登录服务器
登录服务器
ssh root@ip -p 22输入密码
查看系统版本
lsb_release -a
1# 1. 生成密钥
2ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
3
4# 2. 修改密钥文件权限
5chmod 600 ~/.ssh/id_rsa
6chmod 600 ~/.ssh/id_rsa.pub
7
8# 3. 设置服务器授权 key 文件权限(没有的话创建文件)
9chmod 644 ~/.ssh/authorized_keys
10
11# 4. 上传公钥到服务器
12ssh-copy-id -i key_file -p port user@host
13
14# 5. 输入密码
15
16# 6. ssh 登录
17ssh 'user@ip'
- 配置本地 ssh 登录
1# 1. 编辑文件
2vim ~/.ssh/config
3
4# 2. 配置 ssh
5Host racknerd_root
6 HostName xxx.168.120.15
7 User root
8 IdentityFile ~/.ssh/id_rsa
9 Port 223
10
11Host racknerd
12 HostName xxx.168.120.15
13 User subuser
14 IdentityFile ~/.ssh/id_rsa
15 Port 223
安全设置
禁用 root SSH 密码登陆
1# 1. 编辑文件
2sudo vim /etc/ssh/sshd_config
3
4# 2. 修改禁止远程密码登录
5PermitRootLogin prohibit-password
6
7# 3. 重启 ssh 服务
8sudo systemctl restart ssh
修改 ssh 端口号
1# 1. 编辑文件
2sudo vim /etc/ssh/sshd_config
3
4# 2. 修改端口号
5Port 1024~65535
6
7# 3. 重启 ssh 服务
8sudo systemctl restart ssh
Fail2ban 防暴力破解 SSH
1# 1. 更新仓库
2sudo add-apt-repository universe
3
4# 2. 安装软件
5sudo apt install fail2ban
6
7# 3. 编辑配置
8sudo vim /etc/fail2ban/jail.local
9
10[sshd]
11ignoreip = 127.0.0.1/8 # 白名单
12enabled = true
13filter = sshd
14port = 22 # 端口,改了的话这里也要改
15maxretry = 5 # 最大尝试次数
16findtime = 300 # 多少秒以内最大尝试次数规则生效
17bantime = 600 # 封禁多少秒,-1是永久封禁(不建议永久封禁)
18action = %(action_)s[port="%(port)s", protocol="%(protocol)s", logpath="%(logpath)s", chain="%(chain)s"] # 不需要发邮件通知就这样设置
19banaction = iptables-multiport # 禁用方式
20logpath = /var/log/auth.log # SSH 登陆日志位置
启用 UFW 防火墙
1sudo ufw default allow outgoing # 默认允许所有数据出站
2sudo ufw default deny incoming # 默认禁止所有数据入站
3
4# 添加规则
5sudo ufw allow 22 # 在未指定proto的情况下,默认为tcp和udp
6sudo ufw deny 22 # 拒绝的话就把allow改成deny
7sudo ufw allow port1,port2 # 允许复数个端口,以英文逗号分隔
8sudo ufw allow from ip/cidr to any proto tcp port 22 # 允许来自于特定ip或cidr段端口22的tcp协议的流量
9
10# 删除规则
11sudo ufw delete allow 22 # 在规则前面加个delete
12sudo ufw delete 1 # 按照numbered的编号删除也行
13
14# 开启/禁止防火墙
15sudo ufw enable|disable|reload
16
17# 记录日志
18ufw allow log 22/tcp
日常更新系统
1sudo apt update && sudo apt upgrade
创建子用户
useradd -m -G sudo -s /bin/bash solejaypasswd solejay
软件安装
ZSH
1# 1. 安装
2sudo apt-get install zsh
3
4# 2. 使用 zsh
5cat /etc/shells # 查看 shell 列表
6chsh -s /bin/zsh # 切换为 zsh
7echo $SHELL # 查看当前 shell
8
9# 3. 安装 oh my zsh
10wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | sh
11
12# 4. 下载 powerlevel10k 主题
13git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
14
15# 5. 配置主题样式
16source ~/.zshrc
17
18# 6. 配置插件
19# 安装语法高亮 zsh-syntax-highlighting
20git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
21# 安装自动建议 zsh-autosuggestions
22git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
23# autojump
24git clone git://github.com/wting/autojump.git & cd autojump & ./install.py
25
26# 7. 编辑 zshrc 文件
27plugins=(git autojump macos zsh-syntax-highlighting zsh-autosuggestions)
28export ZSH_AUTOSUGGEST_STRATEGY=(history completion)
