Set up the server login and logout remote server from scratch

Keywords: Linux ssh Windows Mac CentOS

During the period of double 11, we started a cloud server, which took a week or two for filing, and finally passed the filing. So we installed Docker containers on the personal server for deployment projects, and prepared to pack all services into containers as much as possible, so as to facilitate unified management and operation and maintenance

So we use docker to set up nginx as the reverse proxy server, which is responsible for request distribution. We use nginx to deploy static blogs, and mysql to expose personal projects

However, a journey of a thousand miles starts from the step, and everything starts from logging in and logging out of the remote server. This article is based on CentOS 7.6 environment, and does not guarantee the normal of other environments

Environmental preparation

Server requirements

If you already have a cloud server or virtual machine server, you need to first verify whether the ssh service is installed on the server. If not, you need to install it in advance

After logging in to the server, enter rpm -qa | grep ssh in the command line window to see if ssh related files are included

[root@snowdreams1006 ~]# rpm -qa | grep ssh

By default, run the netstat -antp | grep sshd command. You can see that the port the sshd service listens to is the default 22 port

[root@snowdreams1006 ~]# netstat -antp | grep sshd
tcp        0      0    *               LISTEN      1051/sshd           
tcp        0      0 *.*.*.*:22        *.*.*.*:46797   ESTABLISHED 17334/sshd: root@pt 

In fact, the general ECS has pre installed the ssh service. If the above output is not available, the ssh service may not be installed. You can use Yum install openssh server to install it

Here are some common commands about sshd, as follows

  • View sshd running status
systemctl status  sshd

If the running result includes active (running), the sshd service is proved to be active. If it is active (dead), the service is shut down

[root@snowdreams1006 ~]# systemctl status  sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Five 2019-11-29 21:05:08 CST; 16h ago
     Docs: man:sshd(8)
 Main PID: 1051 (sshd)
    Tasks: 1
   Memory: 10.9M
   CGroup: /system.slice/sshd.service
           └─1051 /usr/sbin/sshd -D
  • Start | shut down | restart sshd service
systemctl start  sshd

It can be started again when sshd has been closed. If it has been started, the result will not be output, but it is still starting

systemctl stop  sshd

When the sshd is running, the service can be stopped. If it has been stopped, the result will not be output, but it is still stopping

systemctl restart  sshd

When the sshd is running or stopped, the service can be restarted. Although no result is output, it has been started

  • Turn on self start and disable self start of sshd service
systemctl list-unit-files | grep enabled

View all boot services. If sshd is included, sshd has joined the boot service. If not, it will not boot

systemctl list-unit-files | grep enabled | grep sshd

If there are a lot of start-up services, the naked eye can not directly see whether sshd is self started. Based on the previous command, add a grep sshd to filter whether the sshd service is included

systemctl enable sshd

Power on self start service. If some services are very important and need to run in the background all the time, it is better to add power on self start service, so as to prevent the server from forgetting to start services after it is shut down and restarted accidentally, such as sshd service and docker service, etc

systemctl disable sshd

To disable the bootstrap service, run systemctl list unit files | grep enabled | grep sshd to check whether the current service will be bootstrap

If you don't have a server yet, but want to learn and experience it, you can either buy a server immediately or install a virtual machine for free, or collect it first and then watch it!

For the small partners who buy the server immediately, please contact me by private mail and purchase with my promotion link. You have a discount and I have a share. Why not?

I want to buy ECS , it's better to leave a message or send a private message to me!

For users who install the virtual machine experience for free, you can install it according to your own operating system, refer to the following tweets, and contact me if you have any questions!

I want to install virtual machine , it's better to leave a message or send a private message to me!

Here are the previous tweets about what a virtual machine is and how to install a Centos server. You can click to read them directly

This paper mainly introduces what is virtual machine and how to install a VMware virtual machine for Windows computer

On the basis that Windows computer has installed VMware virtual machine, a Centos image has its own Centos server

This paper mainly introduces what is virtual machine and how to install a VMware virtual machine for Mac

On the basis that the Mac has installed the VMware virtual machine, a Centos image has its own Centos server

Client requirements

Because the login server needs to use the ssh protocol, first you need to verify whether the local client command line supports the ssh protocol

Open the command line you are using and enter ssh directly. If you have the following prompt to prove it is OK, please install the command line terminal supporting ssh protocol

If you are a Mac user, open the default terminal and enter ssh to return the usage instructions, which proves that ssh protocol is supported

snowdreams1006$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
           [-w local_tun[:remote_tun]] destination [command]

Terminal terminal of Mac supports ssh protocol, and Git Bash command line of Windows also supports it!

If you are a Windows user who is using cmd command line window and unfortunately does not support ssh protocol, please select unix like terminal for operation

Microsoft Windows [version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

 'ssh' is not an internal or external command, nor is it a runnable program
 Or batch file.


