CA-SSH-DHCP服务实现
2024-04-13 15:24:04
文章目录
- 一、证书相关概念
- 二、实现私有CA和证书申请
- 2.1 创建CA的私钥
- 2.2 给CA颁发自签名证书
- 2.3 用户生成私钥和证书申请
- 2.4 CA颁发证书
- 2.5 查看证书
- 三、SSH常用参数、用法
- 四、SSH常见应用
- 4.1 实现基于密钥的登录方式
- 4.2 使用SSH实现端口转发
- 五、dhcp服务
- 小结
一、证书相关概念
- 公共密钥加密体系:PKI
- 签证机构:CA
- 注册机构:RA
- 证书吊销列表:CRL
- X.509:定义了证书的结构以及认证协议标准(包含:版本号、序列号、签名算法、颁发者、有效期限、主体名称等等)
证书类型:
- 证书授权机构的证书
- 服务器证书
- 用户证书
获取证书两种方法:
1.自签名的证书: 自已签发自己的公钥
2.使用证书授权机构:
- 生成证书请求(csr)
- 将证书请求csr发送给CA
- CA签名颁发证书
二、实现私有CA和证书申请
建立私有CA:可以使用OpenCA软件,也可以直接使用openssl。
2.1 创建CA的私钥
使用openssl命令生成需要的私钥,默认密钥长度为2048。修改文件权限为600.
[root@centos7 ~]# openssl genrsa -out /etc/pki/CA/private/cakey.pem
Generating RSA private key, 2048 bit long modulus
..................+++
.....+++
e is 65537 (0x10001)
[root@centos7 ~]# cd /etc/pki/CA
[root@centos7 CA]# ll private/cakey.pem
-rw-r--r--. 1 root root 1675 Feb 22 16:29 private/cakey.pem
[root@centos7 CA]# chmod 600 private/cakey.pem
[root@centos7 CA]# ll private/cakey.pem
-rw-------. 1 root root 1675 Feb 22 16:29 private/cakey.pem
[root@centos7 CA]#
2.2 给CA颁发自签名证书
给CA颁发自签名证书,有效期为10年。
[root@centos7 CA]# openssl req -new -x509 -key private/cakey.pem -days 3650 -out cacert.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:AI
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:jiangde.com
Email Address []:jiang111@139.com
[root@centos7 CA]#
[root@centos7 CA]# tree
.
├── cacert.pem
├── certs
├── crl
├── newcerts
└── private└── cakey.pem4 directories, 2 files
[root@centos7 CA]#
2.3 用户生成私钥和证书申请
根据/etc/pki/tls/openssl.cnf配置文件中的策略,证书申请中的countryName、stateOrProvinceName、organizationName需要上面第2点填写一致。commonName该项为必须填写的。
[root@centos7 CA]# cd /data
[root@centos7 data]# (umask 066; openssl genrsa -out /data/app1.key 2048)
Generating RSA private key, 2048 bit long modulus
.....................+++
........+++
e is 65537 (0x10001)
[root@localhost CA]# vim /etc/pki/tls/openssl.cnf
......省略部分输出81 policy = policy_match8283 # For the CA policy84 [ policy_match ]85 countryName = match86 stateOrProvinceName = match87 organizationName = match88 organizationalUnitName = optional89 commonName = supplied90 emailAddress = optional......省略部分输出
[root@centos7 data]#
[root@centos7 data]# openssl req -new -key /data/app1.key -out /data/app1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:GZ
Organization Name (eg, company) [Default Company Ltd]:AI
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:app1.jiangde.com
Email Address []:app1@163.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@centos7 data]#
2.4 CA颁发证书
index.txt和serial文件在颁发证书时需要使用,如果不存在,会出现以下错误提示。
另外,如果在cnetos8上,需要先创建相应的目录:mkdir -pv /etc/pki/CA/{certs,crl,newcerts,private}
[root@centos7 data]# openssl ca -in app1.csr -out /etc/pki/CA/certs/app1.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/index.txt: No such file or directory
