During the period of double 11, we started a cloud server, which took a week or two for filing, and finally passed the filing. So we installed Docker containers on the personal server for deployment projects, and prepared to pack all services into containers as much as possible, so as to facilitate unified management and operation and maintenance
So we use docker to set up nginx as the reverse proxy server, which is responsible for request distribution. We use nginx to deploy static blogs, and mysql to expose personal projects
However, a journey of a thousand miles starts from the step, and everything starts from logging in and logging out of the remote server. This article is based on CentOS 7.6 environment, and does not guarantee the normal of other environments
Environmental preparation
Server requirements
If you already have a cloud server or virtual machine server, you need to first verify whether the ssh service is installed on the server. If not, you need to install it in advance
After logging in to the server, enter rpm -qa | grep ssh in the command line window to see if ssh related files are included
[root@snowdreams1006 ~]# rpm -qa | grep ssh openssh-clients-7.4p1-16.el7.x86_64 libssh2-1.4.3-12.el7_6.2.x86_64 openssh-server-7.4p1-16.el7.x86_64 openssh-7.4p1-16.el7.x86_64
By default, run the netstat -antp | grep sshd command. You can see that the port the sshd service listens to is the default 22 port
[root@snowdreams1006 ~]# netstat -antp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1051/sshd tcp 0 0 *.*.*.*:22 *.*.*.*:46797 ESTABLISHED 17334/sshd: root@pt
In fact, the general ECS has pre installed the ssh service. If the above output is not available, the ssh service may not be installed. You can use Yum install openssh server to install it
Here are some common commands about sshd, as follows
- View sshd running status
systemctl status sshd
If the running result includes active (running), the sshd service is proved to be active. If it is active (dead), the service is shut down
[root@snowdreams1006 ~]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Five 2019-11-29 21:05:08 CST; 16h ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 1051 (sshd) Tasks: 1 Memory: 10.9M CGroup: /system.slice/sshd.service └─1051 /usr/sbin/sshd -D
- Start | shut down | restart sshd service
systemctl start sshd
It can be started again when sshd has been closed. If it has been started, the result will not be output, but it is still starting
systemctl stop sshd
When the sshd is running, the service can be stopped. If it has been stopped, the result will not be output, but it is still stopping
systemctl restart sshd
When the sshd is running or stopped, the service can be restarted. Although no result is output, it has been started
- Turn on self start and disable self start of sshd service
systemctl list-unit-files | grep enabled
View all boot services. If sshd is included, sshd has joined the boot service. If not, it will not boot
systemctl list-unit-files | grep enabled | grep sshd
If there are a lot of start-up services, the naked eye can not directly see whether sshd is self started. Based on the previous command, add a grep sshd to filter whether the sshd service is included
systemctl enable sshd
Power on self start service. If some services are very important and need to run in the background all the time, it is better to add power on self start service, so as to prevent the server from forgetting to start services after it is shut down and restarted accidentally, such as sshd service and docker service, etc
systemctl disable sshd
To disable the bootstrap service, run systemctl list unit files | grep enabled | grep sshd to check whether the current service will be bootstrap
If you don't have a server yet, but want to learn and experience it, you can either buy a server immediately or install a virtual machine for free, or collect it first and then watch it!
For the small partners who buy the server immediately, please contact me by private mail and purchase with my promotion link. You have a discount and I have a share. Why not?
I want to buy ECS , it's better to leave a message or send a private message to me!
For users who install the virtual machine experience for free, you can install it according to your own operating system, refer to the following tweets, and contact me if you have any questions!
I want to install virtual machine , it's better to leave a message or send a private message to me!
Here are the previous tweets about what a virtual machine is and how to install a Centos server. You can click to read them directly
This paper mainly introduces what is virtual machine and how to install a VMware virtual machine for Windows computer
On the basis that Windows computer has installed VMware virtual machine, a Centos image has its own Centos server
This paper mainly introduces what is virtual machine and how to install a VMware virtual machine for Mac
On the basis that the Mac has installed the VMware virtual machine, a Centos image has its own Centos server
Client requirements
Because the login server needs to use the ssh protocol, first you need to verify whether the local client command line supports the ssh protocol
Open the command line you are using and enter ssh directly. If you have the following prompt to prove it is OK, please install the command line terminal supporting ssh protocol
If you are a Mac user, open the default terminal and enter ssh to return the usage instructions, which proves that ssh protocol is supported
snowdreams1006$ ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]
Terminal terminal of Mac supports ssh protocol, and Git Bash command line of Windows also supports it!
