ホスト名の変更
nmcli general hostname ホスト名
固定IP設定
ネットワークデバイス名の確認
# nmcli device
DEVICE TYPE STATE CONNECTION
enp2s0 ethernet connected enp2s0
lo loopback unmanaged --
現在のネットワーク設定確認
ipv4.methodがautoなら自動取得、manualなら固定IP
# nmcli -f ipv4 con show enp2s0
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: --
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.routing-rules: --
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-iaid: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.dhcp-hostname-flags: 0x0 (none)
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.required-timeout: -1 (default)
ipv4.dad-timeout: -1 (default)
ipv4.dhcp-vendor-class-identifier: --
ipv4.link-local: 0 (default)
ipv4.dhcp-reject-servers: --
固定IP設定
nmcli con mod enp2s0 ipv4.addresses 192.168.103.102/24
nmcli con mod enp2s0 ipv4.gateway 192.168.103.1
nmcli con mod enp2s0 ipv4.dns 192.168.103.1
nmcli con mod enp2s0 ipv4.dns "1.1.1.1 8.8.8.8"
nmcli con mod enp2s0 ipv4.method manual
nmcli con down enp2s0 ; nmcli con up enp2s0
SSH鍵認証の設定
鍵の作成
# ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hoge/.ssh/id_rsa):
Created directory '/home/hoge/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hoge/.ssh/id_rsa
Your public key has been saved in /home/hoge/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:k/ZLABW3Dm1F7MBDXww71B3T34nGAUx3uig4ofWkIgI hoge@localhost.localdomain
The key's randomart image is:
+---[RSA 4096]----+
| o+==*=.=o|
| . o+*o+= +|
|E .o..++=.o +|
|. o.*= o=..o|
| . . o +So.... |
| . . ...+. |
| o |
| . . |
| . |
+----[SHA256]-----+
鍵のリネームと、パーミッション設定
mv .ssh/id_rsa.pub .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
秘密鍵(id_rsa)は何らかの手段でをホスト側に転送したら削除します
rm .ssh/id_rsa
公開鍵認証の有効化
公開鍵認証を許可し、パスワード認証を禁止
# 公開鍵認証の許可
PubkeyAuthentication yes
# パスワード認証の禁止
PasswordAuthentication no
設定を反映するため、sshdを再起動
systemctl restart sshd.service
Firewallの設定
現在のFirewall設定確認
# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
不要なサービスの削除
firewall-cmd --remove-service=cockpit --permanent
firewall-cmd --remove-service=dhcpv6-client --permanent
FirewallにHTTP(80/tcp)とHTTPS(443/tcp)の追加
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
Firewall設定の再読み込み
firewall-cmd --reload
SELinuxの無効化
SELINUXの設定を「enforcing」から「disabled」に変更
#SELINUX=enforcing
SELINUX=disabled
再起動
shutdown -r now
コメント