查看日志
docker logs -f 容器名称
https://www.cnblogs.com/faberbeta/p/jumpserver002.html
docker jumpserver管理
cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
cd /opt/jumpserver
./jms stop
./jms start -d
[root@localhost ~]# cat 1.sh
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
[root@localhost ~]# cat docker.sh
/usr/bin/docker run --name jms_all -d -v /opt/jumpserver:/opt/jumpserver/data/media -p 80:80 -p 2222:2222 -e SECRET_KEY=ApbTWlqc6GHD6i7LvTlDqdd1VGkPTi7fkFWoObESWAJCbgszh5 -e BOOTSTRAP_TOKEN=f05Nxhls8UI6B2Fa -e DB_HOST=192.168.2.119 -e DB_PORT=3306 -e DB_USER=root -e DB_PASSWORD=test -e DB_NAME=jumpserver -e REDIS_HOST=192.168.2.119 -e REDIS_PORT=6379 -e REDIS_PASSWORD=test --network=bridge jumpserver/jms_all:latest
[root@localhost ~]#
清除防火墙
iptables-t nat -F #清除原有的nat表中的规则
iptables -F #清除原有的filter有中的规则
防火墙
使用命令:systemctl status firewalld.service
开启命令:systemctl enable firewalld.service
关闭命令:systemctl disable firewalld.service
查看
getenforce
1
或者
/usr/sbin/sestatus -v
1
临时禁用
setenforce
1
永久禁用
# vim /etc/selinux/config
# 将SELINUX=enforce改成SELINUX=disabled
# 保存,重启
网络转发
1.临时开启,(写入内存,在内存中开启)
echo "1" > /proc/sys/net/ipv4/ip_forward
2.永久开启,(写入内核)
在 vim /etc/sysctl.conf 下
加入此行 net.ipv4.ip_forward = 1
sysctl -p ----加载一下
[root@localhost ~]# sysctl -a |grep "ip_forward" ----查看一下
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
用户管理新建用户后ssh 新建用户名@服务器 -p2222
centos7 jumpserver极速部署
https://jumpserver.readthedocs.io/zh/master/install/setup_by_fast/
mac ssh
root@testdeAir:/Users/test/Downloads# ssh -i yansiyu_openssh yansiyu@127.0.0.1 -p123456 私钥
root@openmediavault:/etc# scp apt.tar.gz root@192.168.2.243:/tmp/
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:P6LrLShkEyC/1C4gz0QwVQEIlqkCHp/+ZQad67pLP58.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:6
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.2.243
ECDSA host key for 192.168.2.243 has changed and you have requested strict checking.
Host key verification failed.
lost connection
root@openmediavault:/etc# ssh-keygen -f "/root/.ssh/known_hosts" -R 192.168.2.243
# Host 192.168.2.243 found: line 6
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
官网文档 http://docs.jumpserver.org/zh/docs/
https://blog.csdn.net/my_bai/article/details/62226474
http://www.51niux.com/?id=174
http://www.saunix.cn/2229.html
$ cd /opt $ source /opt/py3/bin/activate
资产授权|授权规则
cd /opt/coco
先执行
./cocod start
然后打开http://192.168.2.234:8080/terminal/terminal/
点击接受
用户管理|用户列表 进入后台网页的账号密码
资产管理|管理用户 资产主机的root账号或者sudo nopassword账号,jumpserver服务器用这个账号来创建系统用户
资产管理|系统用户 jumpserver服务器登录资产主机用的账号
管理群晖的话只能用admin或者root系统用户
对于mac要行ssh用户