If you are a Windows user who is using cmd command line window and unfortunately does not support ssh protocol, please select unix like terminal for operation
Microsoft Windows [version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\Administrator>ssh 'ssh' is not an internal or external command, nor is it a runnable program Or batch file. C:\Users\Administrator>
Windows users may wish to install Git for Windows The default Git Bash command line is easy to use, simpler and more elegant than the cmd terminal, giving you a kind of unix Operation experience
Command line login
The premise of ssh login to the server is to know the account password. First, set the password login mode, and then use ssh mode for password free login
In general, the password is set by yourself. If you don't know how much the default password is, you can ask the cloud server manufacturer or choose to reset the password. I won't go into details here. Suppose you already know the server password and the public ip address of the server
Next, we will log in to the ECS remotely from the command line of the local client, from the most simple and convenient password login to the password free key login to the last alias login. Hurry up and follow me!
Friendly tip: please make sure that the server has enabled the sshd service and the local client command line to support the ssh protocol, otherwise, it is better to collect it first and then watch it!
Password login
Open the familiar command-line terminal, run the SSH < login account > @ < server public network IP > command to log in to the remote ECS directly
$ ssh root@snowdreams1006.cn @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:/RJ5aI+c41Brr1dcBMhdNHQJa7daP+8fbupqsGmHRHc. Please contact your system administrator. Add correct host key in /c/Users/Administrator/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /c/Users/Administrator/.ssh/known_hosts:5 ECDSA host key for 121.40.223.69 has changed and you have requested strict checking. Host key verification failed.
Because my domain name, snowdreams1006.cn, has been successfully filed and resolved, I can directly use the domain name instead of ip here. To be clear, I'm still lazy. Who can't remember the ip!
If you do not encounter the above prompt, Congratulations, you can then enter the account password to log in to the server!
If you encounter this problem like me, it is likely that you have logged in to the server before, but then the server reinstalls the system, resulting in the inability to log in. You can clear the local machine ~ /. ssh/known_hosts and log in again
rm -rf ~/.ssh/known_hosts
Forcibly delete the ~ /. ssh/known_hosts file, and then log in to the remote cloud server at ssh root@snowdreams1006.cn again. Follow the prompts to choose to continue connecting yes, and then enter your password password. After successful login, you will enter the home directory by default
$ ssh root@snowdreams1006.cn The authenticity of host 'snowdreams1006.cn (*.*.*.*)' can't be established. ECDSA key fingerprint is SHA256:/**********************************. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'snowdreams1006.cn,*.*.*.*' (ECDSA) to the list of known hosts. root@snowdreams1006.cn's password: Last login: *** from *.*.*.* Welcome to Alibaba Cloud Elastic Compute Service ! [root@snowdreams1006 ~]#
I've come here all the time. I don't want to leave anything behind. I'd like to tell others that I've been in the future, so I'll do whatever I want
- Wukong has a tour here
[root@snowdreams1006 ~]# whoami root
whoami who am I: view the user name being logged in
[root@snowdreams1006 ~]# pwd /root
pwd where am I: print the current directory path
[root@snowdreams1006 ~]# who -u root tty1 2019-11-29 21:05 Old Five hundred and ninety-six root pts/0 2019-11-30 14:15 . 17506 (115.217.243.122) root pts/1 2019-11-30 14:28 00:05 17533 (115.217.243.122)
who -u who else: print system login user
[root@snowdreams1006 ~]# last -a | head -6 root pts/1 Sat Nov 30 14:28 still logged in 115.217.243.122 root pts/0 Sat Nov 30 14:15 still logged in 115.217.243.122 root pts/0 Sat Nov 30 13:10 - 13:51 (00:41) 115.217.243.122 root pts/0 Sat Nov 30 12:24 - 12:25 (00:00) 115.217.243.122 root pts/1 Fri Nov 29 22:08 - 23:12 (01:03) 112.17.241.55 root pts/0 Fri Nov 29 21:33 - 22:13 (00:39) 112.17.241.55
last -a | head -6 who is last: print last login user
- I don't seem to know you
If you find that there are other login users or you don't remember that you have logged in or logged out of other terminals, you should kick out these login terminals
If you want to kick out others, first of all, you need to log in to which terminal is you, and you can't kick yourself, that's funny!
who am i only prints the login name without the login terminal information, but who am i displays more information. Here, remember the name of the current user's login terminal!
