FreeBSD (system settings)

The system has been installed. Now we can set it.

The system that has just been installed has no password. We use root to log in directly.
# Sysinstall
Set the system.
Select Configure to enter
[Root Password] set the root Password.
[Networking] select [sshd] to enable ssh remote login, so that we can set the system on the terminal, without switching back and forth in VMware for convenience!
 
Select Exit to Exit the settings page.
System Network Settings
You can view some network card numbers before setting
# Ifconfig-
Lnc0: flags = 108843 <UP, BROADCAST, RUNNING, SIMPLEX, MULTICAST, NEEDSGIANT> mtu 1500
Plip0: flags = 108810 <POINTOPOINT, SIMPLEX, MULTICAST, NEEDSGIANT> mtu 1500
Lo0: flags = 8049 <UP, LOOPBACK, RUNNING, MULTICAST> mtu 16384
Inet 127.0.0.1 netmask 0xff000000
 
# Ee/etc/rc. conf
Join:
Ifconfig_lnc0 = "inet 192.168.10.20 netmask 255.255.255.0" # IP address and subnet mask
Defaultrouter = "192.168.10.10" # Default Gateway
Hostname = "www. rd. bj" # machine name
 
# Ee/etc/hosts
Join:
192.168.10.20 www. rd. bj # map the IP address to the machine name
 
# Ee/etc/resolv. conf
Join:
Nameserver 127.0.0.1
 
Now, the basic network settings are complete. Let's reboot the machine to make the settings take effect. Then we can operate on the terminal.
 
Configure the SSH service to allow the root user to log on. (Because this is an experimental system, you can log on to the root user. if the system is a production system or you want to disable this operation, log on to the root user with a lower permission and use su to switch to the root user.
# Ee/etc/ssh/sshd_config
Set PermitRootLogin to yes
Set UseDNS to no to disable DNS query, so that SSH logon is faster.
Set UsePAM to yes
#/Etc/rc. d/sshd restart # restart the ssh service
The above configuration is password-based login, which is irrelevant to an experiment system. However, if it is used in the production system, the security risk is still relatively high. Here, I will add a little bit and use the key authentication method to log on to the system.
 
First, the SSH terminal tool I selected is SecureCRT, which can be used to produce public keys.
 
 
Then generate the desired file according to the wizard, and select "DSA" for the key type ]. Remember the phrase you entered in this process (in fact, it is equivalent to a password you set when you log on later ).
After the Wizard is complete, two files are generated. The default values are Identity and Identity. pub.
 
Now we start to configure the server. With the above password login basis, we will first set the Identity. pub uploads data to the server. here we can use another tool, SecureFx, which works very well with SecureCRT. The uploaded directory is/root /. ssh/(because we need to use the root login, We need to upload it to the root home directory), if the Home Directory does not exist. you can create an ssh directory by yourself.
# Mkdir/root/. ssh
Convert the uploaded public key to an Openssl public key and import it to the authorized_keys file.
# Ssh-keygen-X-f Identity. pub> authorized_keys
# Chmod 0640 authorized_keys # Only the owner can read and write data.
# Rm-rf Identity. pub
# Ee/etc/ssh/sshd_config
Set PubkeyAuthentication to yes
Remove the # Before AuthorizedKeysFile. ssh/authorized_keys.
#/Etc/rc. d/sshd restart # restart the ssh service
 
Now, go back to the SecureCRT terminal and log on again. She will prompt you to enter the passage phrase. The SSH configuration is over now. I think the key authentication method should help us feel at ease.
 
After the network problem is fixed, we will upgrade and compile the kernel with the system. First, we will upgrade the system.
System upgrade (src and ports)
To upgrade the system, we must use a software: cvsup, which can be installed on a CD (in the second CD) to save time.
# Sysinstall
Select Configure to enter
[Packages]-> [CD/DVD]-> [devel]
Select the [X] cvsup-without-gui-16.1h_2
Select OK and return to the previous page. Select Install. Wait until the installation is complete.
After CVSUP is installed, cvsup is installed in/usr/local/bin by default.
# Rehash
 
After the cvsup is installed, we can upgrade the src and ports directories of our system.
# Cd/usr/share/examples/cvsup
# Ls
Cvs-supfile # Upgrade CVSUP's own
Doc-supfile # operating system document upgrade File
Gnats-supfile # FreeBSD BUG Database
Ports-supfile # Ports upgrade File
Stable-supfile # stable version FreeBSD upgrade
Standard-supfile # FreeBSD upgrade of the latest version
 
First, we will upgrade ports to configure the ports-supfile file.
 
# Ee ports-supfile
 
Change the following part:
* Default host = cvsup.cn.FreeBSD.org # CVS server. Select a server to save time.
* Default base =/usr # directory where cvsup receives files
* Default prefix =/usr
* Default release = cvs tag =.
* Default delete use-rel-suffix
# Update all Ports. Note that it is the default value and all Ports will be updated,
# If you only need to update a certain Ports directory, add # in front to comment it out
# Comment out ports-all and remove # from the directory to be updated. This is a single update.
Ports-all
After setting the configuration file, save and exit and execute:
# Cvsup-g-L 2 ports-supfile
After updating ports, we will update src in the same way. To ensure server stability, choose stable-supfile as our Update Configuration File.
Change the parameters in the configuration file in the same way as above, save and exit, and execute:
# Cvsup-g-L 2 stable-supfile