Day 2 remote connection to Linux system management

Source: Internet
Author: User
Tags i18n ssh server

IP Port-Basic concepts such as protocols the computer on the Internet will have a unique 32-bit address, IP address. We access the server. You must pass this IP address. The LAN also has the reserved IP address 192/10/172 beginning. The IP address of the local area network is also unique. Nat mode, the computer host's IP is unique in the LAN, the NAT mode is selected to create the virtual machine, the virtual machine is a new local area network (private network). Teacher's machine The simple concept of IP 192.168.33.128 port 192.168.33.128 represents a host, but there may be many services on the host. Different service functions on a single host are differentiated by ports and then accessed by external personnel. Remote Connection Service SSH 22 Port protocol Chinese, English, French, different services provide different ports, corresponding to different functions, communication methods may also be different, this means of communication we can understand as a protocol. Different service functions on a host, that is, through port differentiation, different service ports, communication between the client and the server, may use different protocols. Ip,port (port), Protocol (protocol) SSH communicationRemote Connection service. Troubleshooting :1, two machines are unobstructed, look at the physical network (LAN network card, IP is not in the correct)Ifconfig (view IP) Ping ip to check whether the physical network is unobstructed. (Win system) does not pass:1. The client-to-server physical link has a problem. Network card, IP, network cable, firewall.2, the service is goodWhether the SSH service is good or not. Detection method: from which machine is connected on that machine operation telnet IP 22 (server IP and Port) at the command line input Telnet can also be connected remotely, because it is not encrypted. Few people use it.not possible cause:1, the server's firewall blocked,Restart (SSH service) iptables:/etc/init.d/iptables restart2, the port is not open, the server side does not listen to your connection port. [[email protected] ~]# netstat-lntup|grep 22 (Example of SSH service 22 port) [[email protected] ~]# Netstat-lntup|grep SSHD Client Tool Securcrt,xshell,putty service-side SSH service: Process name Sshd,openssh (connected), OpenSSL (encrypted). Summary: First step: Is there a problem with the physical link, analogy to whether the expressway is repaired? ) Client operations. Ping IP Address: Troubleshoot client-to-server routing problems, pings common network connectivity Checker (road pass No) tracert-d IP address: Route tracking command, can also check whether the road is unobstructed,-D is not reverse parsing. Part II: Is there a problem with the SSH service and is it a metaphor for the opening of tourist attractions? Client operations. Telnet IP address 22 to determine if the SSH server default port 22 is open? (Client operation) 1, see whether the port is open, 2, see whether the port has changed. 3, look at the firewall and other issues. Nmap IP Address-P 22: can also achieve the same effect as Telnet, but Nmap is only used in Linux. The third part: is not the firewall blocking, that is, is not the Snow seal road, high-speed road obstruction pass. (server view)/etc/init.d/iptables stoplinux firewall iptables, may do bad things, blocking the remote connection, learning environment recommendations to switch off the firewall, production as needed to open. This chapter knowledge related questions 1) Enterprise Scene interview question: How Linux system lets optimize 2) Enterprise Scene interview question: SSH service is not connected, how to troubleshoot? 3) Enterprise Scenario interview: What is the difference between 32-bit and 64-bit systems? 4) Enterprise Interview questions: 7 types of Linux operating level and corresponding role. 5) Enterprise Interview questions: Master Linux system from boot to landing before the start process of the Linux host file transfer. Let's take a look at the command instructions for uploading a download. 1) RZ, Sz command installation method The first method: When installing the system, select the package group containing RZ and SZ commands. Dlal-up Networking Support. The second approach: Install the system after installing it by performing a yum install lrzsz-y or yum Groyupinstall "dial-up Networking support"-y command. 2) Upload content, the implementation of RZ command, if you want to overwrite the server on the same name upload, add-y parameter, enter the RZ-Y command after the direct return, will open an upload file window, and then select the file we want to upload to upload, in thisThe selected files in the uploaded window are the files that the client computer will upload to Linux locally. 3) Download the command sz download the content, execute the command "SZ filename", if you want to overwrite local content download with the same name, you can enter the "sz-y filename" command, the sz-y command after the filename is the command line Linux host file under the current directory, for example: SZ Oldboy.olg. When downloading a file from the server using SZ or the "sz-y file name" command, the default client download path is the download path set in the CRT address 4) Note 1, the use of the RZ sz command, can only upload the download file instead of the directory, if the directory needs to be packaged into a file and then transferred. (Zip) 2, the uploaded file can be any file on the computer, the downloaded file will be downloaded to the SECURECRT configuration to the corresponding download path directory. 3, the implementation of the RZ command return to the bottom of the window appears, do not tick "to asxii" way to upload files, otherwise you will encounter problems. 5) Other tools in addition to RZ, SZ and other transfer file commands, you can also use FTP, SFTP, (SSH service), WINSCP and other tools to transfer files. Batch Execution command demo diagram tip: 1, if you want to deploy or perform a task to the server for dozens of, you can take advantage of this small feature of securecrt, very good, easy to use, can replace some large batch deployment software, if it is a large number of servers, You can use Saltstack and other batch management tools. 