linuxea:windows快速构建丝滑的ftpserver上传和下载 在windows中，可以使用smb来挂载目录，上篇linux上如何优雅的挂载windows smb有所记录，但是并非每个环境都会让你使用共享文件的协议，通常在一个注重安全的环境内，udp的这几个端口会被不由分说的禁用掉。因此就需要另外一个传输方式，比如ftp。通常，FPT作为server端被部署在linux环境下，但是有时候会被windows需要。也就是说需要在windows下部署ftp。但是类似与此类软件居多，如：serv-u, wftpserver,xlightftpd等。但是这些都太重，现在使用ftp server绿色版本搭建简易的ftp通道http://learning.happymmall.com/ftpserver/而后将ftp放行到防火墙端口当我们在linux上用ftp传输的时候不一定能否符合预期ftp是非常原始的传输工具，使用ftp客户端意味着你要手动创建一些目录或者，压缩你将传输的文件夹变成一个包或者一个文件。因此我们使用ncftp，你可以下载也可以使用yum安装ncftp参数-u：指定登录FTP服务器时使用的用户名； -p：指定登录FTP服务器时使用的密码； -P：如果FTP服务器没有使用默认的TCP协议的21端口，则使用此选项指定FTP服务器的端口号。 -m：在传之前尝试在目录位置创建目录(用于传目录的情况) -R：递规传子目录上传FTP将会在远程服务器创建FTP目录，test目录将会推送到FTP目录下ncftpput -u test -p test -P 21 -m -R 172.16.100.19 FTP ~/test/*下载ncftpget -u test -p test -P 21 -d ~/1.txt -R 172.16.100.19 . /FTPRush/test2而在windows客户端你可以使用一些支持ftp断点续传的工具，比如：FileZilla，sftp参考linux上如何优雅的挂载windows smb

linuxea:linux上如何优雅的挂载windows smb 在一些极端情况下，需要将一些备份推送到windows，或者从windows拉取到linux，假设没有吝啬的安全策略下，默认是可以的。但是这不安全，通常情况下，采用ftp更保险。但鉴于在内网运行，此操作可以被尝试。如果想尝试fpt，可以参考快速构建丝滑的ftpserver上传和下载首要条件创建用户mark创建组bakcupwindows 10windows10 运行appwiz.cpl -> 启动或关闭windows功能 -> 勾选SMB1.0/CIFS文件共享支持和SMB直通windws 2008windows 2008 r2添加nfs1，添加功能功能添加，下一步直到安装完成2，添加角色功能角色，下一步直到安装完成3，开启server服务重启服务器电脑。开始共享当我们安装了上面的角色和功能后，创建一个新的文件夹配置共享linux共享mount -t cifs //10.112.118.135/hainan_backups /data/Remotely_backup_data -o username=mark,password=DVjZTIwNDUzN,rwwindows server 20121.安装smb1, windows server的添加角色和功能向导，如下，选中"件服务器资源管理器"下一步直至安装结束。完证完成后重启服务器2.共享位置配置打开服务器管理 -> 文件和存储服务 -> 共享 -> 新建共享-> SMB共享-高级 在共享位置中选择输入自定义路径在E盘创建一个backups目录，并选中3.权限在权限中选择自定义权限并删除删除完成，选择添加按钮。这里添加一个mark用户，也可以是一个组因为是备份文件存放，我们需要对目录写入如法炮制，添加backup组而后修改共享权限报错Windows server 2012R2 设置文件共享目录报错：无法连接到C$管理共享已验证文件夹xxx在计算机xxx上是否存在Windows Remote Management（WinRM)查看端口PS C:\Users\Administrator> netstat -ano | findstr "445" TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 192.168.29.27:57523 192.168.29.27:445 SYN_SENT 4 TCP [::]:445 [::]:0 LISTENING 4 TCP [fe80::dddf:c37a:79c6:afa6%12]:57532 [fe80::dddf:c37a:79c6:afa6%12]:445 SYN_SENT 4如果telnet不通0，检查下“网络和共享中心”→“高级共享设置”里有没有启用网络发现，有没有启用文件和打印机共享1，检查网卡连接是否勾选Microsoft网络客户端和Microsoft网络的文件和打印机共享2，运行输入“regedit”并点击确定以进入注册表编辑器。导航到这个位置（HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System），在右边空白处右击新建->DWORD(32位)值(D)，将它命名为LocalAccountTokenFilterPolicy并且将它的数值数据改为1。重启您的计算机，然后检查问题是否解决。3，运行gpedit.msc，在“本地组策略编辑器”中选择“本地计算机策略”→计算机配置→Windows设置→安全设置→IP安全策略，在本地计算机。然后在右侧双击“新IP安全策略”，删掉“新IP筛选器列表”。检查服务是否开启Function Discovery Provider HostSSDP DiscoveryUPnP Device HostLanmanServer(server开启)白名单确保tcp 139和445已经放行UDP 137，138TCP 139，445，1354.挂载安装依赖cifs-utils 的包 cifs-utils avahi-libs cups-libs gnutls keyutils libldb libtalloc libtdb libtevent libwbclient nettle samba-client-libs samba-common samba-common-libs trousersyum localinstall *.rpm挂载mount -t cifs -o username=mark,password=DVjZTIwNDUzNm //10.100.163.119/backups /data/Remotely_backup_datamount -t cifs -o username=mark,password=DVjZTIwNDUzNm,vers=1.0 //10.100.163.119/backups /data/Remotely_backup_dataNov 3 11:08:44 localhost kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.Nov 3 11:08:44 localhost kernel: Status code returned 0xc000006d STATUS_LOGON_FAILURENov 3 11:08:44 localhost kernel: CIFS VFS: Send error in SessSetup = -13Nov 3 11:08:44 localhost kernel: CIFS VFS: cifs_mount failed w/return code = -13查看[root@linuxea.com /home/sxxzx2019/smb]# ll /data/Remotely_backup_data/ 总用量 1 drwxr-xr-x 2 root root 0 7月 19 14:20 1 -rwxr-xr-x 1 root root 25 7月 19 13:59 test.txt.txt已经可以使用其他？