为了深入学习Linux系统，安装CentOS 7的时候选择了min安装，故需要进行一些配置，才能进行实验。本文记录了“本地yum源”、“ssh远程连接”、“重置root密码”的配置步骤。

一、CentOS 7配置本地yum源

选择最小安装后很多软件默认不会安装，此时如果网络没有配置好的话（大概率事件），是无法使用yum管理工具进行软件安装的。但可以配置本地yum源，来完成一些初始软件的安装。

1.首先将iso安装镜像挂载到虚拟机上，然后连接DVD虚拟设备。

图1 ISO挂载

2.在CentOS系统执行下面的挂载命令

[root@localhost ~]# mkdir -p /mnt/cdrom[root@localhost ~]# mount /dev/sr0 /mnt/cdrommount: /dev/sr0 is write-protected, mounting read-only# 将镜像挂载到目录/mnt/cdrom里，查看一下内容[root@localhost ~]# ls /mnt/cdrom/CentOS_BuildTag  GPL       LiveOS    RPM-GPG-KEY-CentOS-7EFI              images    Packages  RPM-GPG-KEY-CentOS-Testing-7EULA             isolinux  repodata  TRANS.TBL

3.修改本地的yum源为本地源

[root@localhost ~]# cd /etc/yum.repos.d/[root@local yum.repos.d]# lltotal 32-rw-r--r--. 1 root root 1664 Sep  5  2019 CentOS-Base.repo-rw-r--r--. 1 root root 1309 Sep  5  2019 CentOS-CR.repo-rw-r--r--. 1 root root  649 Sep  5  2019 CentOS-Debuginfo.repo-rw-r--r--. 1 root root  314 Sep  5  2019 CentOS-fasttrack.repo-rw-r--r--. 1 root root  630 Sep  5  2019 CentOS-Media.repo-rw-r--r--. 1 root root 1331 Sep  5  2019 CentOS-Sources.repo-rw-r--r--. 1 root root 6639 Sep  5  2019 CentOS-Vault.repo# 备份默认yum源[root@local yum.repos.d]# mkdir repoBackup[root@local yum.repos.d]# mv CentOS-Base.repo repoBackup/[root@local yum.repos.d]# touch CentOS-local.repo[root@localhost yum.repos.d]# vi CentOS-local.repo# 输入如下内容[c7-local]name=CentOS-$releasever-localbaseurl= 保存退出，使用下面的命令清空、重建yum缓存[root@local yum.repos.d]# yum clean allLoaded plugins: fastestmirrorCleaning repos: base c7-local extras updatesCleaning up list of fastest mirrors[root@local yum.repos.d]# yum makecacheLoaded plugins: fastestmirrorLoading mirror speeds from cached hostfilec7-local                                                 | 3.6 kB     00:00(1/4): c7-local/group_gz                                   | 165 kB   00:00(2/4): c7-local/filelists_db                               | 3.3 MB   00:00(3/4): c7-local/primary_db                                 | 3.2 MB   00:00(4/4): c7-local/other_db                                   | 1.3 MB   00:00Metadata Cache Created# 验证本地yum源是否可用[root@localhost yum.repos.d]# yum list|grep httpdhttpd.x86_64                            2.4.6-67.el7.centos            @c7-mediahttpd-tools.x86_64                      2.4.6-67.el7.centos            @c7-mediahttpd-devel.x86_64                      2.4.6-67.el7.centos            c7-media httpd-manual.noarch                     2.4.6-67.el7.centos            c7-media libmicrohttpd.x86_64                    0.9.33-2.el7                   c7-media

最后能够看到相应的软件包列表，说明本地yum源配置成功，可以正常使用yum命令安装其他的软件了。另外，国内使用默认yum源进行软件安装大概率会慢，此时可以通过配置阿里云yum源来解决，步骤如下：

# 第一步：备份原有镜像源mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/repoBackup/CentOS-Base.repo.bak # 第二步：下载阿里云的镜像源（要先安装wget）# 如果是centos 6的系统就将文件名改为Centos-6.repowget -O /etc/yum.repo.d/CentOS-Base.repo  第三步 ：清空、重置缓存yum clean allyum makecache# 当然，也可选择恢复为官方yum源 rpm -Uvh --force -***版本