2, the special need to note is that the above batch management operations, can not use interactive commands, such as: Vi/vim RZ. But you can work with it, for example: The Vi/vim command can be replaced with echo,cat,sed. Linux System Application Management 1, under normal circumstances, in the enterprise production environment should try to avoid direct to the root user operation, unless there is more than ordinary user rights of the system maintenance requirements. Immediately after use, return to the normal user after installing Linux system tuning and security settings off SELinux function 1) Modify the configuration file so that the shutdown SELinux permanent effect: sed-i ' s/selinux=enforcing/selinux=disabled/'/ etc/selinux/config<== Modify the configuration file to make the configuration permanent, but you must restart the system, this step is the SED rapid modification method, you can also modify this file through VI editing. grep selinux=disabled/etc/selinux/configselinux=disabled <== Check the replacement result as disabled means the edit succeeded 2) temporarily close SELINUX, You can execute the following command at the command line: SETENFORCEUSAGE:setenforce [Enforcing | Permissive | 1 | The 0]← number 0 indicates permissive, which gives a warning prompt, but does not block the operation, which is equivalent to disabled. The number 1 represents enforcing, which means that SELinux is turned on. [[email protected] @www ~]# setenforce 0 <== temporarily adjust selinux to permissive status. [[email protected] @www ~]# getenforce <== view selinux current status permissive commands are described below. Setenforce: The level at which the command line manages SELinux, The number that follows indicates the level at which the setting corresponds. getenforce: View the current level status of SELinux. [Illustration] Tip: After modifying the configuration SELinux, you must restart the system if you want to make it effective. Therefore, the Setenforce 0 can be used with the temporary closure of the command, so that before and after the restart can make SELinux shutdown to take effect, that is, no need to restart the server immediately, in the production scenario, the Linux machine is not free to restart. 3.4.2 Sets the 7 runlevel default runlevel for Run Level 3 (text mode) Linux. The runlevels used are:0-halt (do not set Initdefault to this) (Shutdown status) 1-single user mode (Maintenance state) 2-multiuser, without N FS (the same as 3, if you don't have networking) (single user only) 3-full multiuser mode (command line mode) 4-unused (reserved) 5-x11 (desktop mode) 6-rebo OT (do no set Initdefault to this) (restart mode) Linux system has 7 runlevel (runlevel) Run Level 0: System down state, system default RunLevel cannot be set to 0, otherwise it will not start running Level 1: Single User working state, Root privileges for system maintenance, prohibit remote login run Level 2: Multi-User State (no NFS) RunLevel 3: Full multiuser State (with NFS), login to console command line mode run Level 4: System not used, keep runlevel 5:x11 console, Log in to graphical GUI mode to runLevel 6: The system shuts down gracefully and restarts, the default runlevel cannot be set to 6, otherwise the command description is not started correctly: use RunLevel to view the current runlevel using init (with runlevel numbers to switch runlevel) For example: Init 6 restarts the Linux server. Homework: Master the Linux7 level of operation. Mastering the startup process of Linux system from boot to landing. Answer: ⑴ boot BIOS self-test, load hard disk. ⑵ read MBR,MBR boot. ⑶grub boot menu (boot Loader). ⑷ load kernel kernel. ⑸ starts the init process, sets the run level ⑹init process according to the Inittab file, and executes the Rc.sysinit file. ⑺ starts the kernel module and executes different levels of scripting. ⑻ Execute/etc/rc.d/rc.local⑼ Start Mingetty, enter the system login interface.   Anonymous shut down firewall temporarily shut down Firewall command:/etc/init.d/iptables stop view firewall status command/etc/init.d/iptables status permanently shuts down the firewall: Chkconfig iptables Off modifies the character set to first back up Cp/etc/sysconfig/i18n/etc/sysconfig/i18n.ori and replace Echo ' lang= ' zh_gn. UTF-8 "' >/etc/sysconfig/i18n is equivalent to adding lang= in vi/etc/sysconfig/i18n" ZH_CN. UTF-8 "content. Make the above changes effective:-source/etc/sysconfig/i18n then view the modified content cat/etc/sysconfig/i18n or echo $LANG 3.4.10 history and login timeout environment variable settings 1, Set Idle account Timeout Setting the example command for idle accounts is as follows, note that the configuration here is only temporary. Export tmout=10 10 seconds to exit without action. 2. Set linux command-line history data Linux Special variables: Export histsize=5 (command line history number) history (show historical)-D (delete specified history)-C (delete current history) set user's command history file (~ /.bash_history) The example command that records the number of specified commands is as follows, note that the configuration here is only temporary. Export histfilesize=5 command-line command file number of records ~/,bash_historycat ~/.bash_history manually synchronize Internet time to thisGround Linux host/usr/sbin/ntpdate time.nist.govlinux special variable: Temporary effective export histsize=5 (5) (Number of command line history) export Histfilesize=5 (5) ( command-line command file number of records ~/.bash_history) export tmount=10 (10 seconds) (connected time-out control variable)-put the above command into the configuration file for permanent entry. echo ' Export tmout=300 ' >>/etc/porfileecho ' export histsize=5 ' >>/etc/porfileecho ' Export histfilestze=5 ' & Gt;>/etc/profiletail-3/etc/profilesource/etc/profile (making the configuration file effective) hides the Linux version information before logging on to the Linux host local (non-CRT connected window), Displays the version and kernel of the system, and after logging in, execute the following command to reach the actual storage file displayed on the terminal content before logging in to Linux. [[email protected] ~]# Cat/etc/issuecentos release 6.8 (Final) Kernel \ R on an \m[[email protected] ~]# cat/etc /issue.netcentos Release 6.8 (Final) Kernel \ r on an \m>/etc/issue>/etc/issue.net (remove kernel system version information, etc.) because this makes the heart of the people see unsafe. Snapshot analogy: Suppose you make a snapshot of your life 1 years 2 years old 10 years old 16 years old 18 years old

Day 2 remote connection to Linux system management

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.