https://www.tuxera.com/community/open-source-ntfs-3g/ https://github.com/tuxera/ntfs-3g/releases $ command tar xf ntfs-3g_ntfsprogs-2017.3.23.tgz cd ntfs-3g_ntfsprogs-2017.3.23 ./configure make make install mount -o username=mark//10.100.163.119/backups共享目录即可创建用户mark创建目录backups安全组权限共享文件权限123安装SMBmount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)开启smb检测Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol Disable-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolSMB 服务器上 SMBv1检测Get-SmbServerConfiguration | Select EnableSMB1ProtocolPS C:\Users\Administrator> Get-SmbServerConfiguration | Select EnableSMB1Protocol EnableSMB1Protocol ------------------ True禁用Set-SmbServerConfiguration -EnableSMB1Protocol $false启用Set-SmbServerConfiguration -EnableSMB1Protocol $trueSMB 服务器上 SMB v2/v3检测：Get-SmbServerConfiguration | Select EnableSMB2Protocol禁用：Set-SmbServerConfiguration -EnableSMB2Protocol $false启用：Set-SmbServerConfiguration -EnableSMB2Protocol $true1PS C:\Users\Administrator> Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol Path : Online : True Restart Needed : FalsePS C:\Users\Administrator> Get-WindowsOptionalFeature -Online -FeatureName SMB1Protocol Feature Name : SMB1Protocol Display Name : SMB 1.0/CIFS 文件共享支持 Description : 支持 SMB 1.0/CIFS 文件共享协议和计算机浏览器协议。 Restart Required : Possible State : Enabled Custom Properties : ServerComponent\Description : 支持 SMB 1.0/CIFS 文件共享协议和计算机浏览器协议。 ServerComponent\DisplayName : SMB 1.0/CIFS 文件共享支持 ServerComponent\Id : 487 ServerComponent\Type : Feature ServerComponent\UniqueName : FS-SMB1 ServerComponent\Deploys\Update\Name : SMB1Protocol参考如何在 Windows 中检测、启用和禁用 SMBv1、SMBv2 和 SMBv3[[mount.cifs: mount error(112): Host is down]](https://serverfault.com/questions/830817/mount-cifs-mount-error112-host-is-down)what port or ports are used for File sharing in windows?Windows Server 2012 关闭445 135 139等端口安全设置快速构建丝滑的ftpserver上传和下载

ssh使用root拉取和批量执行命令 1，文件分发，批量命令执行2，拉取文件SSH配置文件！GSSAPIAuthentication noUseDNS nossh-copy-id -i .ssh/id_dsa.pub 如果不是22端口ssh-copy-id -i "-p 2222 linuxea@nfs"指定用户做分发：在做之前，通常我们不适用root远程登录，在本次案例中使用root，和非root提权[root@NFS-server ~]# useradd linuxea [root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/linuxea/.ssh/id_dsa): Created directory '/home/linuxea/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxea/.ssh/id_dsa. Your public key has been saved in /home/linuxea/.ssh/id_dsa.pub. The key fingerprint is: 1b:3c:32:ee:fa:7e:b7:b5:84:83:42:14:7c:f8:28:f7 linuxea@NFS-server The key's randomart image is: +--[ DSA 1024]----+ | ... | | o.. | | .+ | | ..o.. | | o+.S | | o oE= . | | o o o o | | . .. .+ . | | .++. .... | +-----------------+ [linuxea@NFS-server ~]$ ls -l .ssh/ total 8 -rw------- 1 linuxea linuxea 672 Dec 26 01:59 id_dsa---------私钥 -rw-r--r-- 1 linuxea linuxea 608 Dec 26 01:59 id_dsa.pub-----公钥 [linuxea@NFS-server ~]$ 如果端口不是22：则ssh-copy-id -i id_dsa.pub "ip 2222 root@10.0.0.54"[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub root@10.0.0.54 The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established. RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts. root@10.0.0.54's password: Now try logging into the machine, with "ssh 'root@10.0.0.54'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 当我们面对小规模时候，使用linux复制一些文件，如hosts，如dns文件都可以使用这样的方式进行发送当把秘钥已经做好了，就可以发送这些文件，可以单台，也可以多台单台：[linuxea@NFS-server ~]$ scp -P22 /etc/hosts root@10.0.0.55 多台写个简单脚本即可！