Ubuntu初次使用
openssh安装
Ubuntu默认未安装openssh-server,会导致服务器IP配置后,IP能ping通,但ssh无法连接
1. 查看系统openssh是否安装
ubuntu@ubuntu:~$ dpkg -l | grep -i openssh
ii openssh-client 1:8.4p1-5ubuntu1 amd64 secure shell (SSH) client, for secure access to remote machines
ubuntu@ubuntu:~$
2. apt安装
PS:apt安装后相关文件会存在/var/cache/apt/archives内,可拷贝出来后通过dpkg -i *.deb安装
buntu@ubuntu:~$ sudo apt-get install openssh-server
3. 再次查看openssh安装情况
ubuntu@ubuntu:~$ dpkg -l | grep -i openssh
ii openssh-client 1:8.4p1-5ubuntu1 amd64 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:8.4p1-5ubuntu1 amd64 secure shell (SSH) server, for secure access from remote machines
ii openssh-sftp-server 1:8.4p1-5ubuntu1 amd64 secure shell (SSH) sftp server module, for SFTP access from remote machines
ubuntu@ubuntu:~$
4. 查看openssh进程情况
ubuntu@ubuntu:~$ ps -ef | grep ssh
root 742 1 0 09:49 ? 00:00:00 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
ubuntu 2864 2829 0 10:03 pts/1 00:00:00 grep --color=auto ssh
ubuntu@ubuntu:~$
5.简单防火墙状态
若防火墙状态开启,但22端口未开放,需开放22端口
ubuntu@ubuntu:~$ sudo ufw status
[sudo] password for ubuntu:
Status: active
To Action From
-- ------ ----
22 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
ubuntu@ubuntu:~$
ubuntu@ubuntu:~$
开放端口命令
ubuntu@ubuntu:~$ sudo ufw allow 22
vim安装
apt安装
sudo apt-get install vim
安装步骤记录
ubuntu@ubuntu:~$ dpkg -l | grep -i vim
ii vim-common 2:8.2.2434-1ubuntu1 all Vi IMproved - Common files
ii vim-tiny 2:8.2.2434-1ubuntu1 amd64 Vi IMproved - enhanced vi editor - compact version
ubuntu@ubuntu-VirtualBox:~$ sudo apt-get install vim
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
vim-runtime
Suggested packages:
ctags vim-doc vim-scripts
The following NEW packages will be installed:
vim vim-runtime
0 upgraded, 2 newly installed, 0 to remove and 179 not upgraded.
Need to get 7,470 kB of archives.
After this operation, 36.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://cn.archive.ubuntu.com/ubuntu hirsute/main amd64 vim-runtime all 2:8.2.2434-1ubuntu1 [6,083 kB]
Get:2 http://cn.archive.ubuntu.com/ubuntu hirsute/main amd64 vim amd64 2:8.2.2434-1ubuntu1 [1,387 kB]
Fetched 7,470 kB in 48s (154 kB/s)
Selecting previously unselected package vim-runtime.
(Reading database ... 189666 files and directories currently installed.)
Preparing to unpack .../vim-runtime_2%3a8.2.2434-1ubuntu1_all.deb ...
Adding 'diversion of /usr/share/vim/vim82/doc/help.txt to /usr/share/vim/vim82/doc/help.txt.vim-tiny by vim-runtime'
Adding 'diversion of /usr/share/vim/vim82/doc/tags to /usr/share/vim/vim82/doc/tags.vim-tiny by vim-runtime'
Unpacking vim-runtime (2:8.2.2434-1ubuntu1) ...
Selecting previously unselected package vim.
Preparing to unpack .../vim_2%3a8.2.2434-1ubuntu1_amd64.deb ...
Unpacking vim (2:8.2.2434-1ubuntu1) ...
Setting up vim-runtime (2:8.2.2434-1ubuntu1) ...
Setting up vim (2:8.2.2434-1ubuntu1) ...