Windows users may wish to install Git for Windows The default Git Bash command line is easy to use, simpler and more elegant than the cmd terminal, giving you a kind of unix Operation experience

Command line login

The premise of ssh login to the server is to know the account password. First, set the password login mode, and then use ssh mode for password free login

In general, the password is set by yourself. If you don't know how much the default password is, you can ask the cloud server manufacturer or choose to reset the password. I won't go into details here. Suppose you already know the server password and the public ip address of the server

Next, we will log in to the ECS remotely from the command line of the local client, from the most simple and convenient password login to the password free key login to the last alias login. Hurry up and follow me!

Friendly tip: please make sure that the server has enabled the sshd service and the local client command line to support the ssh protocol, otherwise, it is better to collect it first and then watch it!

Password login

Open the familiar command-line terminal, run the SSH < login account > @ < server public network IP > command to log in to the remote ECS directly

$ ssh
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /c/Users/Administrator/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /c/Users/Administrator/.ssh/known_hosts:5
ECDSA host key for has changed and you have requested strict checking.
Host key verification failed.

Because my domain name,, has been successfully filed and resolved, I can directly use the domain name instead of ip here. To be clear, I'm still lazy. Who can't remember the ip!

If you do not encounter the above prompt, Congratulations, you can then enter the account password to log in to the server!

If you encounter this problem like me, it is likely that you have logged in to the server before, but then the server reinstalls the system, resulting in the inability to log in. You can clear the local machine ~ /. ssh/known_hosts and log in again

rm -rf ~/.ssh/known_hosts

Forcibly delete the ~ /. ssh/known_hosts file, and then log in to the remote cloud server at ssh again. Follow the prompts to choose to continue connecting yes, and then enter your password password. After successful login, you will enter the home directory by default

$ ssh
The authenticity of host ' (*.*.*.*)' can't be established.
ECDSA key fingerprint is SHA256:/**********************************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ',*.*.*.*' (ECDSA) to the list of known hosts.'s password:
Last login: *** from *.*.*.*

Welcome to Alibaba Cloud Elastic Compute Service !

[root@snowdreams1006 ~]#

I've come here all the time. I don't want to leave anything behind. I'd like to tell others that I've been in the future, so I'll do whatever I want

  • Wukong has a tour here
[root@snowdreams1006 ~]# whoami

whoami who am I: view the user name being logged in

[root@snowdreams1006 ~]# pwd

pwd where am I: print the current directory path

[root@snowdreams1006 ~]#  who -u
root     tty1         2019-11-29 21:05  Old         Five hundred and ninety-six
root     pts/0        2019-11-30 14:15   .         17506 (
root     pts/1        2019-11-30 14:28 00:05       17533 (

who -u who else: print system login user

[root@snowdreams1006 ~]# last -a | head -6
root     pts/1        Sat Nov 30 14:28   still logged in
root     pts/0        Sat Nov 30 14:15   still logged in
root     pts/0        Sat Nov 30 13:10 - 13:51  (00:41)
root     pts/0        Sat Nov 30 12:24 - 12:25  (00:00)
root     pts/1        Fri Nov 29 22:08 - 23:12  (01:03)
root     pts/0        Fri Nov 29 21:33 - 22:13  (00:39)

last -a | head -6 who is last: print last login user

  • I don't seem to know you

If you find that there are other login users or you don't remember that you have logged in or logged out of other terminals, you should kick out these login terminals

If you want to kick out others, first of all, you need to log in to which terminal is you, and you can't kick yourself, that's funny!

who am i only prints the login name without the login terminal information, but who am i displays more information. Here, remember the name of the current user's login terminal!

[root@snowdreams1006 ~]# who am i
root     pts/0        *** (*.*.*.*)

who am i: who am i, more information than whoami shows

who -u can show all login users, but it is recommended to use w to view login user terminal information, because fewer commands are typed in!

[root@snowdreams1006 ~]# w
 14:53:04 up 17:48,  3 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1                      Five 2117:46m  0.00s  0.00s -bash
root     pts/0  14:15    0.00s  0.81s  0.00s w
root     pts/1  14:51    1:37   0.00s  0.00s -bash

Who-u and w can view the login user terminal information. pts/0 is the current login terminal, and other terminals pts/1 can be kicked out

# pkill -kill -t pts/1

Pkill - Kill - t PTS / < s / N > after the login terminal is kicked out, the kicked out terminal will automatically exit showing that the connection is closed

[root@snowdreams1006 ~]# w
 14:58:46 up 17:53,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1                      Five 2117:52m  0.00s  0.00s -bash
root     pts/0  14:15    6.00s  0.83s  0.00s w

w: anyone, check the login terminal again after kicking out other terminals and find that there is no pts/1, which proves that the operation is successful!

  • Go home, wash and sleep

Log in to the server to check some information and successfully kick out other terminals. It's dark. It's time to wash and sleep. At this time, you need to exit the server and return to the command line of the local client

[root@snowdreams1006 ~]# exit
Connection to closed.

In addition to typing in the command exit, you can also type in the shortcut key Ctrl+D to exit the connection

Key login

Generally speaking, password login is more suitable for infrequently used occasions. It's no problem to log in occasionally with a terminal. If you need to log in to a remote server frequently, it's more difficult to log in every time you connect

Since you don't need a password to log in, how can you prove your identity to ensure the legitimacy of the login request?