unable to open '/etc/pki/CA/index.txt'
140309127034768:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/pki/CA/index.txt','r')
140309127034768:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
[root@centos7 data]#
[root@centos7 data]# touch /etc/pki/CA/index.txt
[root@centos7 data]# openssl ca -in app1.csr -out /etc/pki/CA/certs/app1.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/serial: No such file or directory
error while loading serial number
140599648216976:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/pki/CA/serial','r')
140599648216976:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
[root@centos7 data]#
[root@centos7 data]# echo 01 > /etc/pki/CA/serial
[root@centos7 data]# openssl ca -in app1.csr -out /etc/pki/CA/certs/app1.crt -days 1000
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Feb 18 19:18:36 2022 GMTNot After : Nov 14 19:18:36 2024 GMTSubject:countryName = CNstateOrProvinceName = GDorganizationName = AIorganizationalUnitName = ITcommonName = app1.jiangde.comemailAddress = app1@163.comX509v3 extensions:X509v3 Basic Constraints:CA:FALSENetscape Comment:OpenSSL Generated CertificateX509v3 Subject Key Identifier:FC:92:FC:30:E3:CB:33:76:0A:2E:07:2A:63:89:E0:55:4F:B6:21:F5X509v3 Authority Key Identifier:keyid:38:16:21:53:13:2B:90:FB:62:AC:26:8F:91:7B:A3:46:6F:B8:91:D 6Certificate is to be certified until Nov 14 19:18:36 2024 GMT (1000 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@centos7 data]# tree /etc/pki/Ca
/etc/pki/Ca [error opening dir]0 directories, 0 files
[root@centos7 data]# tree /etc/pki/CA
/etc/pki/CA
├── cacert.pem
├── certs
│?? └── app1.crt
├── crl
├── index.txt
├── index.txt.attr
├── index.txt.old
├── newcerts
│?? └── 01.pem
├── private
│?? └── cakey.pem
├── serial
└── serial.old4 directories, 9 files
[root@centos7 data]#
2.5 查看证书
[root@centos7 CA]# cat certs/app1.crt
Certificate:Data:Version: 3 (0x2)Serial Number: 1 (0x1)Signature Algorithm: sha256WithRSAEncryptionIssuer: C=CN, ST=GD, L=GZ, O=AI, OU=IT, CN=jiangde.com/emailAddress=jiang_de@139.comValidityNot Before: Feb 18 19:18:36 2022 GMTNot After : Nov 14 19:18:36 2024 GMTSubject: C=CN, ST=GD, O=AI, OU=IT, CN=app1.jiangde.com/emailAddress=app1@163.comSubject Public Key Info:Public Key Algorithm: rsaEncryptionPublic-Key: (2048 bit)Modulus:00:c3:b6:bb:f9:ce:98:5d:2e:32:07:02:f7:c6:00:e4:a8:db:6e:1c:a6:50:0f:2b:9e:b7:d7:a9:7e:c9:8c:dc:4a:bc:1c:62:99:da:31:96:b8:5e:da:77:8a:1e:2b:1b:d7:3b:98:2b:4d:0a:f7:ed:20:ae:ee:9d:45:86:8c:16:62:bd:17:6b:62:e8:bb:42:07:fb:81:ab:75:2d:87:2a:aa:3c:ff:9a:03:e6:53:fd:1e:c6:4b:51:65:3a:4e:1e:de:1c:1c:f8:51:f9:7a:7f:92:fd:69:43:77:b9:0d:68:f4:69:04:4a:92:99:17:eb:5e:c4:9a:35:48:27:7e:4c:9e:f9:77:e5:2f:ea:56:b1:63:ee:48:a5:e3:de:84:b6:03:17:ed:8c:44:07:d1:7c:bf:da:59:66:92:3f:0a:d1:07:81:c4:33:fd:68:48:24:9b:3a:46:dc:ad:f6:ca:5b:ef:04:d7:1a:1a:e4:6e:f2:f2:cc:d8:43:af:1b:35:a8:db:db:a9:38:23:d5:66:e8:1e:ea:69:77:38:ae:ef:46:21:9f:79:25:7a:2a:c2:c5:54:3c:f3:68:0a:be:81:a6:28:c1:fb:87:55:1b:15:d5:2b:93:f4:d3:41:f4:56:1d:c2:04:35:ad:ba:4c:c4:ab:82:76:98:2e:0b:87:85:e4:2bExponent: 