Remote logon to Linux
Linux is mostly used on servers, and servers cannot be stored in the office like PCs. They are stored in IDCs, so a Ming usually logs on to the Linux system remotely. In Linux, the remote logon function is implemented through the ssh service. Port 22 is enabled for the sshd service by default. When the system is installed, the service has been installed and started. Therefore, you can log on to the Linux system remotely without any additional configuration. The sshd service configuration file is/etc/ssh/sshd_config. You can modify this configuration file to implement the desired sshd service. For example, you can change the Start port to 11587.
If you are a windows operating system, you need to install an additional terminal software on our machine for Linux Remote logon. Currently, SecureCRT, Putty, and SSH Secure Shell are common terminal login software. Many friends prefer SecureCRT because of its powerful functions, while Amin prefers Putty, it is only because of its small size and very beautiful color display. No matter which client software you use, the ultimate goal is to remotely log on to the Linux server. There are many free versions of these software on the Internet. You can download one to try it out.
You may wish to use Putty, a small tool, along with Amin.
Download PuttyI suggest you go to the official site of Putty to download the original putt of the English version. I have reported on the Internet that a Chinese version of Putt has been manipulated by hackers with ulterior motives, and a backdoor has been planted. I would like to remind you that you will try to download any software from the official site in the future. : Http://www.chiark.greenend.org.uk /~ Sgtatham/putty/download.html connection remote linuxlinuxserver tool only download putty.exe can be http://the.earth.li /~ Download sgtatham/putty/latest/x86/putty.exe and double-click it to run it.
Configure IP addresses for LinuxTo remotely connect to a Linux server, you must first know the IP address of the server. Because the Virtual Machine Used by Amin, and the real machine running by the virtual machine is the automatically obtained ip address, the virtual machine can also automatically obtain the ip address. If you install Linux with James step by step, your Linux does not have an IP address at present. The following describes how to configure IP addresses:
In only one case, the IP address can be automatically obtained, that is, the DHCP service is available in the network environment where your Linux is located. [1] In short, as long as your real machine can automatically obtain the IP address, you can also automatically obtain the IP address in Linux installed on the virtual machine. The method is very simple and you only need to run a command.
[root@localhost ~]# dhclient
After running this command, there will be a lot of information, so you don't have to worry about it. Run the 'ifconfig' command to view the IP Address:
[root@localhost ~]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:D9:F0:52 inet addr:10.72.137.85 Bcast:10.72.137.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fed9:f052/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27135 errors:0 dropped:0 overruns:0 frame:0 TX packets:53 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3488498 (3.3 MiB) TX bytes:7550 (7.3 KiB) Interrupt:18 Base address:0x1080lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
You can use this command to view the IP addresses of several NICs and NICs in the system. The IP address of eth0 in Amin's system is 10.72.137.85. if you have multiple NICs in Linux, it is displayed as eth1 and eth2 in Linux.
If your virtual machine cannot automatically obtain the IP address, you can only manually configure it as follows:
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
Run the vi command to open the configuration file "/etc/sysconfig/network-scripts/ifcfg-eth0. About commandsViA Ming will give a detailed description in subsequent chapters. For now, you only need to know that this command is used to edit files. Enter the preceding command and press enter to open the configuration file. Use the downward arrow of the arrow key to move the cursor to the last line, and press the cursor key 'O' to enter the editing mode. Add the following content:
IPADDR=10.72.137.85NETMASK=255.255.255.0GATEWAY=10.72.137.1
Please note that because Amin does not know the specific network environment, he does not know what type of IP address you should configure. Please do not copy the example given by James directly. This configuration is definitely not feasible, configure the IP address in the same network segment as your real machine (windows. For more information about netmask and gateway, visit the Internet. This is the basic knowledge about network technology. You also need to move the cursor to the line "ONBOOT = no" and change it:
ONBOOT=yes
Change "BOOTPROTO = dhcp":
BOOTPROTO=none
Click the "ESC" key in the upper left corner of the keyboard, and then enter: WqIt will be displayed at the bottom left of the screen, and press enter to save the configuration file. Then, restart the network service:
[Root @ localhost ~] # Service network restart: closing the interface eth0: [OK] Closing the loopback interface: [OK] The loopback interface pops up: [OK] the pop-up interface eth0: [OK]
In this way, the IP address of eth0 takes effect after the network is restarted. Run the "ifconfig eth0" command to view the information:
[root@localhost ~]# ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0C:29:D9:F0:52 inet addr:10.72.137.85 Bcast:10.72.137.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fed9:f052/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:27135 errors:0 dropped:0 overruns:0 frame:0 TX packets:53 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3488498 (3.3 MiB) TX bytes:7550 (7.3 KiB) Interrupt:18 Base address:0x1080
Next, check whether the configured IP address can be pinged. A Ming uses the Windows 7 system, so he uses cmd to open the command window and perform detection. The shortcut for opening cmd isWindows + r.
