Log in and log out of a remote server from scratch

I got a cloud server during Double 11. It took one or two weeks to put on record, but it was finally approved in these two days. Therefore, a Docker container was installed on the personal server to deploy the project, and all the services were packaged into containers as far as possible to facilitate unified management and operation.

So use Docker to build nginx as a reverse proxy server, responsible for request distribution, with nginx deployment static blog, with mysql exposed to personal project use…

However, the journey of a thousand miles begins with a single step, and everything starts from logging in and out of the remote server. This article is based on the Centos7.6 environment, and does not guarantee that other environments are normal.

Environment to prepare

Server Requirements

If you already have a cloud server or vm server, verify that the SSH service is installed on the server. If the SSH service is not installed, install it in advance.

After the login server, input in the command line window RPM – qa | grep SSH see whether including SSH related documents.

[root@snowdreams1006 ~]# rpm -qa | grep sshOpenssh - clients - 7.4 - p1-16. El7. X86_64 libssh2 1.4.3-12. El7_6. 2. X86_64 openssh server - 7.4 - p1-16. El7. X86_64 Openssh - 7.4 - p1-16. El7. X86_64Copy the code

By default run netstat antp | grep SSHD command, you can see the SSHD service to monitor the port is the default port 22.

[root@snowdreams1006 ~]# netstat -antp | grep sshdTCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1051/ SSHD TCP 0 0 *.*.*.*:22 *.*.*:46797 ESTABLISHED 17334/ SSHD: root@ptCopy the code

Note The SSH service has been preinstalled on most cloud servers. If the preceding command output is not displayed, the SSH service may not be installed. You can run the yum install openssh-server command to install the SSH service.

Some common commands about SSHD are summarized as follows

• To viewsshdRunning state

systemctl status  sshd
Copy the code

If the running result includes Active: Active (running), the SSHD service is in the Active state. If it is Active: Inactive (Dead), the SSHD service is disabled.

[root@snowdreams1006 ~]# systemctl status sshdLow SSHD. Service - the OpenSSH server daemon the Loaded: the Loaded (/ usr/lib/systemd/system/SSHD. Service; enabled; Vendor PRESET: Enabled) Active: Active (running) since five 2019-11-29 21:05:08 CST; 16h ago Docs: man: SSHD (8) man:sshd_config(5) Main PID: 1051 (SSHD) Tasks: 1 Memory: 10.9m CGroup: / system. Slice/SSHD service └ ─ 1051 / usr/sbin/SSHD - DCopy the code

• On | off | restartsshdservice

systemctl start  sshd
Copy the code

If the SSHD is already disabled, you can start it again. If the SSHD is already started, no output is displayed, but the SSHD is still started.

systemctl stop  sshd
Copy the code

If the SSHD is running, you can stop the service. If the SSHD is running, no output is generated, but the SSHD is still running.

systemctl restart  sshd
Copy the code

If the SSHD is running or stopped, you can restart the service. Although no output is displayed, the service is started.

• Boot from the rev. | ban since the revsshdservice

systemctl list-unit-files | grep enabled
Copy the code

Check all startup services. If SSHD is included, SSHD is added to the startup service. If no, SSHD does not start.

systemctl list-unit-files | grep enabled | grep sshd
Copy the code

If there are many automatic startup services after all the startup, it is not easy to see whether the SSHD service is automatically started. You can add another grep SSHD command to filter whether the SSHD service is included.

systemctl enable sshd
Copy the code

If some services are very important and need to run in the background all the time, it is better to add the startup service, so as to prevent accidental shutdown after restarting the server forget to start the service, such as SSHD service and Docker service.

systemctl disable sshd
Copy the code

Have boot since the rev. Services for disabled, run systemctl list – unit – files | grep enabled | grep whether you can view the current service SSHD will boot from the rev.

If you don’t have a server yet and want to learn about it, either buy it now or install the virtual machine for free, or save it for later!

For immediate purchase of server partners, please contact me in private, with my promotional link to buy, you have a discount, I have a share, why not?

I want to buy cloud server, had better leave a message or private message to tell me!

For free installation of virtual machine experience users, according to their own operating system, refer to the following tweets for installation, have a problem can also contact me!

I want to install virtual machine, better message or private message to tell me!

Click here to read the previous tweets about what virtual machines are and how to install Centos servers.

• Give your computer a whole new experience

It mainly introduces what virtual machine is and demonstrates how to install VMware virtual machine for Windows computer.

• Install centos for Windows VIRTUAL machines

On the basis of VMware VIRTUAL machine installed on Windows PC, install a Centos image and have your own Centos server.

• Install a Virtual machine for your MAC

It mainly introduces what virtual machine is and demonstrates how to install VMware virtual machine for Mac.

