WindTerm客户端,取消 “会话设置 -> SSH -> 验证 -> 尝试键盘交互认证” 可已正常连接。
$ apk update
$ apk add openssh-server openssh
; /etc/ssh/sshd_config
# 开放Root登录
- #PermitRootLogin prohibit-password
+ PermitRootLogin yes
# 允许其它用户登录
- #PasswordAuthentication yes
+ PasswordAuthentication yes
# 解决ssh自动断开
- #ClientAliveInterval 0
- #ClientAliveCountMax 3
+ ClientAliveInterval 60
+ ClientAliveCountMax 3
$ rc-service sshd start
$ rc-service sshd restart
# 设置开机启动
$ rc-update add sshd
# 删除开机启动服务
$ rc-update del sshd
# 显示所有服务
# rc-status -a
在 /etc/profile.d 文件夹下,创建sh文件来实现。
已弃用,转到 Tmux 命令
# 离线方式创建屏幕,一般用在启动脚本
$ screen -S <screen_name> -d -m
$ screen -ls
# 在指定屏幕内输入cmd,注意\n代表回车
$ screen -S <screen_name> -X stuff "<cmd>\n"
# 在当前窗口内,通过另一个过滤进程控制窗口的输入或输出。
# 非常复杂,还没有搞明白有什么用
# 官方建议:小心使用!
$ screen -S <screen_name> -X |<cmd>
$ screen -S <screen_name> -X !..|<cmd>
$ screen -S <screen_name> -X exec<cmd>
参考文档
在 screen 终端下,按 Ctrl+a d 键
# 进入指定屏幕,再退出
$ screen -r <screen_name|pid>
$ exit
# 指定屏幕,直接退出
$ screen -S <screen_name> -X quit
systemctl list-units ##列出当前系统服务的状态
systemctl list-unit-files ##列出服务的开机状态
systemctl status sshd ##查看指定服务的状态
systemctl stop sshd ##关闭指定服务
systemctl start sshd ##开启指定服务
systemctl restart sshd ##从新启动服务
systemctl enable sshd ##设定指定服务开机开启
systemctl disable sshd ##设定指定服务开机关闭
systemctl reload sshd ##使指定服务从新加载配置
systemctl list-dependencies sshd ##查看指定服务的倚赖关系
systemctl mask sshd ##冻结指定服务
systemctl unmask sshd ##启用服务
systemctl set-default multi-user.target ##开机不开启图形
systemctl set-default graphical.target ##开机启动图形
$ _hostname_=XXXX
$ hostnamectl --static set-hostname ${_hostname_}
$ hostnamectl --transient set-hostname ${_hostname_}
$ hostnamectl --pretty set-hostname ${_hostname_}
$ timedatectl set-timezone Asia/Shanghai
在 Alpine 上安装 Docker 真是一件让人感觉非常愉快的事情,因为过程非常简单。
$ nano /etc/apk/repositories
因为 docker 在社区的库里,所以要打开 community 的源。
#/media/cdrom/apks
http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.16/main
http://mirrors.tuna.tsinghua.edu.cn/alpine/v3.16/community
#http://mirrors.tuna.tsinghua.edu.cn/alpine/edge/main
#http://mirrors.tuna.tsinghua.edu.cn/alpine/edge/community
#http://mirrors.tuna.tsinghua.edu.cn/alpine/edge/testing
$ apk update
$ apk add docker docker-cli-compose
# 这里要特别注意,docker compose 的包名在 Alpine 里是 docker-cli-compose,不是 docker-compose-plugin。
# docker-compose 包是 compose 的独立安装包,官方已经不再支持这种安装方式。
...
$ docker -v
Docker version 20.10.16, build aa7e414fdcb23a66e8fabbef0a560ef1769eace5
$ docker compose version
Docker Compose version v2.12.2
~# nano /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.10.16/24
gateway 192.168.10.10
hostname alpine
# nano /etc/resolv.conf
nameserver 114.114.114.114
~# service networking restart
特点:
不同版本:
Alpine 有许多版本,其中 VIRTUAL 是专门针对虚拟环境优化过的,所以主要使用这个版本来安装。
https://www.alpinelinux.org/downloads/
...