C: \ Users \ Administrator> ping 10.72.137.85. Ping 10.72.137.85 with 32 bytes of data: reply from 10.72.137.85: byte = 32 time = 1 ms TTL = 64 reply from 10.72.137.85: byte = 32 time <1 ms TTL = 64 replies from 10.72.137.85: byte = 32 time <1 ms TTL = 64 replies from 10.72.137.85: bytes = 32 time <1 ms TTL = 6410.72.137.85 Ping statistics: Packet: Sent = 4, received = 4, lost = 0 (0% lost ), estimated round-trip time (in milliseconds): Minimum = 0 ms, maximum = 1 ms, average = 0 ms
For more information about this part, see if you have configured an IP address and can ping the IP address. This part of configuration is suitable for such scenarios: Your office network cannot obtain an IP address through dhcp, or you do not want your Linux to be in a CIDR block with the office network, and you also want Linux to access the Internet.
Edit-> Virtual Network setting-> NAT-> Vmnet 8 Gateway IP address: 192.168.205.2 Netmask: 255.255.255.0 NAT service: Started-> OK
Double-click the NIC icon in the lower-right corner of the VM. After you move the mouse over it, "Ethernet:..." is displayed :... "Device status, both items need to be checked; Network connection needs to select the last item (Custom: Specific virtual network) Select Vmnet8 (NAT) and click OK.
Right-click "Network neighbors"-> properties-> right-click "VMware Network Adapter VMnet8"-> properties-> double-click "Internet Protocol (TCP/IP) "-> manually set the IP address to 192.168.205.1 and the subnet mask to 255.255.255.0. Both the gateway and dns are set to 192.168.205.2-> OK
Edit the eth0 configuration file on your LinuxVi/etc/sysconfig/network-scripts/ifcfg-eth0The content is as follows:
DEVICE=eth0BOOTPROTO=noneHWADDR=00:0C:29:33:F7:3AONBOOT=yesIPADDR=192.168.205.3NETMASK=255.255.255.0GATEWAY=192.168.205.2
Run commandsVi/etc/resolv. confThe content is as follows:
nameserver 192.168.205.2
Run commandsService network restart
If you encounter a problem like this: After restarting the network service, you will find that the DNS address set in/etc/resolv. conf disappears. You can refer to this post to solve your problem:
Use putty to log on to your LinuxIn the previous section, I set up an IP address to pave the way for this part. There is no way to remotely connect to Linux without an IP address. Double-click and download the putty.exe file. This small tool is only a few hundred kb, but you should not underestimate it. There are many functions, and the help documentation of this tool is enough for a few days, the key is that all are in English. It doesn't matter if your English skills are poor. I believe that as you use more and more Linux, your English skills will become stronger and stronger.
In the Host Name (or IP address) field, enter the IP address you Just configured in the previous section. The Linux IP address of Amin is "10.72.137.85 ".
The Port column remains unchanged by default.
The Connection type is also default.
Saved Sessions a custom name is used to differentiate hosts. In the future, you will have many hosts. A simple name is easy to remember and can be quickly searched.
Character sets are the most annoying in computers, especially in Linux. Alibaba Cloud has installed Chinese language support when installing CentOS in Chapter 3. Therefore, the installed system supports Chinese, and the putty setting also supports Chinese. Click "Window"-> "Translation" on the left, check "Character set translation on converted data" on the right, and select the UTF-8. click "Session" on the left and then "save" on the right ".
Use the key authentication mechanism to remotely log on to LinuxAfter saving the session, click "Open" at the bottom ". A friendly prompt will pop up upon initial login, which means that the Linux to be opened has not been registered on the local machine, asking if we want to trust it. If it is trustable, click 'Yes 'to register the host; otherwise, click 'no' or 'cancel'. The logon prompt is displayed:
login as: rootroot@10.72.137.85's password:Last login: Wed May 8 08:02:17 2013 from 10.72.137.89Enter the user name and password, and then log on to the Linux system. After logging on to the system, you will be prompted about the last logon time and where to log on to the system.