• Install centos for a VIRTUAL machine

On the basis of installing VMware VIRTUAL machines on the Mac, install a Centos image and have your own Centos server.

Client Requirements

The SSH protocol is required for logging in to the server. Therefore, you need to verify whether the LOCAL client command line interface (CLI) supports the SSH protocol.

Open the command line you are using and type SSH. If the following prompts are displayed, it is ok. If not, please install SSH command line terminal.

If you are a Mac user, open the default terminal and type SSH to return instructions.

snowdreams1006$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
           [-i identity_file] [-J [user@]host[:port]] [-L address]
           [-llogin_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port]  [-w local_tun[:remote_tun]] destination [command]
Copy the code

Git Bash is also supported by the Git Bash command line on Windows.

Note If you are a Windows user using the CMD command line window and do not support SSH, select a UNIx-like terminal.

Microsoft Windows [Version6.1.7601Copyright (c) all Rights Reserved.2009Microsoft Corporation. All rights reserved.
C:\Users\Administrator>ssh
'ssh'is not an internal or external command, nor a runnable program or batch file.C: \Users\Administrator>
Copy the code

The Git Bash command line is more simple and elegant than the CMD terminal, giving you a variety of Unix operating experience.

Cli Login

Before logging in to the server over SSH, you must know your account password. You must set the password before logging in to the server in SSH mode.

Generally, the password is set by yourself. If you do not know the default password, you can ask the cloud server vendor or reset the password. Assume that you already know the server password and the public IP address of the server.

Now we will remotely log in to the cloud server in the command line of the local client, from the simplest and convenient password login to the password-free key login to the last alias login, hurry up and follow me!

Note: please ensure that SSHD service is enabled on the server and SSH protocol is supported in the command line of the local client. Otherwise, please save it for later.

Password to login

Open the familiar command line terminal, and run SSH < login account >@< server public IP address > to directly log in to the remote cloud server.

$ ssh [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:/RJ5aI+c41Brr1dcBMhdNHQJa7daP+8fbupqsGmHRHc.
Please contact your system administrator.
Add correct host key in /c/Users/Administrator/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /c/Users/Administrator/.ssh/known_hosts:5
ECDSA host key for 121.40.223.69 has changed and you have requested strict checking.
Host key verification failed.
Copy the code

Since my domain name snowdreams1006.cn has been successfully registered and resolved, I can directly use the domain name instead of IP. Frankly speaking, IT is because I am lazy, who can not remember IP!

If you do not encounter the above prompts, congratulations, you can then enter the account password to log in to the server!

SSH /known_hosts if you have experienced this problem, you may have logged in to the server before, but the server reinstalled the system, so you can clear the ~/. SSH /known_hosts and log in again.

rm -rf ~/.ssh/known_hosts
Copy the code

Forcibly delete the ~/. SSH /known_hosts file and re-ssh [email protected] to log in to the remote cloud server, select yes as prompted, and enter your password to enter the home directory by default.

$ ssh [email protected]
The authenticity of host 'snowdreams1006.cn (*.*.*.*)' can't be established.
ECDSA key fingerprint is SHA256:/**********************************.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'snowdreams1006.cn,*.*.*.*' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: *** from *.*.*.*

Welcome to Alibaba Cloud Elastic Compute Service !

[root@snowdreams1006 ~]#
Copy the code

Come all come, do not leave a point what thing embarrassed not to say to others oneself once in the future, then casually meaning good.

• Wukong came here for a visit

[root@snowdreams1006 ~]# whoami
root
Copy the code

Whoami whoami: view the name of the user who is logging in

[root@snowdreams1006 ~]# pwd
/root
Copy the code

PWD Where am I: Print the current directory path

[root@snowdreams1006 ~]# who -u596 root PTS /0 2019-11-30 14:15.17506 (115.217.243.122) root PTS /1 2019-11-30 14:28 00:05 115.217.243.122 (17533)Copy the code

Who-u Who else: Print system login user

[root@snowdreams1006 ~]# last -a | head -6
root     pts/1        Sat Nov 30 14:28   still logged in115.217.243.122 Root PTS /0 Sat Nov 30 14:15 Still loggedin115.217.243.122 Root PTS /0 Sat Nov 30 13:10-13:51 (00:41) 115.217.243.122 Root PTS /0 Sat Nov 30 12:24-12:25 (00:00) 115.217.243.122 Root PTS /1 Fri Nov 29 22:08-23:12 (01:03) 112.17.241.55 Root PTS /0 Fri Nov 29 21:33-22:13 (00:39) 112.17.241.55Copy the code

Last – a | head – who is the last 6: print the last logged in user

• I don’t seem to know you

If you find that the logged-in user has other users besides yourself or do not remember whether you have logged in or logged out of other terminals, you should kick out these terminals.

If you want to kick out others, first of all to their login terminal terminal which is their own, not their own kick, that is funny!