65537 (0x10001)X509v3 extensions:X509v3 Basic Constraints:CA:FALSENetscape Comment:OpenSSL Generated CertificateX509v3 Subject Key Identifier:FC:92:FC:30:E3:CB:33:76:0A:2E:07:2A:63:89:E0:55:4F:B6:21:F5X509v3 Authority Key Identifier:keyid:38:16:21:53:13:2B:90:FB:62:AC:26:8F:91:7B:A3:46:6F:B8:91:D6Signature Algorithm: sha256WithRSAEncryption5a:c5:85:b4:ec:99:89:85:3a:8d:07:d2:a0:84:f5:15:fb:a4:d7:50:23:d6:bd:a2:31:f6:31:29:c1:c0:93:27:5c:7e:72:ba:fd:08:52:fc:ed:44:26:f0:af:3c:3b:ed:0d:44:4c:fb:4e:8f:ce:78:a3:61:50:6d:87:c8:a5:72:be:f9:c1:5e:ec:65:1b:fc:c9:7a:e2:16:ee:55:0f:37:2b:81:5e:ab:72:17:5c:15:64:8a:d1:ac:63:59:35:38:80:a5:6b:ad:a2:dc:b9:76:c7:a9:f9:c4:88:3c:e4:f9:36:3c:96:ee:ac:b0:0d:ba:a2:cd:a5:03:cf:bc:92:7a:d3:06:58:88:ae:2b:08:de:09:78:6b:7a:11:aa:d5:90:99:56:c7:d0:e8:27:72:a4:55:01:e4:55:f9:4b:4a:79:53:a4:f6:c1:38:42:9a:3f:80:a6:6d:0d:0b:1d:b7:d4:fa:61:19:30:23:03:b6:9f:35:b3:32:78:e6:82:1f:7c:e4:31:6a:3d:10:85:23:18:1d:47:97:6f:10:f1:4e:95:9b:7d:cf:9e:9e:66:c0:ee:75:3c:de:4b:fb:42:70:16:97:75:05:21:46:fb:b6:c5:a3:cd:96:e4:f7:b6:2c:4c:86:49:c2:8a:82:50:05:ea:33:fd:ec:4c:3d:4c:b6:dc
-----BEGIN CERTIFICATE-----
MIID2jCCAsKgAwIBAgIBATANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJDTjEL
MAkGA1UECAwCR0QxCzAJBgNVBAcMAkdaMQswCQYDVQQKDAJBSTELMAkGA1UECwwC
SVQxFDASBgNVBAMMC2ppYW5nZGUuY29tMR8wHQYJKoZIhvcNAQkBFhBqaWFuZ19k
ZUAxMzkuY29tMB4XDTIyMDIxODE5MTgzNloXDTI0MTExNDE5MTgzNlowbDELMAkG
A1UEBhMCQ04xCzAJBgNVBAgMAkdEMQswCQYDVQQKDAJBSTELMAkGA1UECwwCSVQx
GTAXBgNVBAMMEGFwcDEuamlhbmdkZS5jb20xGzAZBgkqhkiG9w0BCQEWDGFwcDFA
MTYzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMO2u/nOmF0u
MgcC98YA5KjbbhymUA8rnrfXqX7JjNxKvBximdoxlrhe2neKHisb1zuYK00K9+0g
ru6dRYaMFmK9F2ti6LtCB/uBq3UthyqqPP+aA+ZT/R7GS1FlOk4e3hwc+FH5en+S
/WlDd7kNaPRpBEqSmRfrXsSaNUgnfkye+XflL+pWsWPuSKXj3oS2AxftjEQH0Xy/
2llmkj8K0QeBxDP9aEgkmzpG3K32ylvvBNcaGuRu8vLM2EOvGzWo29upOCPVZuge
6ml3OK7vRiGfeSV6KsLFVDzzaAq+gaYowfuHVRsV1SuT9NNB9FYdwgQ1rbpMxKuC
dpguC4eF5CsCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl
blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPyS/DDjyzN2Ci4H
KmOJ4FVPtiH1MB8GA1UdIwQYMBaAFDgWIVMTK5D7Yqwmj5F7o0ZvuJHWMA0GCSqG
SIb3DQEBCwUAA4IBAQBaxYW07JmJhTqNB9KghPUV+6TXUCPWvaIx9jEpwcCTJ1x+
crr9CFL87UQm8K88O+0NREz7To/OeKNhUG2HyKVyvvnBXuxlG/zJeuIW7lUPNyuB
XqtyF1wVZIrRrGNZNTiApWutoty5dsep+cSIPOT5NjyW7qywDbqizaUDz7ySetMG
