服务器日常维护常用指令

用户管理

  • 创建新用户:sudo adduser username ;
  • 删除用户:sudo userdel -r username ;
  • 将普通用户添加到 sudo 组:sudo usermod -aG sudo username ;
  • 将普通用户添加到 normuser 组:sudo usermod -aG normuser username ;
  • 修改用户 uidsudo usermod -u uid username ;
  • 修改用户 gidsudo groupmod -g gid username ;
  • 修改用户默认 shellzshsudo usermod -s /bin/zsh username ;

 

文件解压缩

  • .tar

    • 解压:tar xvf FileName.tar ;
    • 压缩:tar cvf FileName.tar DirName ;
  • .gz

    • 解压:gunzip FileName.gzgzip -d FileName.gz ;
    • 压缩:gzip FileName ;
  • .tar.gz & .tgz

    • 解压:tar zxvf FileName.tar.gz ;
    • 压缩:tar zcvf FileName.tar.gz DirName ;
  • .zip

    • 解压:unzip FileName.zip ;
    • 压缩:zip FileName.zip DirName ;
  • .rar

    • 解压:rar x FileName.rar ;
    • 压缩:rar a FileName.rar DirName ;

 

Open-SSH 禁用密码登录

  • 修改 /etc/ssh/sshd_config ,仅允许使用密钥登录,并修改端口为 6724

    # $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
    
    # This is the sshd server system-wide configuration file.  See
    # sshd_config(5) for more information.
    
    # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
    
    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented.  Uncommented options override the
    # default value.
    
    #Include /etc/ssh/sshd_config.d/*.conf
    
    #Port 22
    Port 6724
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::
    
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_ecdsa_key
    #HostKey /etc/ssh/ssh_host_ed25519_key
    
    # Ciphers and keying
    #RekeyLimit default none
    
    # Logging
    #SyslogFacility AUTH
    #LogLevel INFO
    
    # Authentication:
    
    #LoginGraceTime 2m
    PermitRootLogin no
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10
    
    PubkeyAuthentication yes
    
    # Expect .ssh/authorized_keys2 to be disregarded by default in future.
    #AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
    
    #AuthorizedPrincipalsFile none
    
    #AuthorizedKeysCommand none
    #AuthorizedKeysCommandUser nobody
    
    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes
    
    # To disable tunneled clear text passwords, change to no here!
    PasswordAuthentication no
    #PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no
    
    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication.  Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    UsePAM no
    
    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PermitTTY yes
    PrintMotd no
    #PrintLastLog yes
    #TCPKeepAlive yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #UseDNS no
    #PidFile /var/run/sshd.pid
    #MaxStartups 10:30:100
    #PermitTunnel no
    #ChrootDirectory none
    #VersionAddendum none
    
    # no default banner path
    #Banner none
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    # override default of no subsystems
    Subsystem	sftp	/usr/lib/openssh/sftp-server
    
    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    #	X11Forwarding no
    #	AllowTcpForwarding no
    #	PermitTTY no
    #	ForceCommand cvs server
    
  • 重启 sshd 服务,意使修改生效:sudo systemctl restart sshd.service ;

  • 切换至用户账户:sudo su username

  • 将用户的公钥添加到:/home/username/.ssh/authorized_keys 文件 ;

 

Clash 配置

  • 下载 clashclash ;

  • 下载 clash 配置文件:gist.github.com ;

  • clash 启动脚本:

    #start_clash.sh
    
    WORKSPACE=/workspace/tools/clash
    #CLASH_URL=https://gist.github.com/GithubName/xxxx71a7db43bxxx/raw/clash_config.yaml
    
    # save pid of clash
    echo $$ > ${WORKSPACE}/clash.pid
    
    # download configration file
    #wget -O ${WORKSPACE}/clash_config.yaml ${CLASH_URL}
    
    # boot clash
    ${WORKSPACE}/clash -f ${WORKSPACE}/clash_config.yaml
    
  • clash 停止脚本:

    # stop_clash.sh
    
    WORKSPACE=/workspace/tools/clash
    #CLASH_URL=https://gist.github.com/GithubName/xxxx71a7db43bxxx/raw/clash_config.yaml
    
    # download configration file
    proxychains4 -f /workspace/tools/proxychains/src/proxychains.conf wget -O ${WORKSPACE}/clash_config.yaml ${CLASH_URL}
    
    # read pid file
    PID=`cat ${WORKSPACE}/clash.pid`
    kill -9 ${PID}
    rm ${WORKSPACE}/clash.pid
    
  • 使用 crontab 定时更新配置文件,开机启动:

    • 编辑 crontabcrontab -e ;

    • 添加内容:

      @reboot /workspace/tools/scripts/start_clash.sh
      00 04 * * * /workspace/tools/scripts/stop_clash.sh
      01 04 * * * /workspace/tools/scripts/start_clash.sh
      

 

Proxychains 配置

  • 下载 proxychains4proxychains

  • 安装 proxychains4

    • Step 1:./configure --prefix=/usr --sysconfdir=/etc ;
    • Step 2:make;
    • Step 3:sudo make install ;
  • 修改 proxychains 配置文件,添加代理转发端口:

    [ProxyList]
    # add proxy here ...
    # meanwile
    # defaults set to "tor"
    http 	127.0.0.1 7890
    socks4 	127.0.0.1 7891
    socks5 	127.0.0.1 7891
    
  • 修改 ~/.bashrc 添加别名:

    添加 alias pc='proxychains4 -f /workspace/tools/proxychains/src/proxychains.conf' ;

  • 使用 proxychains:

    • Example 1:pc wget www.google.com ;
    • Example 2:pc bash ;

 

FRP 配置

  • 下载 frpfrp ;

  • 配置 frpc.ini

    [common]
    tls_enable = true
    server_addr = domain.name.com
    server_port = 7000
    authentication_method = token
    token = qwertyuiop000000
    
    
    [ssh-122]
    type = tcp
    local_ip = 127.0.0.1
    local_port = 22
    remote_port = 10122
    
  • 配置 frps.ini

    TODO

  • 配置开机启用 frpc

    • Option 1:使用 crontab ;

      • crontab 中添加:@reboot /usr/bin/frpc -c /etc/frp/frpc.ini ;
    • Option 2:使用 systemctl ;

      • 编写 frpc.service 存放于 /lib/systemd/system/ ;

        [Unit]
        Description=Frp Client Service
        After=network.target
        
        [Service]
        Type=simple
        User=nobody
        Restart=on-failure
        RestartSec=5s
        ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
        ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
        LimitNOFILE=1048576
        
        [Install]
        WantedBy=multi-user.target
        
      • 配置开机启动 frpcsudo systemctl enable frpc ;

      • 启动 frpcsudo systemctl start frpc ;

      • 停止 frpcsudo systemctl stop frpc ;

      • 重启 frpcsudo systemctl restart frpc ;

      • 查看 frpc 状态 :sudo systemctl status frpc ;