 ~11:23:49]# ip routedefault via10.1.8.2 dev ens33 proto static metric10010.1.8.0/24 dev ens33 proto kernel scopelinksrc10.1.8.21 metric100# default 开头的条目是网关# 查看 DNS[rootserver1 ~11:23:55]# cat /etc/resolv.conf# Generated by NetworkManagersearch harvy.icloud nameserver223.5.5.5 nameserver223.6.6.63.2 网络配置nmcli 命令# 通过配置文件修改网络配置[rootserver1 ~11:25:09]# vim /etc/sysconfig/network-scripts/ifcfg-ens33# ifcfg-ens33配置内容不用修改TYPEEthernetPROXY_METHODnoneBROWSER_ONLYnoBOOTPROTOnoneDEFROUTEyesIPV4_FAILURE_FATALnoIPV6INITnoIPV6_AUTOCONFyesIPV6_DEFROUTEyesIPV6_FAILURE_FATALnoIPV6_ADDR_GEN_MODEstable-privacyNAMEens33UUID6097beaa-8776-400d-b1d2-5c5649547947DEVICEens33ONBOOTyesIPADDR10.1.8.21PREFIX24GATEWAY10.1.8.2DNS1223.5.5.5DNS2223.6.6.6# 修改完成后需要重新加载和激活配置文件[rootserver1 ~11:27:58]# nmcli connection reload[rootserver1 ~11:28:14]# nmcli connection up ens33连接已成功激活D-Bus 活动路径/org/freedesktop/NetworkManager/ActiveConnection/3通过命令行修改网络配置device设备、网卡connection连接、网卡配置device和connection之间的关系是网络设备需要一个网络配置同一时刻一个device只能激活一个网络配置3.3 管理设备# 查看设备清单[rootserver1 ~11:28:28]# nmcli deviceDEVICE TYPE STATE CONNECTION ens33 ethernet 已连接 ens33 lo loopback 未托管 --# 断开网络连接[rootserver1 ~11:33:05]# nmcli device disconnect ens33# 重新连接网络[rootserver1 ~11:33:05]# nmcli device connect ens33# 查看网卡的详细配置[rootserver1 ~11:31:52]# nmcli device show ens33GENERAL.DEVICE: ens33 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:83:B4:23 GENERAL.MTU:1500GENERAL.STATE:100已连接 GENERAL.CONNECTION: ens33 GENERAL.CON-PATH:/org/freedesktop/NetworkManager/Active WIRED-PROPERTIES.CARRIER: 开 IP4.ADDRESS[1]:10.1.8.21/24 IP4.GATEWAY:10.1.8.2 IP4.ROUTE[1]: dst10.1.8.0/24, nh0.0.0.0, mtIP4.ROUTE[2]: dst0.0.0.0/0, nh10.1.8.2, mt1IP4.DNS[1]:223.5.5.5 IP4.DNS[2]:223.6.6.6 IP6.ADDRESS[1]: fe80::20c:29ff:fe83:b423/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dstff00::/8, nh::, mt256, tab IP6.ROUTE[2]: dstfe80::/64, nh::, mt2563.4 命令对照特性ip命令nmcli命令持久性临时修改重启失效永久配置写入文件复杂度简单直接功能丰富复杂配置方式直接内核操作抽象连接管理配置文件不生成配置文件生成/etc/sysconfig/network-scripts/适用场景临时调试、脚本、紧急修复系统配置、桌面环境、服务器管理依赖服务无需服务需要NetworkManager服务3.5 命令补充接口管理# 查看所有网络接口iplinkshowip-slinkshow# 带统计信息ip-clinkshow# 彩色输出# 启用/禁用接口iplinksetens33 upiplinksetens33 down# 重命名接口iplinksetens33 name ens333# 设置MTU# 用于进行大文件吞吐配置要求上下游链路上都要统一配置没有特殊的场景要求不可以单节点配置会断网iplinksetens33 mtu9000路由管理# 查看路由表iproute showiproute list# 添加默认网关iprouteadddefault via192.168.1.1 dev ens33# 添加静态路由iprouteadd10.0.0.0/24 via192.168.1.1# 删除路由iproute del defaultiproute del10.0.0.0/24# 查看特定路由iproute get8.8.8.8ARP/邻居表# 查看ARP缓存ipneighbor showipneigh[rootserver1 ~11:45:46]# ip neigh10.1.8.2 dev ens33 lladdr 00:50:56:f0:f1:5f STALE10.1.8.1 dev ens33 lladdr 00:50:56:c0:00:08 DELAY# 添加静态ARP条目ipneighadd192.168.1.1 lladdr 00:11:22:33:44:55 dev ens33# 删除ARP条目ipneigh del192.168.1.1 dev eth0连接管理# 查看所有连接配置nmcli connection show nmcli con show--active# 仅活动连接# 激活/停用连接nmcli connection upWired connection 1nmcli connection downWired connection 1# 创建连接# DHCP连接nmcli conaddtypeethernet ifname eth0 con-nameMy-Ethernet# 静态IP连接nmcli conaddtypeethernet ifname eth0 con-nameStatic-IP\ip4192.168.1.100/24 gw4192.168.1.1\ipv4.dns8.8.8.8 8.8.4.4# Wi-Fi连接nmcli conaddtypewifi ifname wlan0 con-nameMy-WiFi\ssidNetwork-SSIDwifi-sec.key-mgmt wpa-psk\wifi-sec.pskpassword修改连接配置# 修改IP地址nmcli con modStatic-IPipv4.addresses192.168.1.200/24nmcli con modStatic-IPipv4.gateway192.168.1.1# 修改DNSnmcli con modStatic-IPipv4.dns1.1.1.1 8.8.8.8# 添加额外DNSnmcli con modStatic-IPipv4.dns9.9.9.9# 修改连接方法nmcli con modStatic-IPipv4.method manual# 静态nmcli con modStatic-IPipv4.method auto# DHCP# 设置MTUnmcli con modStatic-IP802-3-ethernet.mtu9000实用技巧别名简化aliasipsip -c addr showaliasnmsnmcli device status脚本中使用# 检测接口是否存在ifiplinkshow ens33/dev/null21;thenechoeth0 existsfi# 等待NetworkManager就绪while!nmcli networking connectivity check;dosleep1doneJSON输出nmcli 1.30nmcli-t-fname,device,state con show--formatjson备份/恢复配置# 备份nmcli con shownetwork-backup.txt# 恢复需要重新创建连接

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.coloradmin.cn/o/2495450.html

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈，一经查实，立即删除！