Remote SSH connection service and basic troubleshooting

Source: Internet
Author: User
Tags ssh port

Remote SSH connection service and basic troubleshooting

 

Why remote connection to Linux ??

In actual scenarios, the virtual machine interface or the local windows of the physical server are rarely accessible, because after the server is installed with the system, it must be hosted in the IDC, if you have purchased a VM instance and cannot touch the local monitor of the server, you can only manage the Linux system remotely. Therefore, after installing the linux system, the first step to learn about Linux O & M should be to configure the client software to connect to the Linux system remotely (through ssh) for management.

 

The telnet connection to the server is in plain text and unencrypted. The default port is port 23.

The SSH connection Server is an encrypted connection. The default port is port 22.

Ssh connection Diagram
  • Server Side ==> provided through the ssh protocol ==> daemon sshd listens to port 22 (continuously listening to whether someone needs services)
  • Client (customer): ssh protocol, IP address, port number (what service is required), user name, password

 

How can I view the IP address of a Linux system ??

In Linux, the IP address is 192.168.179.20.

You can use these two commands to view IP addresses
IP address/24: Representing subnet mask 255.255.255.0
Lo: loopback NIC: used for device self-testing
Eth0: Your first Nic
Eth1: Your second Nic

Differences between ifup Nic name and ifconfig network name up

If you find that your VM has no IP address, your Nic device may be disabled.

 

Method 1: Enable the device with ifup + Network Card Name (ethx)

Method 2: ifconfig + Nic name (ethx) + up can also enable the device

Discussion

Since both commands can be successfully enabled, Is there any difference between them? Please follow me to do an experiment.

  • Step 1: Delete the configuration file of the eth1 Nic

/Etc/sysconfig/network-scripts/: This path is the path of the NIC configuration file. As O & M personnel, we must remember it.

  • Step 2: Disable the eth1 Nic device.
  • Step 3: We try to enable this device.

Continue discussion

Why is the test result like this? When I delete the configuration file of the eth1 Nic, The ifup command fails?

  • This is because the ifup/ifdown command does not actually enable or disable the physical Nic, but in fact it only controls the NIC configuration file, it indirectly operates the NIC device through the NIC configuration file.
  • Ifconfig xxxx up/down: Enables and disables the physical Nic device, so it is not affected by the configuration file.

 

Basic Principle of CRT remote connection
  • As we mentioned in the previous sections, the sshd service is actually a daemon of the server.
  • It is because of this daemon that port 22 of the server is constantly monitored)
  • When the CRT accesses port 22 of the server through the ssh protocol, the server's sshd service will immediately respond to this access, so remote connection can be performed.
  • Therefore, xshell cannot remotely access the server without the sshd service (kill the process.

When I remotely run the command kill 1486 process with the CRT, only the sshd process (Pid = 19130) connecting the current CRT to Linux is left ). That is to say, if I want to enable another session in the CRT to connect to Linux, it will never be connected.

If the sshd service on the server is not running, all access over the ssh protocol will fail (including xshell and CRT)

When the sshd service no longer listens to port 22 (which can be changed through the configuration file), the CRT must switch to the port it listens to for access to make the connection correct.

Summary:

Ifconfig + Nic name: You can view the IP address of the Enable NIC (you cannot see the NIC device in the disabled status)

Ip address a: You can view the ip addresses of all NICs (you can also see the disabled Nic)

Ip link: You can view the physical status of all NICs.

Ifup/ifdown + Nic name: Enable and disable Nic devices through Nic configuration files

Ifconfig Nic name up/down: directly disable and enable the NIC device.

Kill the process by using the kill + Pid or pkill + service name

Path of the sshd service configuration file:/etc/ssh/sshd_config

Nic configuration file path:/etc/sysconfig/network-scripts/ifcfg-nic name

Netstat-antup or ps-ef: can be used to view all services enabled by the current server

 

Troubleshooting (Linux host cannot be connected through ssh)

1. Whether the physical network between two machines is smooth (whether the network adapter and IP address are correct)
Ping 192.168.xx.xx ==> ping the Linux system in the current CRT or xshell to check whether the physical network is smooth.

2. Is the firewall or selinux enabled?

SELinux (Security-Enhanced Linux) is the implementation of mandatory access control by the US National Security Agency (NSA). This function makes system administrators love and hate it. Here we should close it, as for the security issue, we will use other methods to solve it later. This is also the practice of most production environments. It is also possible to enable it if necessary. The closing method is as follows:

Command description

  • Setenforce: used to manage the SELinux level in the command line. The following number indicates setting the corresponding level.
  • Getenforce: view the current status of SElinux.

Tip: After SElinux is modified, you must restart the system to make the settings take effect. Therefore, you can use the setenforce 0 temporary shutdown command to enable SElinux to take effect before and after the restart, that is, you do not need to restart the server immediately, linux machines cannot be restarted at will in the production environment.

3. Check whether the server's service process is enabled (sshd)

  • Netstat-antup or ps-ef: can be used to view all services enabled by the current server

4. Check whether the ssh port of the server is changed.

  • Path of the sshd service configuration file:/etc/ssh/sshd_config

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.