[linuxea@NFS-server ~]$ vim hosts.sh scp -P22 /etc/hosts root@10.0.0.51 echo ===================================== scp -P22 /etc/hosts root@10.0.0.52 echo ===================================== scp -P22 /etc/hosts root@10.0.0.53 echo ===================================== scp -P22 /etc/hosts root@10.0.0.55 [linuxea@NFS-server ~]$ sh hosts.sh 也可以这样：写一个脚本，运行时输入需要复制的文件或目录，，并且打印出结果！如下：如果不输入内容则输出结果！[linuxea@NFS-server ~]$ vim hosts.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ] then echo "USAGE:$0 {FILE NAME|DIR NAME}" exit 1 fi for n in 53 54 55 do scp -P22 -r $1 root@10.0.0.$n:~ &>/dev/null if [ $? -eq 0 ] then action "file put ok $!" /bin/true else action "file put ok $!" /bin/false fi done 运行脚本，并且输入需要复制的文件路径/etc/hosts[linuxea@NFS-server ~]$ sh hosts.sh /etc/hosts file put ok [ OK ] file put ok [ OK ] file put ok [ OK ] [linuxea@NFS-server ~]$ 如果不输入则提示：[linuxea@NFS-server ~]$ bash hosts.sh USAGE:hosts.sh {FILE NAME|DIR NAME} [linuxea@NFS-server ~]$ 优化二：修改上面的脚本进行远程传递参数：[linuxea@NFS-server ~]$ cat command.sh #!/bin/sh if [ $# -ne 1 ] then echo "USAGE:$0 COMMAND" exit 1 fi for n in 53 54 55 do ssh -p22 root@10.0.0.$n $1 done 运行并且输出需要传递的参数，用“/sbin/ifconfig eth1"[linuxea@NFS-server ~]$ sh command.sh "/sbin/ifconfig eth1" eth1 Link encap:Ethernet HWaddr 00:0C:29:6A:AB:0F inet addr:10.0.0.53 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe6a:ab0f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1069 errors:0 dropped:0 overruns:0 frame:0 TX packets:619 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:98330 (96.0 KiB) TX bytes:60915 (59.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:88:53:53 inet addr:10.0.0.54 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe88:5353/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1097 errors:0 dropped:0 overruns:0 frame:0 TX packets:652 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:104498 (102.0 KiB) TX bytes:64988 (63.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:CE:B5:7D inet addr:10.0.0.55 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fece:b57d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:730 errors:0 dropped:0 overruns:0 frame:0 TX packets:354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:77161 (75.3 KiB) TX bytes:48873 (47.7 KiB) [linuxea@NFS-server ~]$ 查看版本号！[linuxea@NFS-server ~]$ sh command.sh "cat /etc/redhat-release" CentOS release 6.6 (Final) CentOS release 6.6 (Final) CentOS release 6.6 (Final) [linuxea@NFS-server ~]$ 关于错误的权限问题，1，/etc/下的内容大部分是没有写权限的，如果是root则可以，上面则是root权限在使用2, 把需要分发的文件cp到服务器家目录，然后sudo提权复制分发文件到对于的权限目录3, 将操作命令做成suid4， saltstack，puppet等！