WIiuKwjeCXhrehGq1ZCZVsfQ6CdypFUB5FX5S0p5U6T2wThCmj+Apm0NCx231Pph
GTAjA7afNbMyeOaCH3zkMWo9EIUjGB1Hl28Q8U6Vm33Pnp5mwO51PN5L+0JwFpd1
BSFG+7bFo82W5Pe2LEyGScKKglAF6jP97Ew9TLbc
-----END CERTIFICATE-----
[root@centos7 CA]#
[root@centos7 CA]#
[root@centos7 CA]# cat index.txt
V 241114191836Z 01 unknown /C=CN/ST=GD/O=AI/OU=IT/CN=app1.jiangde.com/emailAddress=app1@163.com
三、SSH常用参数、用法
telnet协议是使用明文的方式进行传输,这就非常地不安全,而ssh协议是密文传输的,实现了加密通信。在CentOS系统上默认安装了openssh(ssh协议的开源实现)。
ssh执行指纹核对(fingerprint verification)来确保用户连接到正确的远程主机。在第一次连接到服务器上时,ssh默认会存储指纹信息,在之后的连接过程中核对该指纹。
ssh命令是ssh客户端,允许实现对远程系统经验证地加密安全访问。
格式 :
ssh [user@]host [COMMAND]
ssh [-l user] host [COMMAND]常见选项:
-p port #远程服务器监听的端口
-b #指定连接的源IP
-v #调试模式
-C #压缩方式
-X #支持x11转发
-t #强制伪tty分配,如:ssh -t remoteserver1 ssh -t remoteserver2
-o option #如:-o StrictHostKeyChecking=no
-i <file> #指定私钥文件路径,实现基于key验证,默认使用文件: ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519,~/.ssh/id_rsa等
#远程执行命令
[root@centos7 ~]# ssh root@192.168.1.31 "echo user: $(whoami);echo OS: $(uname)"
The authenticity of host '192.168.1.31 (192.168.1.31)' can't be established.
ECDSA key fingerprint is SHA256:910aHeL6lF7RojTWGrsyimfrEYtBLydn9eJpHbVSNC8.
ECDSA key fingerprint is MD5:f4:18:ae:98:8e:f8:65:2a:00:a9:7d:a1:c7:2d:4a:16.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.31' (ECDSA) to the list of known hosts.
root@192.168.1.31's password:
user: root
OS: Linux
[root@centos7 ~]#
四、SSH常见应用
4.1 实现基于密钥的登录方式
为实现登录过程自动化,可以利用SSH密钥实现自动登录。SSH采用了非对称加密技术,认证密钥包括了公钥和私钥。要实现自动化认证,公钥必须放置在服务器中。
设置SSH认证自动化需要两步:
- 在本地主机上创建SSH密钥;
- 将生成的公钥传给远程主机。
[root@centos7 ~]# ll ~/.ssh
ls: cannot access /root/.ssh: No such file or directory
[root@centos7 ~]#
[root@centos7 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:IZoh0ZwghDDd4TgkuDaQz0rbhBoK8GyOi66co72zDCc root@centos7.jiangde.com
The key's randomart image is:
+---[RSA 2048]----+
|X++=.o |
|*=.+= |
|o*= o . . |
|+=*+ + . . |
|**= o S |
|=... |
|E.. |
|+Bo |
|*+*+ |
+----[SHA256]-----+
[root@centos7 ~]# ll ~/.ssh
total 12
-rw------- 1 root root 1679 Feb 23 22:19 id_rsa #生成的私钥
-rw-r--r-- 1 root root 406 Feb 23 22:19 id_rsa.pub #生成的公钥#远程主机接收上面的公钥,放置在~/.ssh/
[root@localhost ~]# ll ~/.ssh #未传过来时没有相应的目录和文件
ls: cannot access /root/.ssh: No such file or directory
[root@localhost ~]# ll .ssh #传过来后
total 4
-rw-------. 1 root root 406 Feb 23 17:26 authorized_keys
[root@localhost ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAO17FNVU6aeq9z+NoYm6B5KrP4g1fxhYXN2XoA58RrVewQGa5nQ8tQT+m76Q3TT9JO0fQmKdfYI+a90HQ0/OdKEs/3i08NCcrRNduJMr1THwmXBhUYq5UnihN30GxkZYylYEztGO1X7V4H4nxH0Oujrhy7+mQlH31aJ69AxQVUahVt5AcvzRLAkwpDAA3EipH4C2RYbAHUSL3HOuF8jiBWRV7JTh75tMlYU2i9u1SPuGrfea797eLxdIG/smRcFDschSlxxq3B+JGwQSTIjecn0XkUsFnLEdHyytsjQ4lI5Ki2uUobdk7WkesygOTxH57FGRGSpcSdXMEIlLWtrcn root@centos7.jiangde.com
