服务器日常维护常用指令
用户管理
- 创建新用户:
sudo adduser username
; - 删除用户:
sudo userdel -r username
; - 将普通用户添加到
sudo
组:sudo usermod -aG sudo username
; - 将普通用户添加到
normuser
组:sudo usermod -aG normuser username
; - 修改用户
uid
:sudo usermod -u uid username
; - 修改用户
gid
:sudo groupmod -g gid username
; - 修改用户默认
shell
为zsh
:sudo usermod -s /bin/zsh username
;
文件解压缩
-
.tar
:- 解压:
tar xvf FileName.tar
; - 压缩:
tar cvf FileName.tar DirName
;
- 解压:
-
.gz
:- 解压:
gunzip FileName.gz
或gzip -d FileName.gz
; - 压缩:
gzip FileName
;
- 解压:
-
.tar.gz
&.tgz
:- 解压:
tar zxvf FileName.tar.gz
; - 压缩:
tar zcvf FileName.tar.gz DirName
;
- 解压:
-
.zip
:- 解压:
unzip FileName.zip
; - 压缩:
zip FileName.zip DirName
;
- 解压:
-
.rar
:- 解压:
rar x FileName.rar
; - 压缩:
rar a FileName.rar DirName
;
- 解压:
Open-SSH 禁用密码登录
-
修改
/etc/ssh/sshd_config
,仅允许使用密钥登录,并修改端口为6724
:# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Include /etc/ssh/sshd_config.d/*.conf #Port 22 Port 6724 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 PubkeyAuthentication yes # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no #PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server
-
重启
sshd
服务,意使修改生效:sudo systemctl restart sshd.service
; -
切换至用户账户:
sudo su username
-
将用户的公钥添加到:
/home/username/.ssh/authorized_keys
文件 ;
Clash 配置
-
下载
clash
:clash ; -
下载
clash
配置文件:gist.github.com
; -
clash
启动脚本:#start_clash.sh WORKSPACE=/workspace/tools/clash #CLASH_URL=https://gist.github.com/GithubName/xxxx71a7db43bxxx/raw/clash_config.yaml # save pid of clash echo $$ > ${WORKSPACE}/clash.pid # download configration file #wget -O ${WORKSPACE}/clash_config.yaml ${CLASH_URL} # boot clash ${WORKSPACE}/clash -f ${WORKSPACE}/clash_config.yaml
-
clash
停止脚本:# stop_clash.sh WORKSPACE=/workspace/tools/clash #CLASH_URL=https://gist.github.com/GithubName/xxxx71a7db43bxxx/raw/clash_config.yaml # download configration file proxychains4 -f /workspace/tools/proxychains/src/proxychains.conf wget -O ${WORKSPACE}/clash_config.yaml ${CLASH_URL} # read pid file PID=`cat ${WORKSPACE}/clash.pid` kill -9 ${PID} rm ${WORKSPACE}/clash.pid
-
使用
crontab
定时更新配置文件,开机启动:-
编辑
crontab
:crontab -e
; -
添加内容:
@reboot /workspace/tools/scripts/start_clash.sh 00 04 * * * /workspace/tools/scripts/stop_clash.sh 01 04 * * * /workspace/tools/scripts/start_clash.sh
-
Proxychains 配置
-
下载
proxychains4
:proxychains -
安装
proxychains4
:- Step 1:
./configure --prefix=/usr --sysconfdir=/etc
; - Step 2:
make
; - Step 3:
sudo make install
;
- Step 1:
-
修改 proxychains 配置文件,添加代理转发端口:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" http 127.0.0.1 7890 socks4 127.0.0.1 7891 socks5 127.0.0.1 7891
-
修改
~/.bashrc
添加别名:添加
alias pc='proxychains4 -f /workspace/tools/proxychains/src/proxychains.conf'
; -
使用 proxychains:
- Example 1:
pc wget www.google.com
; - Example 2:
pc bash
;
- Example 1:
FRP 配置
-
下载
frp
:frp ; -
配置
frpc.ini
:[common] tls_enable = true server_addr = domain.name.com server_port = 7000 authentication_method = token token = qwertyuiop000000 [ssh-122] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 10122
-
配置
frps.ini
:TODO
-
配置开机启用
frpc
:-
Option 1:使用
crontab
;- 在
crontab
中添加:@reboot /usr/bin/frpc -c /etc/frp/frpc.ini
;
- 在
-
Option 2:使用
systemctl
;-
编写
frpc.service
存放于/lib/systemd/system/
;[Unit] Description=Frp Client Service After=network.target [Service] Type=simple User=nobody Restart=on-failure RestartSec=5s ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini LimitNOFILE=1048576 [Install] WantedBy=multi-user.target
-
配置开机启动
frpc
:sudo systemctl enable frpc
; -
启动
frpc
:sudo systemctl start frpc
; -
停止
frpc
:sudo systemctl stop frpc
; -
重启
frpc
:sudo systemctl restart frpc
; -
查看
frpc
状态 :sudo systemctl status frpc
;
-
-