The SSH service supports a security authentication mechanism, that is, key authentication. The so-called Key Authentication actually uses a pair of encrypted strings. One is called a public key, which can be seen by anyone for encryption. The other is called a private key ), only the owner can see it for decryption. Ciphertext encrypted by the public key can be easily decrypted using the key, but it is very difficult to guess the key based on the public key. Ssh key authentication uses this feature. Both the server and client have their own public keys and keys. How can I use key authentication to log on to a linux server?
Because at that time only use this tool, in fact, the complete putty program contains a lot of gadgets, so this time I suggest you download a complete package of http://the.earth.li /~ When sgtatham/putty/latest/x86/putty.zip is downloaded, puyttygen.exe is the key generation tool used in this section.
If you are interested in the working principle of the key, you can check it on the Internet. Amin doesn't want to introduce too many irrelevant knowledge points, but there is nothing wrong with understanding it. Double-click puttygen.exe, change "Number of bits in a generated key" in the lower right corner to "1024", and click "Generate" to Generate the key. Please move your mouse back and forth, in this way, you can quickly generate a key pair, which will be completed in about a dozen seconds. "Key comment:" can be kept unchanged or customized here, which is a brief introduction to the Key. "Kye passphrase:" is used to set a password for your Key, in this way, you can leave it empty. We recommend that you set a password. "Confirm passphrase:" enter the password you just set again.
Click "Save private key", select a storage path, define a name, and click "Save ". Save it to a safe place to prevent loss or display by others.
Return to the Key generation window, and there is a long string below the Key. This string is the content of the public Key, and the entire public Key string is copied. Paste it to your Linux/Root/. ssh/authorized_keysFile. Follow the steps below:
[root@localhost ~]# mkdir /root/.ssh[root@localhost ~]# chmod 700 /root/.ssh
First create the/root/. ssh directory because the directory does not exist by default, and then change the permission. AboutMkdirAndChmodThese two commands will be detailed in subsequent chapters. For now, you only need to know that they are used to create directories and Change permissions. Then paste the public key content into the/root/. ssh/authorized_keys file.
[root@localhost ~]# vi /root/.ssh/authorized_keys
Press enter and click 'I to enter the editing mode. Then, right-click and paste it. This is a convenient function of the putty tool. Press the 'esc 'key and enter: WqPress enter to save and exit the file.
If selinux is not disabled, [3] "Server refused our key" will be displayed when you log on with the key. The method for disabling selinux is as follows:
[root@localhost ~]# setenforce 0
This is only a temporary command line to disable selinux. selinux will be enabled after Linux is restarted next time. To permanently disable selinux, follow these steps:
[root@localhost ~]# vi /etc/selinux/config
Press enter and move the cursor to "SELINUX = enforcing ".IEnter the editing mode and change it
SELINUX=disabled
Press "Esc" and enter: WqPress enter and restart the system.
Open putty.exe, click the saved session, click "Load" on the right, and click "SSH" on the left.+Select "Auth" and check that the bar below "Private key file for authentication:" on the right is empty. Click "Browse" and find the Private key we just saved, click "open ". In this case, the address of the private key is displayed in the box. You can edit the path on your own. Then return to the left, click "Session" at the top, and click "Save" on the right ".
After saving the session, click "Open" in the lower right corner. The logon page appears, and you will find that the content is different from the original logon prompt.
login as: rootAuthenticating with public key "rsa-key-20130509"Passphrase for key "rsa-key-20130509":Last login: Thu May 9 16:17:13 2013 from 10.72.137.43[root@localhost ~]#
Instead of entering the root password, you need to enter the password of the key. If you did not set the password when producing the key, you will directly log on to the system after entering the root password.
| [1] | DHCP is a service that automatically allocates IP addresses. DHCP services are available in our office network environment. In addition, home routers such as Tplink or dlink all have the DHCP service function. |
| [2] | This part is configured on windows XP, and the same is true for windows 7. |
| [3] | Selinux is a unique security mechanism of RedHat and CentOS. This is complicated and we never want to enable it because after selinux is enabled, many inexplicable bugs will occur. |
This article permanently updates the link address:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