[root@localhost ~]##测试
[root@centos7 ~]# ssh 192.168.1.31 #不再需要密码就可以登录进来
Last login: Wed Feb 23 17:00:50 2022 from 192.168.1.12
[root@localhost ~]#
[root@localhost ~]# hostname -I
192.168.1.31 2409:8a55:475:3280:20c:29ff:fec3:468d
[root@localhost ~]#
4.2 使用SSH实现端口转发
端口转发可以将来自某台主机的IP连接重定向到另一台主机。如果你用Linux系统作为防火墙,你可以将某端口(如1234)上的连接重定向至其他内部地址(如192.168.1.10:22),从而为外部提供一个可以抵达内部主机的ssh隧道。
下列命令会将本地主机端口8000上的流量转发到www.kernel.org的端口80上:
ssh -L 8000:www.kernel.org:80 user@localhost # user为本地主机上的用户名下列命令会将远程主机端口8000上的流量转发到www.kernel.org的端口80上:
ssh -L 8000:www.kernel.org:80 user@REMOTE_MACHINE #REMOTE_MACHINE为远程主机名或ip地址,user为使用ssh进行访问的用户名
五、dhcp服务
DHCP使用UDP协议工作,主要用途:可以实现客户机自动获得DHCP服务器分配的IP地址和子网掩码等信息。DHCP工作在:67/68端口,分别作为DHCP Server和DHCP Client的服务端口。
#dhcp服务器侧
[root@localhost ~]# yum install -y dhcp
[root@localhost ~]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
subnet 192.168.1.0 netmask 255.255.255.0 {option routers 192.168.1.31;option domain-name-servers 114.114.114.114;option subnet-mask 255.255.255.0;range dynamic-bootp 192.168.1.67 192.168.1.69;default-lease-time 21600;max-lease-time 43200;
}
[root@localhost ~]# systemctl start dhcpd #需要写好dhcpd.conf,不然启动服务会报错。
[root@localhost ~]# cat /var/lib/dhcpd/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.2.5server-duid "\000\001\000\001)\256\347\315\000\014)\303F\215";lease 192.168.1.67 {starts 1 2022/02/28 01:54:25;ends 1 2022/02/28 07:54:25;cltt 1 2022/02/28 01:54:25;binding state active;next binding state free;rewind binding state free;hardware ethernet 00:0c:29:90:05:d8;client-hostname "centos7";
}
[root@localhost ~]##客户机侧
[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
BOOTPROTO="dhcp"
NAME="ens33"
DEVICE="ens33"
ONBOOT="yes"
[root@centos7 ~]# systemctl restart network
[root@centos7 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope hostvalid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:90:05:d8 brd ff:ff:ff:ff:ff:ffinet 192.168.1.67/24 brd 192.168.1.255 scope global noprefixroute dynamic ens33valid_lft 21448sec preferred_lft 21448secinet6 fe80::20c:29ff:fe90:5d8/64 scope linkvalid_lft forever preferred_lft forever
[root@centos7 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search jiangde.com
nameserver 114.114.114.114
[root@centos7 ~]#
[root@centos7 ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.958 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.42 ms
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.958/1.191/1.424/0.233 ms
[root@centos7 ~]#
小结
1. 证书这块涉及了加密算法,还有证书的吊销等知识,还需要多学习一下。
2. ssh的高级的应用后续还要再实验。
3. dhcp服务也还有其他配置未列出,需要多学习。
CA-SSH-DHCP服务实现相关推荐
- debian dhcp服务启动不了_DHCP服务器配置
DHCP = Dynamic Host Configuration Protocol 基于TCP/IP,用于动态配置工作站网络接口,使工作站的网络接口管理自动化. DHCP服务器软件 dhcpd网站: ...