# 使用启动盘启动后,直接使用 root 登录系统
localhost login: root
...
localhost:~# setup-alpine
# 选择键盘布局
# 这里两个都选 cn 或都不选
...
Select keyboard layout: [none] cn
...
Select variant (or 'abort'): cn
# 设置主机名
...
Enter system hostname (fully qualified form, e.g. 'foo.example.org') [localhost] home
# 设置网络
...
Which one do you want to initialize? (or '?' or 'done') [eth0] eth0
Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp] dhcp
Do you want to do any manual network configuration? (y/n) [n] n
# or 手动输入IP地址
Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp] 192.168.10.16/24
Gateway? (or 'none') [none] 192.168.10.10
Do you want to do any manual network configuration? (y/n) [n] n
DNS domain name? (e.g 'bar.com')
DNS nameserver(s)? 114.114.114.114
# 设置密码
...
New password:
...
Retype password:
# 设置时区
# PRC 代理中国,也可以输入 Asia/,再输入 Shanghai
...
Which timezone are you in? ('?' for list) [UTC] PRC
# 设备代理
...
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] none
# 设置更新源
# f 是自动测试并选择最快的源,建议使用
...
Enter mirror number (1-74) or URL to add (or r/f/e/done) [1] f
#
Setup a user? (enter a lower-case loginname, or 'no') [no] no
# 设置ssh服务
Which ssh server? ('openssh', 'dropbear', or 'none') [openssh] openssh
# 这里一定要输入 yes
# 许多教程都说 Alpine 默认没有远程登录,都上手动修改,其实是可以在安装时就设备好的
Allow root ssh login? ('?' for help) [prohibit-password] yes
Enter ssh key or URL for root (or 'none') [none] none
# 设置磁盘
...
Which disk(s) would you like to use? (or '?' for help or 'none') [none] sda
...
How would you like to use it? ('sys', 'data', 'crypt', 'lvm' or '?' for help) [?] sys
...
WARNING: Erase the aboue disk(s) and continue? (y/n) [n] y
...
Installation is complete. Please reboot.
# 到这里安装全部完成
# 准备应答文件
home:~# reboot
home:~# rc-service iptables stop
home:~# rc-update del iptables
其实网上相关的文章已经非常多了,所以这篇文章的作用只是记录和明确一条确定可行的操作路径,为以后的操作节省时间,毕竟像我一样大部分人都不是专业的系统管理员,能够快速解决问题就可以了,并不想做过多的专业研究与探索。
本操作手册是官方手册与网上手册的结合版本,集两家之所长,亲自操作可用。
# 安装 Docker 证书
sudo apt-get install -y ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc\
sudo echo
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" |
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
# 安装 Docker
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# 启动 Docker
sudo systemctl enable docker.service
sudo systemctl start docker.service
# 测试
sudo docker version
> Client: Docker Engine - Community
> ...
> Server: Docker Engine - Community
> ...
sudo docker compose version
> Docker Compose version v...
# 使用非 root 用户管理 Docker
# 创建 docker 用户组
sudo groupadd docker
# 将当前用户添加到 docker 用户组
sudo usermod -aG docker $USER
# 重启
# 再次测试
docker version
> Client: Docker Engine - Community
> ...
> Server: Docker Engine - Community
> ...
docker compose version
> Docker Compose version v...