[root@snowdreams1006 ~]# who am i root pts/0 *** (*.*.*.*)
who am i: who am i, more information than whoami shows
who -u can show all login users, but it is recommended to use w to view login user terminal information, because fewer commands are typed in!
[root@snowdreams1006 ~]# w 14:53:04 up 17:48, 3 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 Five 2117:46m 0.00s 0.00s -bash root pts/0 115.217.243.122 14:15 0.00s 0.81s 0.00s w root pts/1 115.217.243.122 14:51 1:37 0.00s 0.00s -bash
Who-u and w can view the login user terminal information. pts/0 is the current login terminal, and other terminals pts/1 can be kicked out
# pkill -kill -t pts/1
Pkill - Kill - t PTS / < s / N > after the login terminal is kicked out, the kicked out terminal will automatically exit showing that the connection is closed
[root@snowdreams1006 ~]# w 14:58:46 up 17:53, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root tty1 Five 2117:52m 0.00s 0.00s -bash root pts/0 115.217.243.122 14:15 6.00s 0.83s 0.00s w
w: anyone, check the login terminal again after kicking out other terminals and find that there is no pts/1, which proves that the operation is successful!
- Go home, wash and sleep
Log in to the server to check some information and successfully kick out other terminals. It's dark. It's time to wash and sleep. At this time, you need to exit the server and return to the command line of the local client
[root@snowdreams1006 ~]# exit //Logout Connection to ssh.snowdreams1006.cn closed.
In addition to typing in the command exit, you can also type in the shortcut key Ctrl+D to exit the connection
Key login
Generally speaking, password login is more suitable for infrequently used occasions. It's no problem to log in occasionally with a terminal. If you need to log in to a remote server frequently, it's more difficult to log in every time you connect
Since you don't need a password to log in, how can you prove your identity to ensure the legitimacy of the login request?
Here we need to use a key instead of a password to log in. First, generate an authentication information on the local client, and then install the authentication information into the remote server. As long as this operation is completed, it means that the next login request from the client is legal. Otherwise, how can the server have your authentication information?
So, it can be guessed that even if the same account uses different authentication information, the remote server will still have the saved authentication information. For example, your Mac has realized password free login, but your Windows has not uploaded its own authentication information, so password free login is only valid for Mac!
Of course, if the Mac and Windows computers have the same authentication information, can the server save a copy of it and log in without password?
The answer is: right!
It can be seen that key login is for terminal equipment, especially for common terminals. Do not set the key when occasionally going to the computer, or you will forget that one day, people can directly log in to your server. How terrible!
Therefore, to complete the password free login, two operations are needed, one is to generate the authentication file from the local client, the other is to save the authentication file from the remote server
- Local client generates public key
$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv snowdreams1006@163.com
~/The. ssh/id_rsa.pub file is called the public key. That is, the authentication file used to send to the server can be disclosed to the Internet. As long as the server keeps the public key, the local client generating the public key can connect to the server without secret
If your local client does not have the file, you can use SSH keygen-t RSA to generate a copy, enter the relevant information as prompted, and then run cat ~/.ssh/id_rsa.pub again to view the specific content of the public key file
- Remote server receives public key
The local client can complete the password free login by appending the content of its own public key file to the authorization file of the remote server. So, where is the public key file stored?
The answer is: ~ /. ssh/authorized_keys
[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv snowdreams1006@163.com
As you can see here, the ~ /. SSH / authorized [keys] content of the remote server contains the ~ /. SSH / ID [u RSA. Pub public key content of the local client
So the next action is to copy and paste the contents of the ~ /. ssh/id_rsa.pub public key file of the local client to the ~ /. ssh/authorized_keys file of the remote server
Only vim operation is needed here, which is the only challenge for novices, but we also have artifact to simplify this copy and paste operation!
