{ "version": "https:\/\/jsonfeed.org\/version\/1.1", "title": "Мастер Alt Linux: заметки с тегом ssh", "_rss_description": "Sysadmin, System Administrator, системное администрирование, сетевое администрирование, настройка первого модуля, настройка второго модуля, модуль 1 сетевое администрирование, модуль 2 системное администрирование, Alt Linux, HQ-RTR, BR-RTR, HQ-SRV, BR-SRV, HQ-CLI, ISP, VLAN, IPv4, NAT, iptables, GRE tunnel, OSPF, FRR, DHCP, DNS, SSH, Samba DC, Samba domain, au-team.irpo, sudoers, RAID 0, mdadm, NFS, chrony, Ansible, Docker, docker compose, MariaDB, Apache, PHP, Yandex Browser, hostnamectl, \/etc\/net\/ifaces, systemctl, sshd_config, Port 2026, samba-tool, gpupdate, ansible ping pong, docker compose up, СИСА, DEMO2026, DEMO2026 бюджет БУ, настройка DEMO2026, Альт Виртуализация, VirtualBox, ОС Альт, EcoRouterOS, Модуль 1 Настройка сетевой инфраструктуры, Модуль 4 Настройка сетевой инфраструктуры,", "_rss_language": "ru", "_itunes_email": "", "_itunes_categories_xml": "", "_itunes_image": false, "_itunes_explicit": "no", "home_page_url": "https:\/\/test3.716.su\/tags\/ssh\/", "feed_url": "https:\/\/test3.716.su\/tags\/ssh\/json\/", "icon": false, "authors": [ { "name": "Мастер Alt Linux", "url": "https:\/\/test3.716.su\/", "avatar": false } ], "items": [ { "id": "5", "url": "https:\/\/test3.716.su\/all\/1-5\/", "title": "Трюк 1-5 (последний трюк первого сезона). Как настроить вторичный сервер и самый главный клиент на ALT Linux", "content_html": "

1. Настроить имя устройства:<\/h2>\n
hostnamectl hostname br-srv.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre>
2. Настроить внутренние интерфейсы:<\/h2>\n
echo 'TYPE=eth' > \/etc\/net\/ifaces\/ens18\/options\necho '192.168.3.2\/26' > \/etc\/net\/ifaces\/ens18\/ipv4address\necho 'default via 192.168.3.1' > \/etc\/net\/ifaces\/ens18\/ipv4route\necho $'search au-team.irpo\\nnameserver 192.168.100.2' > \/etc\/net\/ifaces\/ens18\/resolv.conf\nsystemctl restart network\nping hq-srv -c 3<\/code><\/pre>
3. Настроить пользователя SSH :<\/h2>\n
(sshuser)<\/p>\n
useradd -u 2026 sshuser\necho "sshuser:P@ssw0rd" | chpasswd\nusermod -aG wheel sshuser\necho "WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL" > \/etc\/sudoers.d\/sshuser\nsu -l sshuser\nsudo id<\/code><\/pre>
4. Включить SSH<\/h2>\n
echo "Authorized access only" > \/etc\/openssh\/banner\necho -e "Port 2026\\nMaxAuthTries 2\\nAllowUsers sshuser\\nBanner \/etc\/openssh\/banner\\n" >> \/etc\/openssh\/sshd_config\nsystemctl restart sshd\nss -ltnp | grep sshd \n\nssh sshuser@127.0.0.1 -p 2026<\/code><\/pre>
5. На самом главном клиенте ставить тег VLAN на интерфейс<\/h2>\n
6. По-быстрому настроить самый главный клиент<\/h2>\n
hostnamectl hostname hq-cli.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre>
и проверить IP<\/p>\n
ip -br -c a<\/code><\/pre>",
            "summary": "(sshuser)",
            "date_published": "2026-06-03T12:35:27+07:00",
            "date_modified": "2026-06-03T12:35:23+07:00",
            "tags": [
                "br-srv",
                "ens18",
                "ssh",
                "sshuser",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:35:27 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "5",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": false,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        },
        {
            "id": "4",
            "url": "https:\/\/test3.716.su\/all\/1-4\/",
            "title": "Трюк 1-4. Как настроить самый главный сервер на ALT Linux",
            "content_html": "
0. Поставить тег VLAN на интерфейс.<\/h2>\n
1. Настроить имя устройства:<\/h2>\n
hostnamectl hostname hq-srv.au-team.irpo\n\texec bash\ntimedatectl set-timezone Asia\/Novosibirsk<\/code><\/pre>
