openssh和nfs搭建

openssh免密登录

创建公钥

 [root@mashuangle ~]# ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/root/.ssh/id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /root/.ssh/id_rsa.
 Your public key has been saved in /root/.ssh/id_rsa.pub.
 The key fingerprint is:
 SHA256:edHQvFtTiOS/VFcE3y3/t+cdpTjhXG5kUVMqbCs+/d8 root@mashuangle
 The key's randomart image is:
 +---[RSA 3072]----+
 |          .+...=*|
 |           =+ .+*|
 |          . *.+.*|
 |         . o.+o=.|
 |        S o oo*.o|
 |         o =.O oo|
 |          o * =.o|
 |           . +  B|
 |              .+E|
 +----[SHA256]-----+

查看私钥和公钥

 [root@mashuangle ~]# ls .ssh/
 id_rsa  id_rsa.pub  known_hosts
 [root@mashuangle ~]# ll .ssh/
 total 12
 -rw-------. 1 root root 2602 Dec 22 22:36 id_rsa
 -rw-r--r--. 1 root root  569 Dec 22 22:36 id_rsa.pub
 -rw-r--r--. 1 root root  176 Dec 22 22:31 known_hosts

将公钥传给对方

 [root@mashuangle ~]# ssh-copy-id [email protected]
 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
 [email protected]'s password: 
 Permission denied, please try again.
 [email protected]'s password: 
 ​
 Number of key(s) added: 1
 ​
 Now try logging into the machine, with:   "ssh '[email protected]'"
 and check to make sure that only the key(s) you wanted were added.

查看公钥

 [root@msl ~]# ll .ssh/
 total 4
 -rw------- 1 root root 569 Dec 22 22:40 authorized_keys

尝试免密登录

 [root@mashuangle ~]# ssh 192.168.59.128
 Last failed login: Thu Dec 22 22:40:39 CST 2022 from 192.168.59.129 on ssh:notty
 There was 1 failed login attempt since the last successful login.
 Last login: Thu Dec 22 22:40:10 2022 from 192.168.59.1
 [root@msl ~]# 

搭建nfs服务器

服务端安装nfs

 [root@mashuangle ~]# dnf -y install nfs-utils
 Last metadata expiration check: 0:29:43 ago on Thu 22 Dec 2022 10:21:21 PM CST.
 Dependencies resolved.
 ====================================================================================
  Package               Architecture  Version                 Repository        Size
 ====================================================================================
 Installing:
  nfs-utils             x86_64        1:2.3.3-57.el8          baseos           515 k
 Installing dependencies:
  gssproxy              x86_64        0.8.0-21.el8            baseos           119 k
 ...
   Verifying        : rpcbind-1.2.5-10.el8.x86_64                                9/9 
 ​
 Installed:
   gssproxy-0.8.0-21.el8.x86_64            keyutils-1.5.10-9.el8.x86_64             
   libev-4.24-6.el8.x86_64                 libverto-libev-0.3.2-2.el8.x86_64        
   nfs-utils-1:2.3.3-57.el8.x86_64         python3-pyyaml-3.12-12.el8.x86_64        
   quota-1:4.04-14.el8.x86_64              quota-nls-1:4.04-14.el8.noarch           
   rpcbind-1.2.5-10.el8.x86_64            
 ​
 Complete!

创建目录并输入文件配置

 [root@mashuangle ~]# mkdir /nfs
 [root@mashuangle ~]# ls /
 backup  boot  etc   lib    media  msl  opt   root  sbin     srv  tmp  var
 bin     dev   home  lib64  mnt    nfs  proc  run   scripts  sys  usr
 [root@mashuangle ~]# vi /etc/exports
 [root@mashuangle ~]# tail -1 /etc/exports
 /nfs 192.168.59.128(rw)
 [root@mashuangle ~]# 

启动nfs服务

 [root@mashuangle ~]# systemctl enable --now nfs-server
 Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
 [root@mashuangle ~]# systemctl  status rpcbind
 ● rpcbind.service - RPC Bind
    Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset:>
    Active: active (running) since Thu 2022-12-22 22:56:39 CST; 1min 9s ago
      Docs: man:rpcbind(8)
  Main PID: 10807 (rpcbind)
     Tasks: 1 (limit: 4723)
    Memory: 1.5M
    CGroup: /system.slice/rpcbind.service
            └─10807 /usr/bin/rpcbind -w -f
 ​
 Dec 22 22:56:39 mashuangle systemd[1]: Starting RPC Bind...
 Dec 22 22:56:39 mashuangle systemd[1]: Started RPC Bind.
 ​
 [root@mashuangle ~]# 

客户端安装nfs

 [root@msl ~]# dnf -y install nfs-utils
 CentOS-8.5.2111 - Base - mirrors.aliyun.com   26 kB/s | 3.9 kB     00:00    
 CentOS-8.5.2111 - Extras - mirrors.aliyun.co  16 kB/s | 1.5 kB     00:00    
 ...
 ​
 Installed:
   gssproxy-0.8.0-19.el8.x86_64            keyutils-1.5.10-9.el8.x86_64      
   libverto-libevent-0.3.0-5.el8.x86_64    nfs-utils-1:2.3.3-46.el8.x86_64   
   python3-pyyaml-3.12-12.el8.x86_64       quota-1:4.04-14.el8.x86_64        
   quota-nls-1:4.04-14.el8.noarch          rpcbind-1.2.5-8.el8.x86_64        
 ​
 Complete!
 [root@msl ~]# 

挂载

 [root@msl ~]# mount -t nfs 192.168.59.129:/nfs /media/
 [root@msl ~]# df -h
 Filesystem           Size  Used Avail Use% Mounted on
 devtmpfs             373M     0  373M   0% /dev
 tmpfs                391M     0  391M   0% /dev/shm
 tmpfs                391M  5.5M  386M   2% /run
 tmpfs                391M     0  391M   0% /sys/fs/cgroup
 /dev/mapper/cl-root   17G  1.8G   16G  11% /
 /dev/nvme0n1p1      1014M  213M  802M  21% /boot
 tmpfs                 79M     0   79M   0% /run/user/0
 192.168.59.129:/nfs   17G  1.9G   16G  12% /media
 [root@msl ~]# 

开放/nfs/upload目录为172.16.12.0/24网段的数据上传目录，并将所有用户及所属的用户组都映射为nfs-upload，其UID与GID均为300

 [root@msl ~]# groupadd -g 300 nfs-upload
 [root@msl ~]# useradd  -u 300 -g 300 nfs-upload
 [root@msl ~]# id nfs-upload
 uid=300(nfs-upload) gid=300(nfs-upload) groups=300(nfs-upload)
 [root@msl ~]# 

指定所有用户访问都为匿名且uid gid都为300，exportfs重新加载exports文件

 [root@msl ~]# vi /etc/exports
 [root@msl ~]# cat /etc/exports
 /nfs/upload 172.16.12.0/24(rw,all_squash,root_squash,anonuid=300,anongid=300)
 [root@msl ~]# exportfs -r

查看导出

 [root@msl ~]# showmount -e 192.168.59.129
 Export list for 192.168.59.129:
 /nfs 192.168.59.128