This article is a personal memo written by a beginner. It's hard to see, and I think it's better to refer to other people's articles. I'm sorry.
Create user: useradd, passwd Enable the sudo command: $ visudo, sudoers Add guest1 ALL = NOPASSWD: ALL to the last line of the file to allow guest1 to use sudo
Edit and add ifcfg-enp0s3 file: vi / etc / sysconfig / network-scripts / ifcfg-enp0s3 BOOTPROTO=none ONBOOT=yes Postscript IPADDR = “. . . ” NETMASK=“...” GATEWAY=“...” DNS1 = “often the same as GATEWAY”
After completion, check if the IP address is reflected in the ip addr show from systemctl restart network.service
Hostname change: $ sudo hostnamectl set-hostname
Modify the hosts file to set the correspondence between host names and IP addresses: vi / etc / hosts IPAdress name
DNS settings: $ vi /etc/resolv.conf Name IPAdress (set from the beginning)
Name resolution settings: $ vi /etc/nsswitch.conf hosts: files dns (set from the beginning)
Confirm ping: At this stage, if ping does not connect to other nodes, confirm the name of the virtualbox network.
Set ssh: vi / etc / ssh / sshd_config
#Port 22 (confirmation) #Protocol 2 (confirmation) PermitRootLogin no PermitEmptyPasswords no Remove # to prohibit empty passwords PasswordAuthentication yes AllowUsers guest1 Added at the bottom
$ systemctl restart sshd.service
SSH security settings: $ vi /etc/hosts.deny sshd: all $ vi /etc/hosts.allow sshd:192.168.1.3
Access restrictions in PAM: $ vi /etc/pam.d/sshd account required pam_access.so and add at the end $ vi /etc/security/access.conf-: ALL EXCEPT sshgrp: ALL and add at the end (Now all users in the group sshgrp can pass through PAM. Permission: User: Source "-" Is prohibited "EXCEPT" means all "ALL" except ~) In other words-: ALL EXCEPT sshgrp: ALL means "permissions are prohibited, except sshgrp" meaning. $ vi / etc / ssh / sshd_config UsePAM Confirm that yes
Create an sshgrp group: $ groupadd sshgrp gpasswd -a guest1 sshgrp grep sshgrp /etc/group
Restrict root user switching: $ gpasswd -a guest1 wheel $ grep wheel /etc/group
Uncomment $ vi /etc/pam.d/su auth required pam_wheel.so use_uid (set to PAM authentication by uncommenting) $ vi /etc/login.defs SU_WHEEL_ONLY Yes and add to the last line (only the wheel group can be switched to root)
How to transfer files by SFTP (assuming ssh connection is possible) Download: Connect to the server and go to the location of the file you want to download $ sftp guest1 @ server Check if there is a file you want to download with $ ls $ get file1 $ exit
Upload: Go to the location of the file you want to upload and enter $ sftp guest1 @ server upload destination Check if there is a file you want to upload with $ ls $ put file1 $ exit
How to transfer files with SCP Upload only: $ ls to see if there is a file you want to download $ scp file1 guest1@server:/home/guest1
How to create public and private keys Create: ssh-keygen -t rsa (password is not set if you press enter while leaving blank) Upload public key: $ cd .ssh / $ sftp guest1@server $ put id_rsa.pub $ Ls Check if you have uploaded properly $ exit Upload to: $ mkdir .ssh / $ cat id_rsa.pub > /home/guest1/.ssh/authorized_keys $ chmod 600 .ssh/authorized_keys $ chmod 700 .ssh/
Set public key cryptography (at the connection destination): $ vi / etc / ssh / sshd_config #Port 22 SSH port number #Protocol 2 SSH version PermitRootLogin no Prohibit logging in as root PermitEmptyPasswords no Prohibition of empty passwords PubkeyAuthentication yes Allow public key cryptography PasswordAuthentication no Prohibition of password authentication AllowUsers guest1 Allow only specific users
Install vsftpd to use FTP $ yum -y install vsftpd $ systemctl status vsftpd.service $ systemctl enable vsftpd.service $ systemctl status vsftpd.service
Set up FTP $ vi /etc/vsftpd/vsftpd.conf
anonymous_enable=YES local_enable=YES anon_upload_enable=NO anon_mkdir_write_enable=NO xferlog_enable=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES (There should be no additional notes)
Add vsftpd: all at the end in $ vi /etc/hosts.deny
Finally vsftpd: 192.168.1.8 in $ vi /etc/hosts.allow (write the IP address to allow connection)
To use FTP, temporarily stop the firewall on the Linux server side. $ systemctl stop firewalld $ systemctl disable firewalld $ systemctl status firewalld
Refuse anonymous users to log in and set so that only specific users can move to the upper directory $ vi /etc/vsftpd/vsftpd.conf
anonymous_enable = NO Allow anonymous user login local_enable = YES General user login permission chroot_local_user = YES Permission to upper directories of general users chroot_list_enable = YES Enable change route list chroot_list_file = / etc / vsftpd / chroot_list Specify changeroot user list file
Now that you have enabled the list file, add guest1 to the chroot_list file in the "etc / vsftpd" directory. $ vi / etc / vsftpd / chroot_list Add guest1
$ systemctl restart vsftpd.service
If you want to restrict FTP access, set userlist_deny to YES. On the contrary, if you want to allow the access of the user written in the user_list file, set userlist_deny to NO. userlist_deny=YES userlist_deny=NO
If set to NO, open the user_list file and add guest1 to allow guest1. In addition to the user_list file, you can register users you want to deny in the / etc / vsftpd / ftpusers file. user_list file The difference between the ftpusers file is the same, but since it is registered in user_list, it is rejected based on the user name. ftpusers refused after receiving the password.
Recommended Posts