Operation and MaintenanceLinux Operation and MaintenanceExample tutorial on using Alibaba Cloud ECS server
Make a brief summary of the problem here for reference. The title says that I am a novice, but in fact I am not completely a novice. I still know some common Linux commands, but I lack the overall grasp and control of the Linux system. Here is a brief summary of what I did last Sunday. some things.
1, make ssh login more secure
(1) The most unsafe method: directly ssh root@ip address, and then You are prompted to enter your password and the login is successful. That is, logging in as root with password verification. This method is probably the most unsafe. The reason why it is unsafe: The password can be cracked by brute force. Once cracked, the intruder will directly gain root privileges, which is very scary. So how can you improve security? See item (2).
(2) looks safer than (1), but still has security risks: disable the remote ssh login function of the root account, create an account user without root permissions, and use this account to log in via ssh. After ssh login, if you need root permissions, switch via su. Reasons why it is unsafe: Passwords can still be cracked by brute force. Although root privileges cannot be obtained immediately after cracking, if an intruder cracks the password of the root account, root privileges can still be obtained. The relevant configuration file in Linux is:
vi /etc/ssh/sshd_config PermitRootLogin no #禁用root账户远程ssh登录
Add user command:
# 添加新用户 user add username # 为新用户设置密码 passwd username
(3) Better login Method: SSH key login. Generate a key pair on the client that needs to log in, then upload the public key to the server, store the private key on the client, and then log in through the key. In this way, only after the intruder obtains your private key can you log in to the server. This method is safer and more convenient than the password verification method. The relevant configuration file in Linux is:
1 vi /etc/ssh/sshd_config2 PasswordAuthentication no #禁用口令登录3 PubkeyAuthentication yes #允许公钥认证4 RSAAuthentication yes #rsa认证5 AuthorizedKeysFile .ssh/authorized_keys #相关ssh授权文件
2. What to do when encountering network problems such as ping failure and website inaccessibility
Alibaba Cloud's help documentation provides methods for handling common network problems. There is a lot of content, you can refer to it here. Here is a rough summary:
(1) It is easier to determine that the ping failure is indeed a network problem. Then just follow the relevant documents to check one by one. Generally, it is because of the firewall ( iptables) or security group.
(2) The situation where the website cannot be accessed is more complicated. When the website cannot be accessed, you can ask yourself the following questions to clarify the troubleshooting ideas: 1. My server firewall Are the security groups and security groups set correctly? The main purpose here is to troubleshoot network problems and ensure that the corresponding port can be accessed by the public network. Second, if there is no problem with the network, what server is my website running on and whether the server is running normally, that is, whether the web service on the server is running normally. For example, nginx is commonly used as a web server. Check whether it is running normally. You can use ps and other commands to check. 3. How to check the web server? Let’s take nginx as an example. (1) Which port does it monitor? Is the port it monitors disabled by the firewall? Is this port also monitored by other processes? You can use the lsof -i tcp:80 and netstat commands to check whether the port is open and monitored. (2) Whether the nginx configuration file is correct, whether the root directory of the website can be normally accessed by the nginx process, etc.
The above is the detailed content of Example tutorial on using Alibaba Cloud ECS server. For more information, please follow other related articles on the PHP Chinese website!
