Linux基础命令(四)
Linux基础命令(四)
1. 秘钥登录(Linux设备间登录)
1.1 环境准备
- 克隆2台虚拟设备【server1、server2】
# 新增2台设备的基本信息server1 ip:10.1.8.21/24 hostname: server1.harvy.iCloud server2 ip:10.1.8.22/24 hostname: server2.harvy.iCloud- 配置服务器 - 修改网络配置【以server1为例】
# 设置hostname[root@server1 ~ 09:31:13]# hostnamectl set-hostname server1.harvy.iCloud# 设置ip地址[root@server1 ~ 09:31:13]# cd /etc/sysconfig/network-scripts/[root@server1 network-scripts 09:24:52]# vim ifcfg-ens33# 修改IP地址为 10.1.8.11IPADDR=10.1.8.11# 重新加载配置文件[root@server1 network-scripts 09:24:52]# nmcli connection reload# 激活配置[root@server1 network-scripts 09:24:52]# nmcli connection up ens33# 修改hosts配置[root@server1 ~ 09:49:22]# vim /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6# 最后追加解析记录10.1.8.21 server1.harvy.iCloud server110.1.8.22 server2.harvy.iCloud server2#ping server2 测试hosts配置效果[root@server1 ~ 09:47:30]# ping server2PING server2.harvy.iCloud(10.1.8.22)56(84)bytes of data.64bytes from server2.harvy.iCloud(10.1.8.22):icmp_seq=1ttl=64time=0.845ms64bytes from server2.harvy.iCloud(10.1.8.22):icmp_seq=2ttl=64time=6.70ms1.2 配置过程
配置server1秘钥登录server2
[root@server1 ~10:01:12]# ssh-keygenGenerating public/private rsa key pair. Enterfileinwhichto save the key(/root/.ssh/id_rsa): Created directory'/root/.ssh'.Enter passphrase(emptyforno passphrase): Enter same passphrase again: Your identification has been savedin/root/.ssh/id_rsa. Your public key has been savedin/root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:EBTcgjW7Nak3gf/VT5PYM0eOXBjZwgZoWxPvGtMyl0E root@server1.harvy.icloud The key's randomart image is: +---[RSA 2048]----+ | =*o .o+Eo | | . o=..o oo=o.| | +.=. o o+.o| | * o. =oB.| | o S *.O*+| | . o . B o=| | . . .| | | | | +----[SHA256]-----+ # 将秘钥转发给server2服务器 [root@server1 ~ 10:06:59]# ssh-copy-id harvy@server2 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'server2(10.1.8.22)' can't be established. ECDSA key fingerprint is SHA256:/19YcQjixIz/nHvrkswn5fVTQ+o/qlbsC8TdZEFQ128. ECDSA key fingerprint is MD5:31:7c:9e:87:6d:fd:b8:98:39:5a:44:e7:9e:79:9b:a8. Are you sure you want tocontinueconnecting(yes/no)?yes/usr/bin/ssh-copy-id: INFO: attempting to loginwith the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO:1key(s)remain to be installed --ifyou are prompted now it is toinstallthe new keys harvy@server2's password: Permission denied, please try again. harvy@server2's password: Number of key(s)added:1Now try logging into the machine, with:"ssh 'harvy@server2'"and check tomakesure that only the key(s)you wanted were added.# 免密登录执行命令验证[root@server1 ~10:08:46]# ssh harvy@server2 hostnameserver2.harvy.icloud免密互登效果
2. 时间设置
2.1 DATE命令
[root@server1 ~10:16:06]# dateTue Apr710:33:59 CST2026# 查看LANG变量值[root@server1 ~10:34:03]# echo $LANGen_US.UTF-8# 设置LANG变量值[root@server1 ~10:37:45]# LANG=zh_CN.UTF-8# 验证date命令效果[root@server1 ~10:38:28]# date2026年 04月 07日 星期二10:38:37 CST# 格式化时间命令[root@server1 ~10:38:37]# date -s 'Tue Apr 7 10:28:27 CST 2026'2026年 04月 07日 星期二10:28:27 CST2.2 设置东八区的时间