29
30# 8. 重启 zsh
31source ~/.zshrc
Git
1$ git config --global user.name "John Doe"
2$ git config --global user.email johndoe@example.com
Docker
1# 1. 卸载冲突包
2for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done
3
4# 2. 设置 apt 存储库
5# Add Docker's official GPG key:
6sudo apt-get update
7sudo apt-get install ca-certificates curl
8sudo install -m 0755 -d /etc/apt/keyrings
9sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
10sudo chmod a+r /etc/apt/keyrings/docker.asc
11# Add the repository to Apt sources:
12echo \
13 "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
14 $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
15 sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
16sudo apt-get update
17
18# 3. 安装 docker 包
19sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
20
21# 4. 校验安装
22docker --version
1Panel
1curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sudo bash quick_start.sh
Golang
1# 1. 下载
2wget https://go.dev/dl/go1.23.1.linux-amd64.tar.gz
3
4# 2. 解压
5tar -C /home/solejay/software/ -zxf go1.23.1.linux-amd64.tar.gz
6
7# 3. 配置环境变量
8echo 'export PATH=$PATH:/home/solejay/software/go/bin' >> ~/.bashrc
9
10# 4. 刷新 bashrc
11source ~/.bashrc
NVM
1curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
Miniconda
1# 1. 下载安装脚本
2wget https://mirrors.tuna.tsinghua.edu.cn/anaconda/miniconda/Miniconda3-latest-Linux-x86_64.sh
3
4# 2. 配置权限
5chmod +x Miniconda3-latest-Linux-x86_64.sh
6
7# 3. 安装
8./Miniconda3-latest-Linux-x86_64.sh
Nginx
1# 1. 清除旧版 nginx
2sudo mv /etc/nginx/ /etc/nginx.old/
3sudo systemctl stop nginx
4sudo apt autoremove nginx* --purge
5
6# 2. 安装 nginx
7curl -fSsL https://nginx.org/keys/nginx_signing.key | sudo gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
8gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
9echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
10echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
11sudo apt update
12sudo apt install nginx
13nginx -v
14
15# 3. 管理 nginx
16systemctl status nginx # 验证是否正常运行
17
18sudo systemctl start nginx # 启动服务
19sudo systemctl stop nginx # 停止服务
20sudo systemctl reload nginx # 重新加载配置文件,不中断服务
21sudo systemctl restart nginx # 重启服务
22
23sudo systemctl enable nginx # 启用开机自启动
24sudo systemctl disable nginx # 禁止开机自启动
25
26# 4. 卸载 nginx
27sudo apt autoremove nginx* --purge
28sudo rm /etc/apt/sources.list.d/nginx.list
29sudo rm /etc/apt/preferences.d/99nginx
30sudo rm /usr/share/keyrings/nginx-archive-keyring.gpg
其他配置
Github 配置 SSH 连接
1# 1. 生成密钥
2cd ~
3ssh-keygen -t rsa -C "prj960827@gmail.com"
4cat ~/.ssh/id_rsa.pub
5
6# 2. github 添加 sshkey
7
8# 3. 验证
9ssh -T git@github.com
Git 快捷键
1# git command alias
2alias gst='git status'
3alias gaa='git add --all'
4alias gcmsg='git commit -m'
5alias gpom='git push origin master'
6alias gbr='git branch'
7alias gco='git checkout'
8alias glg="git log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"