Whoami only prints login name, no login terminal information, but who AM I display information is relatively much, here to remember the name of the current user login terminal!

[root@snowdreams1006 ~]# who am i
root     pts/0        *** (*.*.*.*)
Copy the code

Who am I: Who am I, more information than whoami.

Who -u can display all the login users, but it is recommended to use W to view the login user terminal information, because there are fewer typed commands!

[root@snowdreams1006 ~]# w14:53:04 up 17:48, 3 users, load average: 0.00, 0.01, 0.05 USER TTY FROM login@idle JCPU PCPU WHAT root tty1 5 21 17:46m 0.00s 0.00 s-bash root PTS /0 115.217.243.122 14:15 0.00s 0.81s 0.00 S W root PTS /1 115.217.243.122 14:51 1:37 0.00s 0.00 s-bashCopy the code

Both who-u and W can view the information about the logged-in user terminals. PTS /0 is the current logged-in terminal, and PTS /1 can be kicked.

# pkill -kill -t pts/1
Copy the code

Pkill -kill -t PTS /< Serial number > After you kick out the login terminal, the terminal automatically exits, indicating that the connection is closed.

[root@snowdreams1006 ~]# w14:58:46 up 17:53, 2 users, load average: 0.00, 0.01, 0.05 USER TTY FROM login@idle JCPU PCPU WHAT root tty1 521 17:52m 0.00s 0.00 s-bash root PTS /0 115.217.243.122 14:15 6.00 s to 0.83 s 0.00 s wCopy the code

W: Anyone, check the login terminal again after kicking out the other terminal and find that there is no PTS /1, prove the operation is successful!

• Go home and get some sleep

Log in to the server to view some information, and successfully kick out other terminals, it is dark, it is time to wash and go to sleep, at this time, you need to exit the server and return to the command line of the local client.

[root@snowdreams1006 ~]# exitConnection to ssh.snowDreams1006.cn closedCopy the code

In addition to typing the exit command, you can also press the shortcut key Ctrl+D to exit the connection.

The key to log in

In general, using a password is more suitable for infrequent occasions. It is ok to use a terminal to log in occasionally, but if you need to log in to a remote server frequently, it is more difficult to log in every time you connect.

Since you don’t need a password to log in, how do you prove your identity to warrant a valid login request?

Here is where the key instead of password to log in, the first generate a native client authentication information, and then install the authentication information to a remote server, simply complete the operation means that the next request from the client login is legitimate, or the server how can have your certification information?

Therefore, you can guess that even if the same account uses different authentication information, then the remote server will still save the authentication information. For example, your Mac has implemented secret login, but your Windows has not uploaded its own authentication information, so the secret login is only valid for Mac!

Of course, if the Mac and Windows computers have the same authentication information, then the server can save a copy of the secret login is not?

The answer is: yes!

It can be seen that the key login is for terminal equipment, especially suitable for the common terminal, the occasional computer to do not set the key, or one day you forget, people can directly log in your server, how terrible!

The local client needs to generate an authentication file, and the remote server needs to save the authentication file.

1. The local client generates a public key

$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+ FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxug N/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlF wAHxELr2bbTv [email protected]Copy the code

The ~/.ssh/id_rsa.pub file is an authentication file sent to the server and can be exposed to the Internet. As long as the server saves the public key, the local client that generates the public key can access the server without encryption.

If your local client does not have the public key file, run the ssh-keygen -t rsa command to generate a public key file, enter the relevant information as prompted, and run the cat ~/. SSH /id_rsa.pub command to view the contents of the public key file.

2. The remote server receives the public key

A local client can complete a secret – free login by appending the contents of its public key file to the authorization file of the remote server.

~/.ssh/authorized_keys

[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+ FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxug N/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlF wAHxELr2bbTv [email protected]Copy the code

The ~/.ssh/authorized_keys of the remote server contains the ~/.ssh/id_rsa.pub of the local client.

Therefore, copy and paste the contents of the ~/. SSH /id_rsa.pub public key file from the local client to the ~/. SSH /authorized_keys file on the remote server.

The vim operation is the only challenge for beginners, but we have tools to simplify the copy-and-paste operation!

Ssh-copy-id [email protected]

Ensure that the public key has been generated on the local client. Check the contents of the public key file: cat ~/.ssh/id_rsa.pub

$ cat ~/.ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9 +c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcO Uix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTE X0xmi6o1r5xP Administrator@snowdreams1006Copy the code

This is a Windows computer, which was not configured before the demo, so after executing ssh-copy-id [email protected], it should support encrypted login just like Mac.

$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/c/Users/Administrator/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
Copy the code

The public key of the Windows computer has been added to ~/.ssh/authorized_keys of the remote server.