[root@server1 ~10:28:27]# tzselectPlease identify a location so thattimezone rules can besetcorrectly. Pleaseselecta continent or ocean.1)Africa2)Americas3)Antarctica4)Arctic Ocean5)Asia6)Atlantic Ocean7)Australia8)Europe9)Indian Ocean10)Pacific Ocean11)none - I want to specify thetimezone using the Posix TZ format.#? 5Pleaseselecta country.1)Afghanistan18)Israel35)Palestine2)Armenia19)Japan36)Philippines3)Azerbaijan20)Jordan37)Qatar4)Bahrain21)Kazakhstan38)Russia5)Bangladesh22)Korea(North)39)Saudi Arabia6)Bhutan23)Korea(South)40)Singapore7)Brunei24)Kuwait41)Sri Lanka8)Cambodia25)Kyrgyzstan42)Syria9)China26)Laos43)Taiwan10)Cyprus27)Lebanon44)Tajikistan11)East Timor28)Macau45)Thailand12)Georgia29)Malaysia46)Turkmenistan13)Hong Kong30)Mongolia47)United Arab Emirates14)India31)Myanmar(Burma)48)Uzbekistan15)Indonesia32)Nepal49)Vietnam16)Iran33)Oman50)Yemen17)Iraq34)Pakistan#? 9Pleaseselectone of the followingtimezone regions.1)Beijing Time2)Xinjiang Time#? 1The following information has been given: China Beijing Time ThereforeTZ='Asia/Shanghai'will be used. Localtimeis now: Tue Apr710:31:42 CST2026. Universal Time is now: Tue Apr702:31:42 UTC2026. Is the above information OK?1)Yes2)No#? 1You canmakethis change permanentforyourself by appending the lineTZ='Asia/Shanghai';exportTZ to thefile'.profile'inyour home directory;thenlog out and loginagain. Here is that TZ value again, thistimeon standard output so that you can use the /usr/bin/tzselectcommandinshell scripts: Asia/Shanghai[root@server1 ~10:31:45]# date2026年 04月 07日 星期二10:31:47 CST2.3 自动对时
# 安装chrony自动对时工具[root@server1 ~10:34:21]# yum install chrony -y已加载插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com......略 作为依赖被安装: libseccomp.x86_640:2.3.1-4.el7 完毕!# 修改chrony的配置文件,添加aliyun的时间服务器[root@server1 ~10:36:21]# vim /etc/chrony.conf# 启动chrony服务[root@server1 ~10:42:07]# systemctl start chronyd# 时间同步有延时[root@server1 ~10:42:25]# date2026年 04月 07日 星期二10:42:28 CST# 时间完成同步[root@server1 ~10:42:28]# date2026年 04月 07日 星期二10:54:07 CST[root@server1 ~10:54:25]# chronyc sources -v210Number of sources=1.-- Source mode'^'=server,'='=peer,'#'=localclock. / .- Source state'*'=current synced,'+'=combined ,'-'=not combined,|/'?'=unreachable,'x'=timemay beinerror,'~'=timetoo variable.||.- xxxx[yyyy]+/- zzzz||Reachability register(octal)-.|xxxx=adjusted offset,||Log2(Polling interval)--.||yyyy=measured offset,||\||zzzz=estimated error.||||\MS Name/IP address Stratum Poll Reach LastRx Last sample===============================================================================^*203.107.6.88261739+15ms[+22ms]+/- 79ms3. 网络管理
3.1 网络查看
ip命令
[root@server1 ~10:58:27]# ip -br alo UNKNOWN127.0.0.1/8 ::1/128 ens33 UP10.1.8.21/24 fe80::20c:29ff:fe83:b423/64# -br ==>> -brief 简介模式# 查看特定网卡IP地址[root@server1 ~11:21:56]# ip -br a show ens33ens33 UP10.1.8.21/24 fe80::20c:29ff:fe83:b423/64# 查看MAC地址[root@server1 ~11:23:06]# ip -br linklo UNKNOWN 00:00:00:00:00:00<LOOPBACK,UP,LOWER_UP>ens33 UP 00:0c:29:83:b4:23<BROADCAST,MULTICAST,UP,LOWER_UP># 查看网关root@server1 ~11:23:49]# ip routedefault via10.1.8.2 dev ens33 proto static metric10010.1.8.0/24 dev ens33 proto kernel scopelinksrc10.1.8.21 metric100# default 开头的条目是网关# 查看 DNS[root@server1 ~11:23:55]# cat /etc/resolv.conf# Generated by NetworkManagersearch harvy.icloud nameserver223.5.5.5 nameserver223.6.6.63.2 网络配置
nmcli 命令
# 通过配置文件修改网络配置[root@server1 ~11:25:09]# vim /etc/sysconfig/network-scripts/ifcfg-ens33# ifcfg-ens33配置内容,不用修改TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=noneDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=noIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=6097beaa-8776-400d-b1d2-5c5649547947DEVICE=ens33ONBOOT=yesIPADDR=10.1.8.21PREFIX=24GATEWAY=10.1.8.2DNS1=223.5.5.5DNS2=223.6.6.6# 修改完成后需要重新加载和激活配置文件[root@server1 ~11:27:58]# nmcli connection reload[root@server1 ~11:28:14]# nmcli connection up ens33连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/3)通过命令行修改网络配置
- device:设备、网卡