Here we need to use a key instead of a password to log in. First, generate an authentication information on the local client, and then install the authentication information into the remote server. As long as this operation is completed, it means that the next login request from the client is legal. Otherwise, how can the server have your authentication information?

So, it can be guessed that even if the same account uses different authentication information, the remote server will still have the saved authentication information. For example, your Mac has realized password free login, but your Windows has not uploaded its own authentication information, so password free login is only valid for Mac!

Of course, if the Mac and Windows computers have the same authentication information, can the server save a copy of it and log in without password?

The answer is: right!

It can be seen that key login is for terminal equipment, especially for common terminals. Do not set the key when occasionally going to the computer, or you will forget that one day, people can directly log in to your server. How terrible!

Therefore, to complete the password free login, two operations are needed, one is to generate the authentication file from the local client, the other is to save the authentication file from the remote server

  1. Local client generates public key
$ cat ~/.ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv

~/The. ssh/ file is called the public key. That is, the authentication file used to send to the server can be disclosed to the Internet. As long as the server keeps the public key, the local client generating the public key can connect to the server without secret

If your local client does not have the file, you can use SSH keygen-t RSA to generate a copy, enter the relevant information as prompted, and then run cat ~/.ssh/ again to view the specific content of the public key file

  1. Remote server receives public key

The local client can complete the password free login by appending the content of its own public key file to the authorization file of the remote server. So, where is the public key file stored?

The answer is: ~ /. ssh/authorized_keys

[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv

As you can see here, the ~ /. SSH / authorized [keys] content of the remote server contains the ~ /. SSH / ID [u RSA. Pub public key content of the local client

So the next action is to copy and paste the contents of the ~ /. ssh/ public key file of the local client to the ~ /. ssh/authorized_keys file of the remote server

Only vim operation is needed here, which is the only challenge for novices, but we also have artifact to simplify this copy and paste operation!

That is: ssh-copy-id

First, make sure that the local client has generated the public key. Here, take a look at the contents of the public key file: cat ~/.ssh/

$ cat ~/.ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9+c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcOUix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTEX0xmi6o1r5xP Administrator@snowdreams1006

This is a Windows computer. No password free login is configured before the demonstration, so after ssh-copy-id is executed, it should also support password free login like a Mac

$ ssh-copy-id
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/c/Users/Administrator/.ssh/"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ''"
and check to make sure that only the key(s) you wanted were added.

Next, use the Mac computer that has already signed in to the remote server to verify whether the public key of the Windows computer has been added to the ~ /. ssh/authorized_keys of the remote server

[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxugN/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlFwAHxELr2bbTv
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9+c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcOUix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTEX0xmi6o1r5xP Administrator@snowdreams1006

As you can see, the remote server has saved the content of the public key file just uploaded by the Windows computer, so SSH copy ID is just a magic weapon, and there is no need to copy and paste the public key manually anymore!

As for what you can do after login, I think you can still visit here and kick out other terminals by the way. Finally, don't forget to exit the login exit command!

Alias login

No matter password login or key login, we use ssh protocol to login, and the configuration of key login also depends on password login. In any case, there are many commands typed in by both!

How can't I log in quickly?

The answer is: Yes!

Since you want to log in quickly, but the login information is absolutely necessary, so you have to write the necessary login information to the configuration file, and then read the configuration file to log in

The principle is well understood. The key is that we need to implement the process ourselves?

Fortunately: no!

Similarly, edit the ssh configuration file to set some login information. The configuration file is located in ~ /. ssh/config

Host < host ID >
User < login account >
Hostname < hostname >

According to the above format, the login information is configured as follows:

User snowdreams1006

User root

Among them, Host is the only identification for external exposure. Through Host, account and ip can be replaced. Is it simplified that two become one?

The original login command was SSH < login account > @ < server public IP > and now SSH < host ID >

$ ssh
Last login: **** from *.*.*.*

Welcome to Alibaba Cloud Elastic Compute Service !

[root@snowdreams1006 ~]# 

Graphical login

It is recommended to connect the SecureCRT graphical tool to the Linux instance remotely. The graphical tool is basically easy to use. After configuration, you can log in successfully. Here is an example of Windows computer to demonstrate the relevant process

After the first login, the quick connect configuration will pop up, which is basically about the service domain name port and other configuration items with no password

Click Connect to pop up whether to add host fingerprint or not. Select accept and save

Enter the password and select OK, then connect to the server

All the people have come. I'd better give you a random order before you leave!

Cloud service login

Log in to the console to find the ECS server, and then find your own ECs, so remote connection - > connection password - > user name / password, and then you can log in successfully!

Retrospective summary

Password login and key login are both suitable scenarios. If you think password login is not safe, you can also disable password login and only keep key login!

Log in to the server remotely, locate the / etc / SSH / SSH? Config file and edit the following to disable password login

Host *
  PasswordAuthentication no
  • Password login
$SSH < login account > @ < server public IP >


  • Key login
$SSH < login account > @ < server public IP >


  • Simplified login
$ ssh <Host id>


Read more

If this article is helpful to you, you don't need to appreciate it or forward it. Just click the "like" message to encourage you!

Posted by kikidonc on Mon, 02 Dec 2019 03:31:57 -0800