2. Настроить внутренние интерфейсы:<\/h2>\n
echo 'TYPE=eth' > \/etc\/net\/ifaces\/ens18\/options\necho '192.168.100.2\/27' > \/etc\/net\/ifaces\/ens18\/ipv4address\necho 'default via 192.168.100.1' > \/etc\/net\/ifaces\/ens18\/ipv4route\necho 'nameserver 8.8.8.8' > \/etc\/net\/ifaces\/ens18\/resolv.conf\nsystemctl restart network\nping zz.ru -c3<\/code><\/pre>
3. Настроить пользователя SSH :<\/h2>\n
(sshuser)<\/p>\n
useradd -u 2026 sshuser\necho "sshuser:P@ssw0rd" | chpasswd\nusermod -aG wheel sshuser\necho "WHEEL_USERS ALL=(ALL:ALL) NOPASSWD: ALL" > \/etc\/sudoers.d\/sshuser\nsu -l sshuser\nsudo id<\/code><\/pre>
4. Включить SSH<\/h2>\n
echo "Authorized access only" > \/etc\/openssh\/banner\necho -e "Port 2026\\nMaxAuthTries 2\\nAllowUsers sshuser\\nBanner \/etc\/openssh\/banner\\n" >> \/etc\/openssh\/sshd_config\nsystemctl restart sshd\nss -ltnp | grep sshd \n\nssh sshuser@127.0.0.1 -p 2026<\/code><\/pre>
5. Установить необходимое ПО<\/h2>\n
apt-get update && apt-get install bind bind-utils -y<\/code><\/pre>
6. Сменить DNS<\/h2>\n
echo $'search au-team.irpo\\nnameserver 127.0.0.1' > \/etc\/net\/ifaces\/ens18\/resolv.conf<\/code><\/pre>
7. Настроить DNS:<\/h2>\n
rndc-confgen -a -c \/etc\/bind\/rndc.key\n+++\n\ncat <<'EOF' > \/etc\/bind\/options.conf\nlogging { };\noptions {\n listen-on { localnets; 127.0.0.1; };\n forwarders { 77.88.8.7; 77.88.8.3; };\n recursion yes;\n allow-recursion { any; };\n allow-query { any; };\n dnssec-validation no;\n \n directory "\/etc\/bind\/zone";\n dump-file "\/var\/run\/named\/named_dump.db";\n statistics-file "\/var\/run\/named\/named.stats";\n recursing-file "\/var\/run\/named\/named.recursing"; \n secroots-file "\/var\/run\/named\/named.scroots";\n pid-file none;\n};\nzone "au-team.irpo" {\n type master;\n file "au-team.irpo";\n};\nzone "168.192.in-addr.arpa" {\n type master;\n file "168.192.in-addr.arpa";\n};\nEOF<\/code><\/pre>
Файлы зоны — обратной:<\/p>\n
cat <<'EOF' > \/etc\/bind\/zone\/168.192.in-addr.arpa\n$TTL  1D\n@    IN   SOA   au-team.irpo. root.au-team.irpo. (\n                2025020600 ; serial\n                12H        ; refresh\n                1H         ; retry\n                1W         ; expire\n                1H         ; ncache\n            )\n      IN   NS    au-team.irpo.\n1.100 IN   PTR   hq-rtr.au-team.irpo.\n2.100 IN   PTR   hq-srv.au-team.irpo.\n2.200 IN   PTR   hq-cli.au-team.irpo.\nEOF<\/code><\/pre>
Запустить DNS:<\/p>\n
chown :named \/etc\/bind\/zone\/au-team.irpo \/etc\/bind\/zone\/168.192.in-addr.arpa\nsystemctl enable --now bind\n\nservice network restart\nhost br-rtr\nhost -t PTR 192.168.100.2<\/code><\/pre>
9. Настроить часовой пояс:<\/h2>\n
timedatectl set-timezone Azia\/Novosibirsk<\/code><\/pre>",
            "summary": "(sshuser)",
            "date_published": "2026-06-03T12:31:29+07:00",
            "date_modified": "2026-06-03T12:31:26+07:00",
            "tags": [
                "bind",
                "dns",
                "ens18",
                "hq-rtr",
                "ssh",
                "sshuser",
                "vlan",
                "Все трюки"
            ],
            "_date_published_rfc2822": "Wed, 03 Jun 2026 12:31:29 +0700",
            "_rss_guid_is_permalink": "false",
            "_rss_guid": "4",
            "_rss_enclosures": [],
            "_e2_data": {
                "is_favourite": true,
                "links_required": [
                    "highlight\/highlight.js",
                    "highlight\/highlight.css"
                ],
                "og_images": []
            }
        }
    ],
    "_e2_version": 4199,
    "_e2_ua_string": "Aegea 11.5 (v4199e)"
}