SSH服务优化

#新增密钥
mkdir ~/.ssh

cat > ~/.ssh/authorized_keys  <<'EOF'
#JumpServer
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr/IG9wmpiw9BEJEj2VP3YwFXQrI8dLExfdJsXz0ZrrOJh41gOq6FbJVqzEiq9wZbmwYstR3nHe2aBYXcWsqX8cHtYOtleKKlNcGlDdW7IksxJhxriSbxhy9advdCvCWkPlXvKlYyHR4CqnZ2UnTA3vItkDES8xYy5JI1AjkdRc9h0hIK9ek//IlZiFDLMxU9rhNNNWgQ1wzsNwNpM5G/pYu9D3AxblAv5LGhRdGJseh+n97YvnNmxYNhy2qdRfmD8fztAKxSPFX+8uGnCOmpDv1QJI9j5JIK2//rTdEF5sNJdN0aXEf2O1rRPedvzPXqW78WLeIz8X7GncscJzobRw== rsa JumpServer
EOF

#确认sshd服务配置文件
sed -i 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g;s@#PasswordAuthentication yes@PasswordAuthentication no@g' /etc/ssh/sshd_config
sed -i 's|.*AuthorizedKeysFile.*|AuthorizedKeysFile .ssh/authorized_keys|g' /etc/ssh/sshd_config

#重启sshd服务
systemctl restart sshd.service

系统基本软件优化

#安装拓展源
yum install -y epel-release

#建立软件源缓存
yum clean all && yum makecache

#安装基本常用软件
yum install -y wget lrzsz tree bash-completion vim yum-utils nfs-utils autofs net-tools chrony htop iftop git open-vm-tools

其他相关优化

#关闭防火墙和Selinux
sed -i 's|^SELINUX=.*|SELINUX=disabled|g' /etc/selinux/config && setenforce 0
systemctl disable firewalld.service && systemctl stop firewalld.service

#最大文件数量调整
echo "* soft nofile 1000000" >> /etc/security/limits.conf
echo "* hard nofile 1000000" >> /etc/security/limits.conf
echo '* -    nofile 1000000' >> /etc/security/limits.conf
ulimit -n 1000000

#关闭历史命令
echo "export HISTFILESIZE=0" >> ~/.bash_profile
echo 'PS1="\[\e[33;1m\][\u@\h \W]\\$ \[\e[0m\]"' >> ~/.bashrc

#开启时间同步
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp yes

#开启新的BASH
bash

#关闭IPV6地址
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p

删除缓存文件

#CentOS7
rm -rf /var/lib/yum/*
rm -rf /var/cache/yum/*

#CentOS8以及以上版本
rm -rf /var/lib/dnf/*
rm -rf /var/cache/dnf/*