自定义分区
新建分区表
点击新建的空闲分区, 然后点加号
因为虚拟机设置选了UEFI , 所以先建立一个”EFI系统分区” , 设置大小,来它300兆
继续点 剩下的空闲分区, 再点加号
剩下的空间都个了根分区 /
没有设置 /boot
和 swap
分区, 只为做一下试验, 看能否安装
点 现在安装 按钮
点 继续 按钮
选时区
设置用户名密码
安装完成重启
点我已i完成安装 , 回车重启
启动成功, 没有设置 /boot
和 swap
分区 , 也能安装
设置硬件时钟(RTC)为本地时钟
sudo timedatectl set-local-rtc 1
z@ud224:~$ timedatectl
Local time: 三 2022-11-09 19:24:43 CST
Universal time: 三 2022-11-09 11:24:43 UTC
RTC time: 三 2022-11-09 11:24:44
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
z@ud224:~$ sudo timedatectl set-local-rtc 1
[sudo] z 的密码:
z@ud224:~$ timedatectl
Local time: 三 2022-11-09 19:25:30 CST
Universal time: 三 2022-11-09 11:25:30 UTC
RTC time: 三 2022-11-09 19:25:30
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: yes
Warning: The system is configured to read the RTC time in the local time zone.
This mode cannot be fully supported. It will create various problems
with time zone changes and daylight saving time adjustments. The RTC
time is never updated, it relies on external facilities to maintain it.
If at all possible, use RTC in UTC by calling
'timedatectl set-local-rtc 0'.
通过 hwclock
命令可查看硬件时钟
不加sudo查看不到
hwclock: 无法通过已知的任何方式访问硬件时钟。
hwclock: Use the –verbose option to see the details of our search for an access method.
sudo hwclock
给root账户设置密码, sudo passwd root
, 设置密码后就能启用root账户
sudo passwd root
解决 vi(vim) 不好用的问题
默认的 vi(vim) 不好用, 上下左右和退格键有问题
- 解决方法1, 编辑
/etc/vim/vimrc.tiny
sudo nano /etc/vim/vimrc.tiny
sudo gedit /etc/vim/vimrc.tiny
将
set compatible
修改为
set nocompatible
set backspace=2
原版 /etc/vim/vimrc.tiny
" Vim configuration file, in effect when invoked as "vi". The aim of this
" configuration file is to provide a Vim environment as compatible with the
" original vi as possible. Note that ~/.vimrc configuration files as other
" configuration files in the runtimepath are still sourced.
" When Vim is invoked differently ("vim", "view", "evim", ...) this file is
" _not_ sourced; /etc/vim/vimrc and/or /etc/vim/gvimrc are.
" Debian system-wide default configuration Vim
set runtimepath=~/.vim,/var/lib/vim/addons,/usr/share/vim/vimfiles,/usr/share/vim/vim82,/usr/share/vim/vimfiles/after,/var/lib/vim/addons/after,~/.vim/after
set compatible
" vim: set ft=vim:
修改后的 /etc/vim/vimrc.tiny
" Vim configuration file, in effect when invoked as "vi". The aim of this
" configuration file is to provide a Vim environment as compatible with the
" original vi as possible. Note that ~/.vimrc configuration files as other
" configuration files in the runtimepath are still sourced.
" When Vim is invoked differently ("vim", "view", "evim", ...) this file is
" _not_ sourced; /etc/vim/vimrc and/or /etc/vim/gvimrc are.
" Debian system-wide default configuration Vim
set runtimepath=~/.vim,/var/lib/vim/addons,/usr/share/vim/vimfiles,/usr/share/vim/vim82,/usr/share/vim/vimfiles/after,/var/lib/vim/addons/after,~/.vim/after
set nocompatible
set backspace=2
" vim: set ft=vim:
- 解决方法2 : 卸载
vim-tiny
重装vim
sudo apt remove vim-tiny
sudo apt install vim
更换快速apt源
备份 /etc/apt/sources.list
### 两位年月日时分秒
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.$(date "+%y%m%d%H%M%S").bak
### 两位年月日时分秒+纳秒
sudo cp -a /etc/apt/sources.list /etc/apt/sources.list.$(date "+%y%m%d%H%M%S%N").bak
### 年-月-日 时:分:秒 , 因为有空格,又要使用$, 所以要加双引号
sudo cp -a /etc/apt/sources.list "/etc/apt/sources.list.$(date "+%F %T").bak"
### 标准: 年-月-日T时:分:秒 , 因为有空格,又要使用$, 所以要加双引号
sudo cp -a /etc/apt/sources.list "/etc/apt/sources.list.$(date "+%FT%T").bak"
备份的效果
编辑 /etc/apt/sources.list
sudo vi /etc/apt/sources.list
原先的内容不用保留, 全部替换为: 👇
阿里源 (18.04是bionic , 20.04是focal , 22.04是jammy)
