2015/08/18

HP2626 switch ssh key 認證與 ssh login 設定

# 設定管理者密碼
configure
password manager user-name admin

# 讓ssh 可以登入,可以接受 key 認證
configure
crypto key generate ssh rsa
ip ssh
ip ssh filetransfer
aaa authentication ssh login public-key none
aaa authentication ssh login local none
aaa authentication ssh enable login none
aaa authentication ssh enable public-key none
show authentication
show ip ssh
no tftp client
ip ssh filetransfer
write memory
exit
exit
exit
y

# 從本地端 copy ssh key 到 switch 上面
mtchang@mt ~/public_html/ks $ scp id_rsa.pub admin@110.111.81.1:/ssh/mgr_keys/authorized_keys
We'd like to keep you up to date about:
  * Software feature updates
  * New product announcements
  * Special events

Please register your products now at:  www.ProCurve.com

admin@110.111.81.1's password:
id_rsa.pub                                                                                           100%  391     0.4KB/s   00:00  
Connection to 110.111.81.1 closed by remote host.

# 從新使用 ssh 登入驗證
hadoop@mt ~/.ssh $ ssh admin@110.111.72.2
The authenticity of host '110.111.72.2 (110.111.72.2)' can't be established.
RSA key fingerprint is 38:ca:24:b0:97:fd:8e:d6:bd:66:28:90:fd:b7:45:d7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '110.111.72.2' (RSA) to the list of known hosts.
We'd like to keep you up to date about:
  * Software feature updates
  * New product announcements
  * Special events

Please register your products now at:  www.ProCurve.com


ProCurve J4900B Switch 2626
Software revision H.10.50



# option: 選項:設定可登入管理的 ip 範圍
ip authorized-managers

configure
ip authorized-managers 110.111.0.0 255.255.0.0

# 設定 ntp 對時
configure
sntp server 110.111.69.1
timesync sntp
sntp unicast
show running-config
write memory
exit
exit
exit
y


2015/08/17

Automatically accept epel gpg key(自動加入 EPEL 的 GPG key)


單機
[root@hmaster ~]# rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

ssh 遠端下指令
[root@hmaster ~]# ssh root@hdatanode1 'rpm --import http://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7'

# 現在直接再 repo 內建就有 epel 的設定套件了
[root@c7 ~]# yum search epel
====================================================================== N/S matched: epel ======================================================================
epel-release.noarch : Extra Packages for Enterprise Linux repository configuration
epel-rpm-macros.noarch : Extra Packages for Enterprise Linux RPM macros
python3-pkgversion-macros.noarch : Convenience macros for Fedora/EPEL Python 3 packages building

# 直接安裝就可以
[root@c7 ~]# yum install epel-release -y

# 看看你系統上的 REPO 有哪些
[root@c7 ~]# yum repolist
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.stu.edu.tw
 * epel: mirror01.idc.hinet.net
 * extras: ftp.stu.edu.tw
 * nux-dextop: mirror.li.nux.ro
 * updates: ftp.stu.edu.tw
repo id                                                       repo name                                                                                  status
adobe-linux-x86_64                                            Adobe Systems Incorporated                                                                     2
base/7/x86_64                                                 CentOS-7 - Base                                                                            8,652
epel/x86_64                                                   Extra Packages for Enterprise Linux 7 - x86_64                                             8,446
extras/7/x86_64                                               CentOS-7 - Extras                                                                            180
google-chrome                                                 google-chrome                                                                                  3
nux-dextop/x86_64                                             Nux.Ro RPMs for general desktop use                                                        2,099
updates/7/x86_64                                              CentOS-7 - Updates                                                                         1,202
repolist: 20,584