linux下发送系统邮件的两种方式 ssh秘钥分发useradd linuxea[linuxea@NFS-server ~]$ useradd linuxea [linuxea@NFS-server ~]$ echo 123|passwd --stdin linuxea 实现本地登录远程免秘钥[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 实现本地用户让远程用户免密码登录！[linuxea@NFS-server ~]$ scp -p .ssh/id_dsa linuxea@10.0.0.53:~/.ssh [linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.52 发邮件[root@NFS-server ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@NFS-server ~]# su - linuxea^C [root@NFS-server ~]# lsof -i :25 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 5223 root 12u IPv4 45229 0t0 TCP localhost:smtp (LISTEN) master 5223 root 13u IPv6 45231 0t0 TCP localhost:smtp (LISTEN) [root@NFS-server ~]# mail -s "linuxea title" 734943463@qq.com </etc/hosts [root@NFS-server ~]# mailq Mail queue is empty [root@NFS-server ~]# ![1.png][1] if [ -s "/var/log/backupSQLfile.log" ] then mail -s "$(date +%F-%T) backup" 734943463@qq.com <</var/log/backSQLfail.log >/var/log/backSQLfile.log fi163:[root@NFS-server ~]# vim /etc/mail.rc #######set mail set from=usertzc@163.com smtp=smtp.163.com set smtp-auth-user=usertzc smtp-auth-password=password smtp-auth=login [root@NFS-server ~]# mail -s linuxea 734943463@qq.com < /etc/rc.local

小环境中利用ssh的sudo提权分发文件用法 利用ssh的sudo提权分发1.在10.0.0.55上创建用户，添加密码，并且给用户sudo权限[root@NFS-BACKUP home]# useradd linuxea [root@NFS-BACKUP home]# echo 123|passwd --stdin linuxea [root@NFS-BACKUP home]# echo 'linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync'>>/e^C/sudoers [root@NFS-BACKUP home]# grep linuxea /etc/sudoers linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync [root@NFS-BACKUP home]# visudo -c /etc/sudoers: parsed OK [root@NFS-BACKUP home]# 2.在10.0.0.52上将秘钥传输过去[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 linuxea@10.0.0.55's password: Now try logging into the machine, with "ssh 'linuxea@10.0.0.55'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 3，在分发端，将文件复制到对方的linuxea家目录[linuxea@NFS-server ~]$ scp -P22 -r /etc/hosts linuxea@10.0.0.55:~ hosts 100% 182 0.2KB/s 00:00 在对端家目录使用sudo rsync 将文件复制到/etc/ [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 sudo rsync hosts /etc/ Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 'cat /etc/hosts' 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ 4，脚本实现：脚本的实现也需要在远端机器创建用户和visudo授权使用rsync命令1，编辑脚本[linuxea@NFS-server ~]$ cat sudolocal.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ] then echo "USAGE:$0 Local->RemoteHost" exit 1 fi for n in 53 54 55 do echo ==========================10.0.0.$n====================== scp -P22 -r $1 linuxea@10.0.0.$n:~ &>/dev/null &&\ ssh -t linuxea@10.0.0.$n sudo rsync $1 $2 &>/dev/null if [ $? -eq 0 ] then action "Local->RemoteHost $!" /bin/true else action "Local->RemoteHost $!" /bin/false fi done [linuxea@NFS-server ~]$ 在root下复制到linuxea的家目录[root@NFS-server ~]# cp /etc/hosts /home/linuxea/切换价目路，把hosts文件发到远端的/etc/下[root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ bash sudolocal.sh hosts /etc ==========================10.0.0.53====================== Local->RemoteHost [ OK ] ==========================10.0.0.54====================== Local->RemoteHost [ OK ] ==========================10.0.0.55====================== Local->RemoteHost [ OK ] [linuxea@NFS-server ~]$ 查看[linuxea@NFS-server ~]$ bash command.sh "cat /etc/hosts" =========10.0.0.53==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.54==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.55==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [linuxea@NFS-server ~]$ 其它方式：修改rsync权限，不安全chmod 4755 /usr/bin/rsyncscp -P22 -r hosts linuxea@10.0.0.8:~ssh -t linuxea@10.0.0.8 rsync ~/hosts /etc/