[root@snowdreams1006 ~]# cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0gC0u4gR4oba4oHS59Tcc4eAVkaJHsCmys0v4IupoSLQKkdUJVxSfkmL5JZEkr7JNySD7Y52ukRcxx1ZMW0oK7lq+ FvfEwzIfAOqVoM4bCoh2D/iC6Xf43ilxCM6oMhpWyITGtxPVzW/ZmmxRGcQzeVrrvoSLhOt0+L0rvFuiQZmnhkV0zqGTRKTQ5uEKycigfdItEaHFIg9fMxug N/bgeflJoEBZjAJHXkqd0mq/4AqeAbkoruEz6D+OiqBhoN8CsbaPCaccMoKd8Tze5UszC3PsQWo96nQoXMXk7HYoFwvJCAgAfKP0CaTwGEK/D7SFvXm3UMlF wAHxELr2bbTv [email protected] ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1UGGBXbqINEfQNCweCOWDlqvRfw3iIqkX9UnI71GgyJkkPUZbycw3L4dVeBkpo76OJjJhJmsAGbHAuhYLloqoNjD9 +c/hk7vgP0uZHqVXehqKuP5VvOOkqeLXZkjdXQ49MhARHBVm1LaD44iOOneYclSPiRjKs+6eCxU9SQp+dVUcZMrbAE1lktGgDQEkjtFl8BE9BQkCU24r8xcO Uix4iZgdDIa5gnE9YLg1rNXO6LgQG61JLvErrc2g7KkkR4i2P1R+0uV3KdYyMv8Y2aYwYGqY1PjqXUVfaJjTor4Dr8HHBp4VHE3kNVZitLJ2S7RFYuYGFXTE X0xmi6o1r5xP Administrator@snowdreams1006Copy the code

As you can see, the remote server has saved the contents of the public key file that was just uploaded to the Windows PC, so ssh-copy-id is a magic tool. There is no need to copy and paste the public key manually.

As for what you can do after logging in, I think you can still go there and kick out other terminals and things like that. Finally, don’t forget to log out of exit!

The alias login

Whether password login or key login, we are using SSH protocol for login, and the configuration of key login is also dependent on password login, anyway, both type in a lot of commands!

How can I not log in quickly?

The answer is: yes!

Since you want to log in quickly, the login information is absolutely necessary, so you can write the necessary login information to the configuration file, and then read the configuration file for login.

The principle is easy to understand, the point is do we need to implement it ourselves?

Fortunately: no!

Similarly, edit the SSH configuration file, located in ~/.ssh/config, to set some login information.

Host < Host ID > User > HostName < Host name >Copy the code

In the preceding format, set the login information as follows:

Host github.com
User snowdreams1006
Hostname ssh.github.com

Host snowdreams1006.cn
User root
Hostname ssh.snowdreams1006.cn
Copy the code

Where Host is the unique identifier exposed to the outside world, the Host can replace the account and IP.

The original login command was SSH < login account >@< server public IP address > now it is SSH < host ID >

$ ssh snowdreams1006.cn
Last login: **** from *.*.*.*

Welcome to Alibaba Cloud Elastic Compute Service !

[root@snowdreams1006 ~]# 
Copy the code

Graphical login

SecureCRT (SecureCRT) is recommended to remotely connect to a Linux application. It is easy to configure and log in to a Linux application.

The quick connection configuration pops up after the first login, which is basically about the service domain name port and so on. There is no password configuration item.

After clicking the connection, it will pop up whether to add the host fingerprint or not, select accept and save.

After entering the password, select OK, and after a while you will connect to the server.

Come all come, or casually knock an order to go again!

Cloud Service Login

Log in to the console to find the ECS server, then find your cloud server, so remote connect -> Connect password -> Username/password, and you can login successfully!

review

Both password login and key login apply to certain scenarios. If password login is not secure, you can disable password login and keep the key login only.

Log in to the server remotely, find the /etc/ssh/ssh_config file and edit the following to disable password login.

Host *
  PasswordAuthentication no
Copy the code

• Password to login

$SSH < Login account >@< Server public IP address >Copy the code

ssh [email protected]

• The key to log in

$SSH < Login account >@< Server public IP address >Copy the code

ssh [email protected]

• To simplify the login

$SSH < host id>Copy the code

ssh snowdreams1006.cn

To read more

• Enable the SSH Server service in CentOS
• IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY解决
• Linux 7 Boot option View and set
• Introduction to SSH and two remote login methods
• Quick And security-free SSH login for the server
• Linux information view and command
• In Linux, kick out the logged-in user
• Mac install the SecureCRT
• SecureCRT 8.1.4 Decryption tutorial

If you feel that this article is helpful to you, welcome to like the message to tell me, your encouragement is my motivation to continue to create, might as well pay attention to the personal public number “snow dream technology station”, regularly update quality articles!