# 查看系统版本
cat /etc/redhat-release
> CentOS Linux release 7.6.1810 (Core) // CentOs 7 以上版本
# 查看系统内核版本
uname -r
> 4.10.4-1.el7.elrepo.x86_64 // 内核版本要>3.10
# 卸载旧版本
yum remove docker
docker-client
docker-client-latest
docker-common
docker-latest
docker-latest-logrotate
docker-logrotate
docker-selinux
docker-engine-selinux
docker-engine
# 安装依赖包
yum install -y yum-utils lvm2
device-mapper-persistent-data
# 添加 Docker 软件源
# 如果系统已切换到阿里云镜像源地址,可跳过此步。
# 阿里云镜像自带docker源
yum-config-manager
--add-repo
https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
# 使用官方源
yum-config-manager
--add-repo
https://download.docker.com/linux/centos/docker-ce.repo
yum makecache fast
# CentOS 8 or Rocky 9 使用timer替换fast
yum makecache timer
# 安装 Docker
# 如果在 Rocky 9 系统上,会提示containerd.io版本过低,或下载失败,需要独立安装containerd.io
# 可以重试几次
yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
# 启动 Docker
# 设为开机启动
systemctl enable docker.service
# 启动服务
systemctl start docker.service
# 测试
docker run hello-world
> Unable to find image 'hello-world:latest' locally
> latest: Pulling from library/hello-world
> 1b930d010525: Pull complete
> Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f
> Status: Downloaded newer image for hello-world:latest
>
> Hello from Docker!
> This message shows that your installation appears to be working correctly.
>
> To generate this message, Docker took the following steps:
> 1. The Docker client contacted the Docker daemon.
> 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
> (amd64)
> 3. The Docker daemon created a new container from that image which runs the
> executable that produces the output you are currently reading.
> 4. The Docker daemon streamed that output to the Docker client, which sent it
> to your terminal.
>
> To try something more ambitious, you can run an Ubuntu container with:
> docker run -it ubuntu bash
>
> Share images, automate workflows, and more with a free Docker ID:
> https://hub.docker.com/
>
> For more examples and ideas, visit:
> https://docs.docker.com/get-started/
docker compose version
> Docker Compose version v...
若能正常输出以上信息,则说明安装成功。
sudo apt install -y netselect-apt \
&& sudo netselect-apt \
&& sudo apt autoremove -y netselect-apt \
&& rm -f sources.list
The fastest 10 servers seem to be:
http://mirrors.bfsu.edu.cn/debian/
http://mirrors.tuna.tsinghua.edu.cn/debian/
http://mirrors.neusoft.edu.cn/debian/
http://mirrors.jlu.edu.cn/debian/
http://ftp.cn.debian.org/debian/
http://debian.cs.nycu.edu.tw/debian/
http://mirror.i3d.net/debian/
http://mirrors.163.com/debian/
http://mirror.bizflycloud.vn/debian/
http://ftp.kaist.ac.kr/debian/
Of the hosts tested we choose the fastest valid for http:
http://mirrors.bfsu.edu.cn/debian/
Writing sources.list.
Done.
# PVE QEMU debian-12-generic-amd64.qcow2
# echo 'http://mirrors.bfsu.edu.cn/debian/' | sudo tee /etc/apt/mirrors/debian.list
# echo 'http://mirrors.bfsu.edu.cn/debian-security/' | sudo tee -a /etc/apt/mirrors/debian-security.list
sed -i -e "s/deb.debian.org/mirrors.bfsu.edu.cn/" /etc/apt/mirrors/debian.list
sed -i -e "s/deb.debian.org/mirrors.bfsu.edu.cn/" /etc/apt/mirrors/debian-security.list
# PVE LXC debian-12-standard_12.7-1_amd64.tar.zst
sed -i -e "s/deb.debian.org/mirrors.bfsu.edu.cn/" /etc/apt/sources.list
sed -i -e "s/security.debian.org/mirrors.bfsu.edu.cn\/debian-serurity/" /etc/apt/sources.list
