Chapter 1 Remote Connection to Linux System Administration
1.1 Why to connect to the Linux system remotely
In the actual work scenario, the virtual machine interface or the local window of the physical server are rarely accessible, because after the server is installed with the system, it must be pulled to the IDC computer room for hosting. The local display of the server is reached. At this time, the Linux system can only be managed through a remote connection. Therefore, after installing the Linux system, the first step in learning Linux operation and maintenance should be to configure the client software to connect to the Linux system remotely (connected through ssh software) for management.
Chapter 2 Little knowledge before connecting
2.1 IP address
Computers on the Internet will have a unique 32-bit address, and we must pass this IP address to access the server. There are also reserved IP addresses starting with 192.10.172 in the LAN, and the IP address of the LAN is also unique. In NAT mode, the ip of the computer host is unique in the local area network. If NAT mode is selected to create a virtual machine, the virtual machine is a new local area network (private network).
2.2 Simple concept of ports
The teacher's machine ip 192.168.11.211
192.168.11.211 represents a host, but there may be many services on the host. Different service functions on a host are distinguished by ports and then accessed by outsiders.
2.3 Simple Concepts of Protocols
Chinese, English, French, different services provide different ports, corresponding to different functions, and the communication methods may also be different. We can understand this communication method as a protocol.
Different service functions on a host are distinguished by ports. Different service ports, communication between client and server, can use different protocols
Chapter 3 SSH Remote Connection Troubleshooting Examples
- The telnet connection to the server is clear text, not encrypted
- SSH connection to the server is an encrypted connection
(Because I use mac to write documents, I can't actually screenshot the use of the windows tool xsehll, but this tool is really very simple, please make up your own mind)
3.1 ssh connection diagram
- Server-side ===>Provide through ssh protocol ===>sshd service====>Listen on port 22 (constantly monitor if anyone needs the service)
- Client (client): ssh protocol, ip address, port number (what service is needed), username, password
3.2 Five elements of remote connection
- Protocols: SSH (encrypted), telnet (unencrypted)
- IP: the IP address of the other party
- Port: Default 22 port
- username:
- password:
3.3 How to check IP address
- ifconfig(ip a)
You can use these two commands to view the IP address
ip address/24: represents the subnet mask 255.255.255.0
lo: loopback network card: used to detect the device self-test
eth0: your first network card
eth1: your second network card
Note that
if you find that your virtual machine does not have an IP address, then maybe your network card device is turned off
. You can turn on the device through the command: ifup + network card name (ethx)
through the command: ifconfig + network card name (ethx) + up It can also be turned on equipment
Discuss
Since these two commands can be successfully opened, is there any difference between them? Please follow me for an experiment.
- Step 1: We delete the configuration file of the eth1 network card
/etc/sysconfig/network-scripts/: This path is the path of the network card configuration file. As operation and maintenance personnel, we must remember
- The second step, we close the eth1 network card device
- The third step, we try to turn on the device
continue the discussion
Why are our test results like this? When I delete the configuration file of the eth1 network card, the ifup command fails?
- This is because the ifup/ifdown command does not actually control the opening and closing of the physical network card, but in fact it controls only the configuration file of the network card. It indirectly operates the network card device through the network card configuration file.
- And ifconfig xxxx up/down: It controls the opening and closing of the physical network card device, so it is not interfered by the configuration file.
3.4 Basic principles of xshell remote connection
- As we mentioned in the previous sections, the sshd service is actually a daemon of the server.
- It is precisely because of the existence of this daemon that port 22 of the server is continuously monitored (monitored)
- When xshell accesses the server's port 22 through the ssh protocol, the server's sshd service will respond to the access immediately, so a remote connection can be made
- Therefore, when the server does not have the sshd (kill process) service, xshell cannot be accessed remotely through the ssh protocol.
If the server-side sshd service is not running, then all access through the ssh protocol will fail (including xshell).
This is a connection diagram of a mac console. Access through ssh fails, (please try for xshell connection.)
- When the sshd service is no longer listening on port 22 (which can be changed through the configuration file), xshell must switch to the port it listens on for access to connect correctly.
summary
- ifconfig + network card name: You can view the IP address of the network card in the open state (you cannot see the network card device in the closed state)
- ip a: You can view the IP addresses of all network cards (you can also see the network cards that are turned off)
- ip link: You can view the physical status of all network cards
- ifup/ifdown + network card name: Enable and disable network card devices through network card configuration files
- ifconfig network card name up/down: directly close and open the network card device.
- Kill the process sshd service configuration file path by kill + Pid number or pkill + service name
: /etc/ssh/sshd_config
Network card configuration file path: /etc/sysconfig/network-scripts/ifcfg-network card name
netstat -antup or ps -ef : can be used to view all services enabled by the current server
3.5 Troubleshooting
1. Whether the physical network between the two machines is smooth (net cable network card, whether the IP is correct)
ping -t 192.168.xx.xx ====> Whether the physical network is smooth
2. Whether the firewall or selinux is on
Permanently close selinux directly through the sed -i operation file ( enable in the figure below should be enabled )
3. Check whether the server's service process is open (sshd)
summary
- Step 1: Check if the road is open:
Ping the server:
Troubleshoot the line between the client and the server, ping is a commonly used network connectivity check tool (Lutong No)
tracert -d server IP: trace router
Route tracking command, you can also check whether the route is smooth, -d is not to resolve the domain name
- Step 2: Go to the server to view
service iptables status
/etc/init.d/iptalbes status
Both commands can be viewed, equivalent.
The linux firewall iptables may do bad things with good intentions, blocking remote connections, turn off the firewall, and make the road unobstructed
- Step 3: SSH service problem
telnet + IP address: Check whether the SSH port 22 is open (executed by the client)
nmap + IP address + -p 22: Scan whether the server has opened port 22