1.安装net-tools工具，不然无法使用netstat命令

yum -y install net-tools

2.查看确认是否已经安装ssh服务

yum list installed | grep openssl

有如下输出表示已经安装ssh服务，可以直接去第4步进行ssh配置。如果什么也没提示，说明没有安装，需要运行第3步安装ssh服务。

图2 openssl是否安装

3.安装ssh服务

yum install openssh-server

4.修改sshd服务配置文件

vi /etc/ssh/sshd_config 

配置如下：

#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $# This is the sshd server system-wide configuration file.  See# sshd_config(5) for more information.# This sshd was compiled with PATH=/usr/local/bin:/usr/bin# The strategy used for options in the default sshd_config shipped with# OpenSSH is to specify options with their default value where# possible, but leave them commented.  Uncommented options override the# default value.# If you want to change the port on a SELinux system, you have to tell# SELinux about this change.# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER#Port 22#AddressFamily any#ListenAddress 0.0.0.0#ListenAddress ::HostKey /etc/ssh/ssh_host_rsa_key#HostKey /etc/ssh/ssh_host_dsa_keyHostKey /etc/ssh/ssh_host_ecdsa_keyHostKey /etc/ssh/ssh_host_ed25519_key# Ciphers and keying#RekeyLimit default none# Logging#SyslogFacility AUTHSyslogFacility AUTHPRIV#LogLevel INFO# Authentication:#LoginGraceTime 2mPermitRootLogin yes#StrictModes yes#MaxAuthTries 6#MaxSessions 10PubkeyAuthentication yes# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2# but this is overridden so installations will only check .ssh/authorized_keysAuthorizedKeysFile      .ssh/authorized_keys#AuthorizedPrincipalsFile none#AuthorizedKeysCommand none#AuthorizedKeysCommandUser nobody# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts#HostbasedAuthentication no# Change to yes if you don't trust ~/.ssh/known_hosts for# HostbasedAuthentication#IgnoreUserKnownHosts no# Don't read the user's ~/.rhosts and ~/.shosts files#IgnoreRhosts yes# To disable tunneled clear text passwords, change to no here!#PasswordAuthentication yes#PermitEmptyPasswords noPasswordAuthentication yes# Change to no to disable s/key passwords#ChallengeResponseAuthentication yesChallengeResponseAuthentication no# Kerberos options#KerberosAuthentication no#KerberosOrLocalPasswd yes#KerberosTicketCleanup yes#KerberosGetAFSToken no#KerberosUseKuserok yesps -e # GSSAPI optionsGSSAPIAuthentication yesGSSAPICleanupCredentials no#GSSAPIStrictAcceptorCheck yes#GSSAPIKeyExchange no#GSSAPIEnablek5users no# Set this to 'yes' to enable PAM authentication, account processing,# and session processing. If this is enabled, PAM authentication will# be allowed through the ChallengeResponseAuthentication and# PasswordAuthentication.  Depending on your PAM configuration,# PAM authentication via ChallengeResponseAuthentication may bypass# the setting of "PermitRootLogin without-password".# If you just want the PAM account and session checks to run without# PAM authentication, then enable this but set PasswordAuthentication# and ChallengeResponseAuthentication to 'no'.# WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may caus                                                                                                             e several# problems.UsePAM yes#AllowAgentForwarding yes#AllowTcpForwarding yes#GatewayPorts noX11Forwarding yes#X11DisplayOffset 10#X11UseLocalhost yes#PermitTTY yes#PrintMotd yes#PrintLastLog yes#TCPKeepAlive yes#UseLogin no#UsePrivilegeSeparation sandbox#PermitUserEnvironment no#Compression delayed#ClientAliveInterval 0#ClientAliveCountMax 3#ShowPatchLevel noUseDNS no#PidFile /var/run/sshd.pid#MaxStartups 10:30:100#PermitTunnel no#ChrootDirectory none#VersionAddendum none# no default banner path#Banner none# Accept locale-related environment variablesAcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGESAcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENTAcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGEAcceptEnv XMODIFIERS# override default of no subsystemsSubsystem       sftp    /usr/libexec/openssh/sftp-server# Example of overriding settings on a per-user basis#Match User anoncvs#       X11Forwarding no#       AllowTcpForwarding no#       PermitTTY no#       ForceCommand cvs server

其中，以下参数一定要设置正确：

Port 22#AddressFamily any#ListenAddress 0.0.0.0#ListenAddress ::PermitRootLogin yesPasswordAuthentication yesUseDNS no

5.开启ssh服务

systemctl restart sshd

6.查看ssh服务是否开启

ps -e | grep sshdnetstat -an | grep 22

CentOS 7的root密码有时候会忘记，此时需要在开机时进行重置操作。实验系统版本：CentOS Linux release 7.7.1908 (Core)，步骤如下。

1.重启系统，在开机选择界面按e键，进入编辑界面

图3 开机按e键

2.进入如下界面，通过下键↓，找到设置语言的地方（LANG=en_US.UTF-8），在后面追加rw single init=/bin/bash,然后按ctrl+x重启系统

图4 追加命令

3.重启后会进入bash界面，输入passwd命令重新设置root密码

图5 重置密码

4.如果开启了SELinux，执行命令touch /.autorelabel（不确定的话，把命令执行一遍也不会有问题）

5.输入exec /sbin/init命令重启系统

6.使用新设置的密码进入系统之后，为了安全起见，可以输入reboot重新启动一次系统