# Docker imaage debian:12
sed -i -e "s/deb.debian.org/mirrors.bfsu.edu.cn/" /etc/apt/sources.list.d/debian.sources
# 启用非自由仓库
sed -i 's/main$/main contrib non-free non-free-firmware/' /etc/apt/sources.list
# update
apt update
# 查询软件包版本信息、优先级和来源
apt policy <package_name>
apt-cache policy <package_name>
# 安装指定版本的包
apt install <package_name>=<version_number>
yum repolist
# 显示所有仓库
yum repolist all
# 显示所有启动的仓库
yum repolist enabled
# 显示所有禁用的仓库
yum repolist disabled
最常用的修改操作就是启动和停用, 可以使用以下命令实现:
脚本基于Centos 7
$ uname -r
3.10.0-514.26.2.el7.x86_64
$ cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
导入elrepo的key,然后安装elrepo的yum源
$ rpm -import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
$ rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
查看可用的内核相关包
$ yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
主分支ml(mainline),稳定版(stable),长期维护版lt(longterm) 安装内核
$ yum -y --enablerepo=elrepo-kernel install kernel-ml.x86_64 kernel-ml-devel.x86_64
# 查看系统内核列表
$ awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg
CentOS Linux (5.2.11-1.el7.elrepo.x86_64) 7 (Core) # 新内核(5.2.11)在0的位置上
CentOS Linux (3.10.0-957.27.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-514.26.2.el7.x86_64) 7 (Core)
CentOS Linux (3.10.0-514.el7.x86_64) 7 (Core)
CentOS Linux (0-rescue-963c2c41b08343f7b063dddac6b2e486) 7 (Core)
$ vim /etc/default/grub
#将 GRUB_DEFAULT=saved 改为 GRUB_DEFAULT=0
# 重建内核配置
$ grub2-mkconfig -o /boot/grub2/grub.cfg
# or 使用第二种命令行方式,减少操作复杂度,减少出错机率
# 查看系统内核列表
$ cat /boot/grub2/grub.cfg | grep menuentry
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
menuentry_id_option=""
export menuentry_id_option
menuentry 'CentOS Linux (6.2.2-1.el7.elrepo.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-fbc2582d-2e8a-4c41-8ba8-83656d8df89b' {
menuentry 'CentOS Linux (3.10.0-1160.83.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-fbc2582d-2e8a-4c41-8ba8-83656d8df89b' {
menuentry 'CentOS Linux (3.10.0-1160.81.1.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.81.1.el7.x86_64-advanced-fbc2582d-2e8a-4c41-8ba8-83656d8df89b' {
menuentry 'CentOS Linux (3.10.0-1160.el7.x86_64) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.10.0-1160.el7.x86_64-advanced-fbc2582d-2e8a-4c41-8ba8-83656d8df89b' {
menuentry 'CentOS Linux (0-rescue-9745ea2ecc634c89aef55f4dc21ee8fc) 7 (Core)' --class centos --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-0-rescue-9745ea2ecc634c89aef55f4dc21ee8fc-advanced-fbc2582d-2e8a-4c41-8ba8-83656d8df89b' {
# 配置默认内核
$ grub2-set-default "CentOS Linux (6.2.2-1.el7.elrepo.x86_64) 7 (Core)"
# 验证修改结果
$ grub2-editenv list
saved_entry=CentOS Linux (6.2.2-1.el7.elrepo.x86_64) 7 (Core)
$ reboot
#查看内核版本
$ uname -r
5.2.11-1.el7.elrepo.x86_64
基于Centos 7
注意:CentOS 7默认的防火墙不是iptables,而是firewalld
# 停止firewalld服务
systemctl stop firewalld
# 禁用firewalld服务
# systemctl mask firewalld
# 删除firewalld
yum erase firewalld
# 先检查是否安装了iptables
systemctl status iptables
# 安装iptables
yum install iptables iptables-services -y
# 注册iptables服务,相当于以前的chkconfig iptables on
systemctl enable iptables
# 开启服务
systemctl start iptables
# 查看状态
systemctl status iptables
# 重启防火墙
systemctl restart iptables
# 保存规则
service iptables save
# 如果报“-bash: service: command not found”,则需要安装initscripts
yum install initscripts -y
注意添加规则的先后顺序