- connection:连接、网卡配置
device和connection之间的关系是:网络设备需要一个网络配置,同一时刻一个device只能激活一个网络配置
3.3 管理设备
# 查看设备清单[root@server1 ~11:28:28]# nmcli deviceDEVICE TYPE STATE CONNECTION ens33 ethernet 已连接 ens33 lo loopback 未托管 --# 断开网络连接[root@server1 ~11:33:05]# nmcli device disconnect ens33# 重新连接网络[root@server1 ~11:33:05]# nmcli device connect ens33# 查看网卡的详细配置[root@server1 ~11:31:52]# nmcli device show ens33GENERAL.DEVICE: ens33 GENERAL.TYPE: ethernet GENERAL.HWADDR: 00:0C:29:83:B4:23 GENERAL.MTU:1500GENERAL.STATE:100(已连接) GENERAL.CONNECTION: ens33 GENERAL.CON-PATH:/org/freedesktop/NetworkManager/Active WIRED-PROPERTIES.CARRIER: 开 IP4.ADDRESS[1]:10.1.8.21/24 IP4.GATEWAY:10.1.8.2 IP4.ROUTE[1]: dst=10.1.8.0/24, nh=0.0.0.0, mt=IP4.ROUTE[2]: dst=0.0.0.0/0, nh=10.1.8.2, mt=1IP4.DNS[1]:223.5.5.5 IP4.DNS[2]:223.6.6.6 IP6.ADDRESS[1]: fe80::20c:29ff:fe83:b423/64 IP6.GATEWAY: -- IP6.ROUTE[1]: dst=ff00::/8, nh=::, mt=256, tab IP6.ROUTE[2]: dst=fe80::/64, nh=::, mt=2563.4 命令对照
| 特性 | ip命令 | nmcli命令 |
|---|---|---|
| 持久性 | 临时修改,重启失效 | 永久配置,写入文件 |
| 复杂度 | 简单直接 | 功能丰富复杂 |
| 配置方式 | 直接内核操作 | 抽象连接管理 |
| 配置文件 | 不生成配置文件 | 生成/etc/sysconfig/network-scripts/ |
| 适用场景 | 临时调试、脚本、紧急修复 | 系统配置、桌面环境、服务器管理 |
| 依赖服务 | 无需服务 | 需要NetworkManager服务 |
3.5 命令补充
接口管理
# 查看所有网络接口iplinkshowip-slinkshow# 带统计信息ip-clinkshow# 彩色输出# 启用/禁用接口iplinksetens33 upiplinksetens33 down# 重命名接口iplinksetens33 name ens333# 设置MTU# 用于进行大文件吞吐配置,要求上下游链路上都要统一配置,没有特殊的场景要求,不可以单节点配置,会断网iplinksetens33 mtu9000路由管理
# 查看路由表iproute showiproute list# 添加默认网关iprouteadddefault via192.168.1.1 dev ens33# 添加静态路由iprouteadd10.0.0.0/24 via192.168.1.1# 删除路由iproute del defaultiproute del10.0.0.0/24# 查看特定路由iproute get8.8.8.8ARP/邻居表
# 查看ARP缓存ipneighbor showipneigh[root@server1 ~11:45:46]# ip neigh10.1.8.2 dev ens33 lladdr 00:50:56:f0:f1:5f STALE10.1.8.1 dev ens33 lladdr 00:50:56:c0:00:08 DELAY# 添加静态ARP条目ipneighadd192.168.1.1 lladdr 00:11:22:33:44:55 dev ens33# 删除ARP条目ipneigh del192.168.1.1 dev eth0连接管理
# 查看所有连接配置nmcli connection show nmcli con show--active# 仅活动连接# 激活/停用连接nmcli connection up"Wired connection 1"nmcli connection down"Wired connection 1"# 创建连接# DHCP连接nmcli conaddtypeethernet ifname eth0 con-name"My-Ethernet"# 静态IP连接nmcli conaddtypeethernet ifname eth0 con-name"Static-IP"\ip4192.168.1.100/24 gw4192.168.1.1\ipv4.dns"8.8.8.8 8.8.4.4"# Wi-Fi连接nmcli conaddtypewifi ifname wlan0 con-name"My-WiFi"\ssid"Network-SSID"wifi-sec.key-mgmt wpa-psk\wifi-sec.psk"password"修改连接配置
# 修改IP地址nmcli con mod"Static-IP"ipv4.addresses"192.168.1.200/24"nmcli con mod"Static-IP"ipv4.gateway"192.168.1.1"# 修改DNSnmcli con mod"Static-IP"ipv4.dns"1.1.1.1 8.8.8.8"# 添加额外DNSnmcli con mod"Static-IP"+ipv4.dns"9.9.9.9"# 修改连接方法nmcli con mod"Static-IP"ipv4.method manual# 静态nmcli con mod"Static-IP"ipv4.method auto# DHCP# 设置MTUnmcli con mod"Static-IP"802-3-ethernet.mtu9000实用技巧
- 别名简化:
aliasips='ip -c addr show'aliasnms='nmcli device status'- 脚本中使用:
# 检测接口是否存在ifiplinkshow ens33>/dev/null2>&1;thenecho"eth0 exists"fi# 等待NetworkManager就绪while!nmcli networking connectivity check;dosleep1done- JSON输出(nmcli 1.30+):
nmcli-t-fname,device,state con show--formatjson- 备份/恢复配置:
# 备份nmcli con show>network-backup.txt# 恢复(需要重新创建连接)