搭建nfs服务器

在服务端中安装nfs，并启动

[root@liu ~]# yum -y install nfs-utils
Last metadata expiration check: 0:13:16 ago on Thu 22 Dec 2022 07:16:32 PM CST.
Dependencies resolved.
=====================================================================================================================
 Package                           Architecture           Version                         Repository            Size
===================================================================================================================
... 
Complete!

创建共享目录和文件

[root@liu ~]# mkdir -p /nfs/shared
[root@liu ~]# mkdir -p /nfs/upload
[root@liu ~]# cd /nfs/
[root@liu nfs]# ls
shared  upload
[root@liu nfs]# 
[root@liu shared]# touch read.txt
[root@liu shared]# echo 'Can only see' >> read.txt
[root@liu shared]# cat read.txt 
Can only see

关闭防火墙

[root@liu shared]# systemctl stop firewalld
[root@liu shared]# setenforce 0

配置nfs共享设置为只读，非root用户访问为匿名

[root@liu shared]# vi /etc/exports
[root@liu shared]# cat /etc/exports
/nfs/shared *(ro,all_squash)
[root@liu shared]# 

启动nfs服务和rpcbind

[root@liu shared]# systemctl start nfs-server rpcbind
[root@liu shared]# ss -antl
State        Recv-Q       Send-Q             Local Address:Port                Peer Address:Port       Process       
LISTEN       0            64                       0.0.0.0:2049                     0.0.0.0:*                        
LISTEN       0            128                      0.0.0.0:111                      0.0.0.0:*                        
LISTEN       0            128                      0.0.0.0:20048                    0.0.0.0:*                        
LISTEN       0            128                      0.0.0.0:22                       0.0.0.0:*                        
LISTEN       0            128                      0.0.0.0:58775                    0.0.0.0:*                        
LISTEN       0            64                       0.0.0.0:36477                    0.0.0.0:*                        
LISTEN       0            64                          [::]:2049                        [::]:*                        
LISTEN       0            128                         [::]:40449                       [::]:*                        
LISTEN       0            128                         [::]:111                         [::]:*                        
LISTEN       0            128                         [::]:20048                       [::]:*                        
LISTEN       0            64                          [::]:44977                       [::]:*                        
LISTEN       0            128                         [::]:22                          [::]:*                        
[root@liu shared]# 

挂载

[root@liu ~]# mount -t nfs 192.168.29.128:/nfs/shared /opt 
[root@liu ~]# df -h|grep nfs 
192.168.29.128:/nfs/shared     17G  1.8G   16G  11% /opt 

开放/nfs/upload目录为172.16.12.0/24网段的数据上传目录，并将所有用户及所属的用户组都映射为nfs-upload，其UID与GID均为300

[root@liu ~]# groupadd  -g 300 nfs-upload
[root@liu ~]# useradd -u 300 -g 300 nfs-upload
[root@liu ~]# id nfs-upload
uid=300(nfs-upload) gid=300(nfs-upload) groups=300(nfs-upload)
[root@liu ~]# 

将upload目录更贵属组主为nfs-upload

[root@liu ~]# chown -R 'nfs-upload'.'nfs-upload' /nfs/upload/
[root@liu ~]# chmod g+s /nfs/upload/
[root@liu ~]#

指定所有用户访问都为匿名用户且uid，gid均为300，exportfs重新加载exports文件

[root@liu ~]# vi /etc/exports
[root@liu ~]# cat /etc/exports
/nfs/shared *(ro,all_squash)
/nfs/upload 192.168.29.0/24(rw,all_squash,root_squash,anonuid=300,anongid=300)
[root@liu ~]# exportfs -r

查看导出

[root@liu ~]# showmount -e 192.168.29.128
Export list for 192.168.29.128:
[root@liu ~]# 

创建目录xixi，将nfs 192.168.85.132:/nfs/upload挂载到xixi目录上

[root@liu ~]# mkdir /xixi
[root@liu ~]# mount -t nfs 192.168.29.128:/nfs/upload /xixi/
[root@localhost ~]# df -h|grep nfs
192.168.29.128:/nfs/shared     17G  1.8G   16G  11% /opt
192.168.29.128:/nfs/upload     17G  1.8G   16G  11% /xixi

验证

[root@liu xixi]# touch a
[root@liu xixi]# ll
total 0
-rw-r--r--. 1 300 300 0 Dec 22 19:04 a

[root@liu xixi]# ll /nfs/upload/
total 0
-rw-r--r--. 1 nfs-upload nfs-upload 0 Dec 22 19:04 a

openssh免密登录配置

创建秘钥

#使用 ssh-keygen 创建公钥-私钥对
[root@liuquanyu ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:i5HlNt3h3xfxx9aHcQzw8asRxXpwvVzxFe8hbqv5BPc root@liuquanyu
The key's randomart image is:
+---[RSA 3072]----+
|            ..++=|
|             o.B*|
|        .   .oBoO|
|       + . o.ooX*|
|      o S ..o=ooO|
|       + o  +.=o+|
|      . .    +.Eo|
|            +   .|
|           o..   |
+----[SHA256]-----+
[root@liuquanyu ~]# 

查看私钥和公钥

[root@liuquanyu ~]# ls .ssh/
id_rsa  id_rsa.pub
[root@liuquanyu ~]# 
[root@liuquanyu ~]# ll .ssh/
total 8
-rw------- 1 root root 2602 Dec 22 18:54 id_rsa
-rw-r--r-- 1 root root  568 Dec 22 18:54 id_rsa.pub

将公钥传给对方

[root@liuquanyu ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.29.128 (192.168.29.128)' can't be established.
ECDSA key fingerprint is SHA256:uMJSO1Y7uU6221le2HQsW9zZGIFwK2FN1SR+leQSiqs.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: y
Please type 'yes', 'no' or the fingerprint: yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

开始免密登录

[root@liu ~]# ssh 192.168.29.128
Last login: Thu Dec 22 19:06:50 2022 from 192.168.29.1