Shulou(Shulou.com)06/03 Report--

Nowadays, CVM has become very common in network services. Compared with the traditional computer room, CVM has the advantage of rapid upgrade and downgrading of hardware, and can be adjusted at any time according to the development of the business. It will not waste performance, nor will it lack performance. For individuals, with a very simple operation, they can build their own network service platform, which is very beneficial in many ways.

In China, large network enterprises not only use a large number of CVM, but also provide CVM features one after another, such as Aliyun, Tencent Cloud, Amazon, Microsoft Azure, Baidu Cloud, JD.com Cloud, Huawei Cloud and so on.

The purchase method of CVM is described in detail on the above websites, and for students and startups, various CVM providers also offer discounts to varying degrees. Generally speaking, the lowest CVM configuration is sufficient for beginners.

The configuration of the CVM system is generally Windows Server or Linux distribution. Considering the popularity of the server system, Ubuntu, the most novice-friendly Linux distribution, is the best choice (of course, there are many people who like CentOS).

# log in to SSH

After purchasing a CVM, the operator will provide the login public network IP address and login password. By default, Linux CVM opens port 22 for SSH login. If the operating system is Windows, you need to download SSH login tools such as XSHELL or Putty, and you can log in to SSH directly from the command line under Linux.

Of course, Windows systems can also run the Linux environment by installing Cygwin, which is helpful to be familiar with Linux operations, while in the case of Windows10, you can also install Linux distributions such as Ubuntu or SUSE.

```shell

Ssh root@ (ip address)

# create a user

Create a user with the following command, such as to create a user name demo

```shell

Add user demo

`

Enter the password as prompted by the system. Entering a strong password will improve the security of the system. It is generally required to include case, numbers and special characters with a length of not less than 8 digits.

# set root permissions

After creating a user, you need to set the su (superuser) permission to the user, because many operations must be done through the su permission, and switching to the root user repeatedly violates our original intention to improve security. Therefore, set sudo permissions for new users under the root role.

```shell

Usermode-aG sudo demo

`

This command actually adds the demo user to the sudo group, so demo has sudo permissions.

# add public key login

When managing a remote server, it is best to log in through a key rather than a password, which can minimize the risk of password cracking. The way of the key involves the knowledge of cryptography. generally speaking, when the key pair is used, the system generates a pair of keys, one is the public key and the other is similar to the key. the public key can be placed anywhere, or it can be made public on the website, but the private key must be kept properly. because as long as you take the private key, you can pair it with the public key. My simple understanding is that the public key is actually the equivalent of the lock and the private key is the key. You can hang the lock anywhere, but the key must be kept by yourself before you can unlock it.

To add a key login, first generate a pair of keys. (on the local computer, it must not be generated on the remote computer)

```shell

Ssh-keygen

`

This command can generate a pair of keys, just follow the command prompt. You can also enter a password to protect the key during the generation process, which is more secure.

The generated key pair is generally under the / home/demo/.ssh/ directory, and if the rsa key is generated, the public key name is id_rsa.pub and the private key is id_rsa. The directory will be different under windows (actually, I don't know where to put it, but once it seemed to work under the personal directory of / user/. If you have multiple cloud servers, there is no need to generate a different key pair for each server. One pair is basically sufficient.

# upload public key

There are two ways to upload a public key

# # using Special commands

Use the following command to complete the upload key in one step and add it to the. ssh/authorized_keys file on the remote computer.

```shell

Ssh-copy-id demo@ (ip address)

`

* * attention. .ssh is a hidden folder, in Linux, by prefix to the file or folder name. To indicate a hidden file, you can view it through the parameter ls-a * *

# # manually

Completing the command to upload the public key manually can figure out what ssh-copy-id has done.

```shell

Cat / .ssh/id_rsa.pub

`

This command outputs the public key in the terminal, or you can open the file through the editor. Copy the content. Then log in to the remote server through the terminal ssh (via demo)

```shell

Su-demo

Mkdir / .ssh

Chmod 700. ssh

Nano (vim) ~ / .ssh/authorized_keys

`

The above commands in turn give demo sudo permissions, create a .ssh directory and modify permissions, and create a new authorized_keys file (you can use a familiar editor, nano,vim).

Paste the previously copied public key content into this new file and save it.

```shell

Chmod 600 ~ / .ssh/authorized_keys

`

Modify file permissions to improve security.

# disable password login

After completing the key setting, it is best not to log in through the password to improve the security of the server (of course, this should be based on ensuring that the key can log in, otherwise you may have to reset the server, so you will never log in again)

```shell

Sudo nano / etc/ssh/sshd_config

`

Open the ssh configuration file, find the following, and modify it to the following values

```shell

PasswordAuthentication no

PubkeyAuthentication yes

ChallengeResponseAuthentication no

`

Exit or restart the following remote server, and then log in through the ssh test.

# set the firewall.

You can set up a system firewall through ufw.

```shell

Sudo ufw app list

`

View a list of approved or prohibited programs

```shell

Sudo ufw allow OpenSSH

`

Allow SSH to log in

```shell

Sudo ufw enable

Sudo ufw status

`

Enable the firewall and check the status.

This is basically the end of the preliminary server configuration.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.