## security team.
deb http://mirrors.aliyun.com/ubuntu/ jammy multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu jammy-security main restricted
deb http://mirrors.aliyun.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu jammy-security universe
deb http://mirrors.aliyun.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu jammy-security multiverse
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
或
deb https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src https://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
华为源
# deb cdrom:[Ubuntu 22.04.1 LTS _Jammy Jellyfish_ - Release amd64 (20220809.1)]/ jammy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-updates main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy universe
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-updates universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy multiverse
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-updates multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu jammy-security main restricted
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu jammy-security universe
deb http://mirrors.huaweicloud.com/repository/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu jammy-security multiverse
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
或
# deb cdrom:[Ubuntu 22.04.1 LTS _Jammy Jellyfish_ - Release amd64 (20220809.1)]/ jammy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb https://repo.huaweicloud.com/ubuntu/ jammy main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb https://repo.huaweicloud.com/ubuntu/ jammy-updates main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb https://repo.huaweicloud.com/ubuntu/ jammy universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy universe
deb https://repo.huaweicloud.com/ubuntu/ jammy-updates universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb https://repo.huaweicloud.com/ubuntu/ jammy multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy multiverse
deb https://repo.huaweicloud.com/ubuntu/ jammy-updates multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb https://repo.huaweicloud.com/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
deb https://repo.huaweicloud.com/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu jammy-security main restricted
deb https://repo.huaweicloud.com/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu jammy-security universe
deb https://repo.huaweicloud.com/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu jammy-security multiverse
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
中科大(中国科学技术大学)源
# deb cdrom:[Ubuntu 22.04.1 LTS _Jammy Jellyfish_ - Release amd64 (20220809.1)]/ jammy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy main restricted
## Major bug fix updates produced after the final release of the
## distribution.
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates main restricted
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates main restricted
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy universe
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates universe
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates universe
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-updates multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-updates multiverse
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-security main restricted
# deb-src http://security.ubuntu.com/ubuntu jammy-security main restricted
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-security universe
# deb-src http://security.ubuntu.com/ubuntu jammy-security universe
deb https://mirrors.ustc.edu.cn/ubuntu/ jammy-security multiverse
# deb-src http://security.ubuntu.com/ubuntu jammy-security multiverse
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
清华源
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
阿里开发者社区镜像站—https://developer.aliyun.com/mirror/
也可以用图形界面的<<软件和更新> >来设置源
点 “下载自” 右边的框 , 点 “其他”
可自动选最快服务器, 也可自己选
三种进入👆上面界面的方法👇
-
直接点击 软件和更新
注意, 默认带三个安装软件相关的程序图标
-
点右上角, 点设置, 点最下方的关于, 点软件更新
- 点 <<软件更新器>>的设置按钮
启用普通用户远程ssh登录,和root远程ssh登陆
进入 /etc/ssh 目录
cd /etc/ssh
ls
root@ud224:/home/z# cd /etc/ssh/ root@ud224:/etc/ssh# ls ssh_config ssh_config.