- linux 查询dhcp服务,查找局域网中的DHCP服务器
某天,在xenserver中的某一台主机启动后发现IP地址是DHCP获得的,但是网段却是我从没有配置过的.想了很久都不记得自己曾经架过这么一台DHCP服务器.我要做的就是揪出它,看看是哪台机器在提供D ...
- Linux服务之DHCP服务篇(scp)
一.概念 名称:DHCP----Dynamic Host Configuration Protocol 动态主机配置协议 功能:DHCP是一个局域网的网络协议,使用UDP协议工作 主要用途:给内部网络 ...
- linux 的常用命令---------第十三阶段(NFS与DHCP服务,scp用法)
NFS服务与DHCP服务 NFS服务:即实现linux与linux之间的文件共享,其中NFS允许一个系统在网络上与他人共享文件和目录. 模式为:C/S模式 使用端口为:2049端口 部署NFS服务: ...
- 迁移Win 2003 DHCP服务到2008R2
之前看到网络上方法是先将2003DHCP导出,然后对导出的数据进行修改,最后导入2008R2中!其实可以不用这么麻烦,我们可以借助Power Shell 及2008R2提供的迁移工具,方便的进行DHC ...
- Linux / CentOs 7搭建DHCP服务
在前面介绍了怎么在Windows server 2016中搭建DHCP服务, 我们今天介绍如何在Linux / CentOS 7操作系统中搭建DHCP服务? 跟在Windows server 2016 ...
- windows2003系列(之)搭建DHCP服务与中继代理图解
任务目标:<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> 配置 ...
- 详解LINUX 的DHCP服务
大家好!我是书记.今天我给大家带来的是Linux中的DHCP服务的详细讲解以及实现的具体的过程. (1) DHCP的概念:DHCP是进行IP地址等网络信息集中管理的 服务.在 ...
- FreeBSD学习笔记25-安装DHCP服务
一.安装 # cd /usr/ports/net/isc-dhcp3-server # make config ; make install clean # rehash 菜单中的选项保存默认即可. ...
- [RHEL5企业级Linux服务攻略]--第3季 DHCP服务全攻略
1 DHCP原理 1.1 DHCP概述 DHCP(Dynamic Host Configuration Protocal)就是动态主机配置协议哈,可以自动配置主机的IP地址.子网掩码.网关及DNS等 ...
最新文章
- mysql两列查询结果列拼接一个表输出_sql select语句,查询出两列结果拼接在一起...
- flutter git 拉不起来_「干货」Flutter开发环境配置备忘录
- Ubuntu系统如何卸载并安装新版本的jdk(permission denied问题)
- 【Java 网络编程】TCP 数据传输示例 ( 客户端参数设置 | 服务器端参数设置 | ByteBuffer 存放读取数据类型 )
- Hitpoint:外贸企业如何选择合适的ERP系统
- matlab exist()判断目录文件是否存在
- java常用类介绍及源码阅读(LinkedList)
- 云计算数据与信息安全防护
- 发布一款npm包帮助理解npm的使用
- 迅捷PDF虚拟打印机怎么安装和使用
- 计算机 添加环境变量,windows系统手动添加环境变量的方法
- 论文阅读-(CCNet)Criss-Cross Attention for Semantic Segmentation
- 讯飞语音——带你简单实现语音听写
- MTL TXN REQUEST HEADERS HEADER STATUS or MTL TXN REQUEST LIN
- 传统安防监控摄像头Onvif云台控制直播流如何转换成GB/T28181对接到国标视频平台公安内网
- 初识AOS --------AOS学习笔记系列
- 具有实践精神的理论家;我们时代的达芬奇------高德纳访谈录
- c语言冷门小知识,生活中的冷门小知识有哪些
- PyQt5之进度条:QProgressBar
- HTML5如何实现img标签中的图片根据屏幕大小显示相应部分的内容,并保证核心内容可见