如何在 RHEL 9 上配置 DHCP 服务器Jun 08, 2023 pm 07:02 PMDHCP是“动态主机配置协议DynamicHostConfigurationProtocol”的首字母缩写词,它是一种网络协议,可自动为计算机网络中的客户端系统分配IP地址。它从DHCP池或在其配置中指定的IP地址范围分配客户端。虽然你可以手动为客户端系统分配静态IP,但DHCP服务器简化了这一过程,并为网络上的客户端系统动态分配IP地址。在本文中,我们将演示如何在RHEL9/RockyLinux9上安装和配置DHCP服务器。先决条件预装RHEL9或RockyLinux9具有sudo管理权限的普
在容器中怎么使用nginx搭建上传下载的文件服务器May 15, 2023 pm 11:49 PM一、安装nginx容器为了让nginx支持文件上传,需要下载并运行带有nginx-upload-module模块的容器:sudopodmanpulldocker.io/dimka2014/nginx-upload-with-progress-modules:latestsudopodman-d--namenginx-p83:80docker.io/dimka2014/nginx-upload-with-progress-modules该容器同时带有nginx-upload-module模块和ng
vue3项目打包发布到服务器后访问页面显示空白怎么解决May 17, 2023 am 08:19 AMvue3项目打包发布到服务器后访问页面显示空白1、处理vue.config.js文件中的publicPath处理如下:const{defineConfig}=require('@vue/cli-service')module.exports=defineConfig({publicPath:process.env.NODE_ENV==='production'?'./':'/&
服务器怎么使用Nginx部署Springboot项目May 14, 2023 pm 01:55 PM1,将java项目打成jar包这里我用到的是maven工具这里有两个项目,打包完成后一个为demo.jar,另一个为jst.jar2.准备工具1.服务器2.域名(注:经过备案)3.xshell用于连接服务器4.winscp(注:视图工具,用于传输jar)3.将jar包传入服务器直接拖动即可3.使用xshell运行jar包注:(服务器的java环境以及maven环境,各位请自行配置,这里不做描述。)cd到jar包路径下执行:nohupjava-jardemo.jar>temp.txt&
python中怎么使用TCP实现对话客户端和服务器May 17, 2023 pm 03:40 PMTCP客户端一个使用TCP协议实现可连续对话的客户端示例代码:importsocket#客户端配置HOST='localhost'PORT=12345#创建TCP套接字并连接服务器client_socket=socket.socket(socket.AF_INET,socket.SOCK_STREAM)client_socket.connect((HOST,PORT))whileTrue:#获取用户输入message=input("请输入要发送的消息:&
Linux怎么在两个服务器直接传文件May 14, 2023 am 09:46 AMscp是securecopy的简写,是linux系统下基于ssh登陆进行安全的远程文件拷贝命令。scp是加密的,rcp是不加密的,scp是rcp的加强版。因为scp传输是加密的,可能会稍微影响一下速度。另外,scp还非常不占资源,不会提高多少系统负荷,在这一点上,rsync就远远不及它了。虽然rsync比scp会快一点,但当小文件众多的情况下,rsync会导致硬盘I/O非常高,而scp基本不影响系统正常使用。场景:假设我现在有两台服务器(这里的公网ip和内网ip相互传都可以,当然用内网ip相互传
如何使用psutil模块获取服务器的CPU、内存和磁盘使用率?May 07, 2023 pm 10:28 PMpsutil是一个跨平台的Python库,它允许你获取有关系统进程和系统资源使用情况的信息。它支持Windows、Linux、OSX、FreeBSD、OpenBSD和NetBSD等操作系统,并提供了一些非常有用的功能,如:获取系统CPU使用率、内存使用率、磁盘使用率等信息。获取进程列表、进程状态、进程CPU使用率、进程内存使用率、进程IO信息等。杀死进程、发送信号给进程、挂起进程、恢复进程等操作。使用psutil,可以很方便地监控系统的运行状况,诊断问题和优化性能。以下是一个简单的示例,演示如何
怎么在同一台服务器上安装多个MySQLMay 29, 2023 pm 12:10 PM一、安装前的准备工作在进行MySQL多实例的安装前,需要进行以下准备工作:准备多个MySQL的安装包,可以从MySQL官网下载适合自己环境的版本进行下载:https://dev.mysql.com/downloads/准备多个MySQL数据目录,可以通过创建不同的目录来支持不同的MySQL实例,例如:/data/mysql1、/data/mysql2等。针对每个MySQL实例,配置一个独立的MySQL用户,该用户拥有对应的MySQL安装路径和数据目录的权限。二、基于二进制包安装多个MySQL实例
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
Dreamweaver CS6
Visual web development tools
Dreamweaver Mac version
Visual web development tools
Notepad++7.3.1
Easy-to-use and free code editor
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