只有ssh_config
没有sshd_config
说明 只安装了openssh-client
, 没有安装openssh-server
安装
openssh-server
sudo apt install -y openssh-server
/etc/ssh
目录下 变为
moduli ssh_config.d sshd_config.d ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
ssh_config sshd_config ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key ssh_import_id
查看 /etc/ssh/sshd_config
文件
sudo cat /etc/ssh/sshd_config
sudo less /etc/ssh/sshd_config
sudo more /etc/ssh/sshd_config
sudo vi /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
sudo gedit /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
其中
Include /etc/ssh/sshd_config.d/*.conf
会引入/etc/ssh/sshd_config.d/
目录下的,以.conf
结尾的文件,作为附加配置文件, 所以, 不要直接修改这个文件, 而是将修改的配置文件以.conf
结尾,并放入/etc/ssh/sshd_config.d/
目录
查看几个选项,
与远程登陆相关
-
#PasswordAuthentication yes 这个选项允许远程登陆用密码来认证, 但加了
#
号, 不会起作用
将前面的#
去掉, 变为PasswordAuthentication yes
可以允许远程用密码登录认证 -
#PermitRootLogin prohibit-password 设为
PermitRootLogin yes
允许root远程登陆
与远程连接保持相关
- #ClientAliveInterval 0 :
ClientAliveInterval
多少秒测试一次远程客户端是否在线, 设为默认是0, 0不会测试 - #ClientAliveCountMax 3: 客户端不响应的最大次数, 超过就断开连接, 默认值是3, 所可以不设置, 只设置ClientAliveInterval 就行了
PasswordAuthentication
Specifies whether password authentication is allowed. The default is yes.
指定是否允许密码身份验证。默认值为“yes”。
PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be yes, prohibit-password, forced-commands-only, or no. The default is prohibit-password.
If this option is set to prohibit-password (or its deprecated alias, without-password), password and keyboard-interactive authentication are disabled for root.If this option is set to forced-commands-only, root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root.
If this option is set to no, root is not allowed to log in.
指定 root 是否可以使用 ssh(1) 登录。参数必须是 [yes
,prohibit-password
(禁止密码) ,forced-commands-only
(仅强制命令) ,no
] 其中之一。默认值为prohibit-password
。
如果此选项设置为prohibit-password
(或其已弃用的别名,without-password
),则会为 root 禁用密码和键盘交互式身份验证。
prohibit-password
是without-password
的新名字
如果此选项设置为forced-commands-only
,则将允许使用公钥身份验证进行root登录,但前提是指定了命令选项(即使通常不允许root登录,这对于进行远程备份也很有用)。所有其他身份验证方法都禁用 root 用户。
如果此选项设置为no
,则不允许 root 登录。
ClientAliveCountMax
Sets the number of client alive messages which may be sent without sshd(8) receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive. The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become unresponsive.
The default value is 3. If ClientAliveInterval is set to 15, and ClientAliveCountMax is left at the default, unresponsive SSH clients will be disconnected after approximately 45 seconds. Setting a zero ClientAliveCountMax disables connection termination.
设置在 sshd(8) 接收到客户端返回的任何消息的情况下可以发送的客户端活动消息的数量。如果在发送客户端活动消息时达到此阈值,sshd 将断开客户端的连接,从而终止会话。需要注意的是,客户端活动消息的使用与 TCPKeepAlive 非常不同。客户端活动消息通过加密通道发送,因此不会是可欺骗的。由 TCPKeepAlive 启用的 TCP 保持连接选项是可欺骗的。当客户端或服务器依赖于知道连接何时变得无响应时,客户端活动机制很有价值。
默认值为 3。如果 ClientAliveInterval 设置为 15,并且 ClientAliveCountMax 保留为默认值,则无响应的 SSH 客户端将在大约 45 秒后断开连接。设置零 ClientAliveCountMax 将禁用连接终止。
ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the client, sshd(8) will send a message through the encrypted channel to request a response from the client. The default is 0, indicating that these messages will not be sent to the client.
设置一个超时间隔(以秒为单位),如果客户端没有收到任何数据, sshd(8) 将通过加密通道发送消息请求客户端响应。默认值为 0,表示这些消息不会发送到客户端。
不直接修改/etc/ssh/sshd_config
, 而是在 /etc/ssh/sshd_config.d
下建立一个 Mysshd.conf 配置文件
并重启sshd.service服务
echo '
PasswordAuthentication yes
PermitRootLogin yes
ClientAliveInterval 666
' | sudo tee /etc/ssh/sshd_config.d/Mysshd.conf
sudo systemctl restart sshd.service
因为 PasswordAuthentication
的默认值就是 yes
, 所以可以不设置
echo '
PermitRootLogin yes
ClientAliveInterval 666
' | sudo tee /etc/ssh/sshd_config.d/Mysshd.conf
sudo systemctl restart sshd.service
来个进入 /etc/ssh/sshd_config.d/
文件夹 的命令, 方便复制
cd /etc/ssh/sshd_config.d/