That is: ssh-copy-id root@snowdreams1006.cn
First, make sure that the local client has generated the public key. Here, take a look at the contents of the public key file: cat ~/.ssh/id_rsa.pub
$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9+c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcOUix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTEX0xmi6o1r5xP Administrator@snowdreams1006
This is a Windows computer. No password free login is configured before the demonstration, so after ssh-copy-id root@snowdreams1006.cn is executed, it should also support password free login like a Mac
$ ssh-copy-id root@snowdreams1006.cn /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/c/Users/Administrator/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@snowdreams1006.cn's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@snowdreams1006.cn'" and check to make sure that only the key(s) you wanted were added.
Next, use the Mac computer that has already signed in to the remote server to verify whether the public key of the Windows computer has been added to the ~ /. ssh/authorized_keys of the remote server
[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv snowdreams1006@163.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9+c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcOUix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTEX0xmi6o1r5xP Administrator@snowdreams1006
As you can see, the remote server has saved the content of the public key file just uploaded by the Windows computer, so SSH copy ID is just a magic weapon, and there is no need to copy and paste the public key manually anymore!
As for what you can do after login, I think you can still visit here and kick out other terminals by the way. Finally, don't forget to exit the login exit command!
Alias login
No matter password login or key login, we use ssh protocol to login, and the configuration of key login also depends on password login. In any case, there are many commands typed in by both!
How can't I log in quickly?
The answer is: Yes!
Since you want to log in quickly, but the login information is absolutely necessary, so you have to write the necessary login information to the configuration file, and then read the configuration file to log in
The principle is well understood. The key is that we need to implement the process ourselves?
Fortunately: no!
Similarly, edit the ssh configuration file to set some login information. The configuration file is located in ~ /. ssh/config
Host < host ID > User < login account > Hostname < hostname >
According to the above format, the login information is configured as follows:
Host github.com User snowdreams1006 Hostname ssh.github.com Host snowdreams1006.cn User root Hostname ssh.snowdreams1006.cn
Among them, Host is the only identification for external exposure. Through Host, account and ip can be replaced. Is it simplified that two become one?
The original login command was SSH < login account > @ < server public IP > and now SSH < host ID >
$ ssh snowdreams1006.cn Last login: **** from *.*.*.* Welcome to Alibaba Cloud Elastic Compute Service ! [root@snowdreams1006 ~]#
Graphical login
It is recommended to connect the SecureCRT graphical tool to the Linux instance remotely. The graphical tool is basically easy to use. After configuration, you can log in successfully. Here is an example of Windows computer to demonstrate the relevant process
After the first login, the quick connect configuration will pop up, which is basically about the service domain name port and other configuration items with no password
Click Connect to pop up whether to add host fingerprint or not. Select accept and save
Enter the password and select OK, then connect to the server
All the people have come. I'd better give you a random order before you leave!
Cloud service login
Log in to the console to find the ECS server, and then find your own ECs, so remote connection - > connection password - > user name / password, and then you can log in successfully!
Retrospective summary
Password login and key login are both suitable scenarios. If you think password login is not safe, you can also disable password login and only keep key login!
Log in to the server remotely, locate the / etc / SSH / SSH? Config file and edit the following to disable password login
Host * PasswordAuthentication no
- Password login
$SSH < login account > @ < server public IP >
ssh root@snowdreams1006.cn
- Key login
$SSH < login account > @ < server public IP >
ssh root@snowdreams1006.cn
- Simplified login
$ ssh <Host id>
ssh snowdreams1006.cn
Read more
- Enable SSH Server service under CentOS
- linux remote connection ssh prompt it is possible the solution is doing solution
- View and set Linux 7 boot
- SSH introduction and two methods of remote login
- Fast ssh free server login configuration
- linux information view and command
- Kick out the logged in user under linux
- Installing SecureCRT on Mac
- SecureCRT 8.1.4 cracking tutorial
If this article is helpful to you, you don't need to appreciate it or forward it. Just click the "like" message to encourage you!