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vim (vim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vimdiff (vimdiff) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rvim (rvim) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/rview (rview) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/vi (vi) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/view (view) in auto mode
update-alternatives: using /usr/bin/vim.basic to provide /usr/bin/ex (ex) in auto mode
Processing triggers for man-db (2.9.4-2) ...
ubuntu@ubuntu:~$ vim
ubuntu@ubuntu:~$ dpkg -l | grep -i vim
ii vim 2:8.2.2434-1ubuntu1 amd64 Vi IMproved - enhanced vi editor
ii vim-common 2:8.2.2434-1ubuntu1 all Vi IMproved - Common files
ii vim-runtime 2:8.2.2434-1ubuntu1 all Vi IMproved - Runtime files
ii vim-tiny 2:8.2.2434-1ubuntu1 amd64 Vi IMproved - enhanced vi editor - compact version
ubuntu@ubuntu:~$
root账号密码初始化
Ubuntu安装好后,root初始密码随机,需要设置。
1. sudo passwd:修改密码
ubuntu@ubuntu:~$ sudo passwd
[sudo] password for ubuntu:
New password:
2. su - root:切换用户尝试
ubuntu@ubuntu:~$ su - root
Password:
root@ubuntu:~# exit
logout
ubuntu@ubuntu:~$
root密码修改后能通过安装时候的用户切换到root用户,但无法通过ssh直接使用root连接
3. 允许root用户登录,编辑sshd_config
找到Authentication项下的PermitRootLogin prohibit-password改成PermitRootLogin yes
ubuntu@ubuntu:~$ sudo vim /etc/ssh/sshd_config
ubuntu@ubuntu:~$
4. 重启sshd
ubuntu@ubuntu:~$ systemctl restart sshd
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'ssh.service'.
Authenticating as: ubuntu,,, (ubuntu)
Password:
==== AUTHENTICATION COMPLETE ===
ubuntu@ubuntu:~$
修改hostname
1. 切换root账号
ubuntu@ubuntu:~$ su - root
Password:
root@ubuntu:~#
2.修改/etc/hostname
root@ubuntu:~# vim /etc/hostname
3.重启服务器
root@ubuntu:~# reboot
5. ssh连接测试
简单防火墙查看ufw
官方介绍:https://help.ubuntu.com/community/UFW#UFW
ptables
iptables是防火墙规则的数据库,是 Linux 系统中实际使用的防火墙。Linux系统中配置iptables的传统界面是命令行界面终端。本节中的其他实用程序简化了 iptables 数据库的操作。
UFW
UFW(Uncomplicated Firewall)是 iptables 的前端,特别适合基于主机的防火墙。UFW 是专门为 Ubuntu 开发的(但在其他发行版中可用),并且也是从终端配置的。
Gufw是 UFW 的图形前端,推荐给初学者。
UFW 是在 Ubuntu 8.04 LTS (Hardy Heron) 中引入的,并且在 8.04 LTS 之后的所有 Ubuntu 安装中默认可用。
查看防火墙状态
ubuntu@ubuntu:~$ sudo ufw status
Status: inactive
ubuntu@ubuntu:~$
启用防火墙
ubuntu@ubuntu:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
ubuntu@ubuntu:~$ sudo ufw status
Status: active
ubuntu@ubuntu:~$ sudo ufw status
Status: active
ubuntu@ubuntu:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
ubuntu@ubuntu:~$
关闭防火墙
ubuntu@ubuntu:~$ sudo ufw disable
Firewall stopped and disabled on system startup
ubuntu@ubuntu:~$ sudo ufw status
Status: inactive
ubuntu@ubuntu:~$
防火墙日志的开放/关闭
sudo ufw logging on
sudo ufw logging off
开放端口
sudo ufw allow <port>/<optional: protocol>
拒绝端口
sudo ufw deny <port>/<optional: protocol>
开放端口(高级应用)
sudo ufw allow <port>/<optional: protocol>
sudo ufw allow 22
Allow by Specific IP
sudo ufw allow from <ip address>
sudo ufw allow from 192.168.0.1
Allow by Subnet
sudo ufw allow from 192.168.1.0/24
Allow by specific port and IP address
sudo ufw allow from <target> to <destination> port <port number>
sudo ufw allow from 192.168.0.4 to any port 22
Allow by specific port, IP address and protocol
sudo ufw allow from <target> to <destination> port <port number> proto <protocol name>
sudo ufw allow from 192.168.0.4 to any port 22 proto tcp
拒绝端口(高级应用)
sudo ufw deny <port>/<optional: protocol>
sudo ufw deny 22
Deny by specific IP
sudo ufw deny from <ip address>
Deny by specific port and IP address
sudo ufw deny from <ip address> to <protocol> port <port number>
sudo ufw deny from 192.168.0.1 to any port 22
删除存在的规则
sudo ufw delete deny 80/tcp
使用编号规则
查看编号规则
sudo ufw status numbered
删除编号规则
sudo ufw delete 1
新增编号规则
sudo ufw insert 1 allow from <ip address>