Linux优化-ssh配置
1. linux常用工具安装
1.1. 麒麟系统
1.下载repo源文件 [root@study01 /etc/yum.repos.d]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo 2.下载常用工具软件 [root@study01 /etc/yum.repos.d]# yum install -y tree telnet vim wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect1.2. debian/ubuntu系统
1.配置sources.list文件 [root@zbl /etc/apt]# vim sources.list deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse # deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse # deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse 2.更新apt源 [root@zbl /etc/apt]# apt update 3.下载常用工具软件 [root@zbl /etc/apt]# apt install -y tree telnet vim lrzsz wget unzip1.3. rocky linux系统
1.下载yum源文件 [root@zbl /etc/yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-9.noarch.rpm 2.安装常用工具软件 [root@zbl /etc/yum.repos.d]# yum install -y tree telnet vim wget bash-completion lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect2. ubuntu经典故障之apt
2.1. ubuntu自动更新
原因:
系统在进行检查更新或更新与当前apt命令冲突
解决:
等待更新完成后再操作
2.2. permission denied权限拒绝
所有操作使用root用户,普通用户运行报错
解决:切换到root用户操作
2.3. 403 forbidden拒绝
原因:
源文件有问题
解决:
修改源文件
2.4. apt install 的时候提示unable to locate package无法定位软件包
原因:
1.修改apt源配置没有执行apt update
2.apt 源文件有问题
解决:
1.重新apt update
1.修改apt源文件
2.5. atp update更新失败
原因:
无法上网
解决:
修改网卡配置文件
netplan apply
networkctl reload
[root@zbl /etc/apt]# cat /etc/netplan/00-installer-config.yaml # This is the network config written by 'subiquity' network: ethernets: ens33: addresses: - 10.0.0.202/24 nameservers: addresses: - 223.5.5.5 - 223.6.6.6 search: [] routes: - to: default via: 10.0.0.2 version: 2 [root@zbl /etc/apt]# netplan apply [root@zbl /etc/apt]# networkctl reload3. 命令行颜色
3.1. 麒麟,红帽
[root@kylin210 ~]# echo "export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\\$ '" >>/etc/profile [root@kylin210 ~]# source /etc/profile3.2. ubuntu
[root@ubt212 ~]# echo "export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\\$ '" >>~/.bashrc [root@ubt212 ~]# source .bashrc3.3. rocky linux
[root@rocky203 ~]# echo "export PS1='[\[\e[34;1m\]\u@\[\e[0m\]\[\e[32;1m\]\H\[\e[0m\]\[\e[31;1m\] \w\[\e[0m\]]\\$ '" >>/etc/profile [root@rocky203 ~]# source /etc/profile4. 关闭防火墙和selinux
4.1. firewalld(红帽,麒麟)
1.查看服务状态 [root@kylin210 ~]# systemctl status firewalld 2.关闭防火墙 [root@kylin210 ~]# systemctl disable firewalld --now 3.查看服务状态 [root@kylin210 ~]# systemctl status firewalld4.2. ufw(ubuntu系统)
1.查看服务状态 [root@kylin210 ~]# systemctl status ufw.service 2.关闭防火墙 [root@kylin210 ~]# systemctl disable ufw.service --now 3.查看服务状态 [root@ubt202 ~]# systemctl status ufw.service4.3. selinux
# 美国国家安全局,对Linux增强安全,一般关闭 # 麒麟系统默认关闭,ubuntu默认没安装5. openssh
5.1. 麒麟,红帽
[root@kylin210 ~]# vim /etc/ssh/sshd_config Port 52113 # 默认22修改为52113 PermitRootLogin yes [root@kylin210 ~]# systemctl restart sshd [root@kylin210 ~]# ss -tunlp5.2. ubuntu
[root@ubt202 ~]# vim /etc/ssh/sshd_config Port 52113 # 默认22修改为52113 #PermitRootLogin prohibit-password # 修改为yes 就是允许root登录 [root@ubt202 ~]# systemctl restart sshd [root@ubt202 ~]# ss -tunlp5.3. rocky linux
[root@rocky203 ~]# vim /etc/ssh/sshd_config Port 52113 # 默认22修改为52113 #PermitRootLogin prohibit-password [root@rocky203 ~]# systemctl restart sshd [root@rocky203 ~]# ss -tunlp