JUN

Linux 服务器维护常用操作
维护服务器的时候经常忘掉一些命令和它的参数,需要google一下。于是就有了这篇自用的常用命令集。因为最近用Ubu...
扫描右侧二维码阅读全文
26
2019/06

Linux 服务器维护常用操作

维护服务器的时候经常忘掉一些命令和它的参数,需要google一下。于是就有了这篇自用的常用命令集。
因为最近用Ubuntu系的比较多,就从Ubuntu开始记录吧。
所有命令默认在root权限下运行。

Ubuntu

升级发行版

# apt update
# apt upgrade
# do-release-upgrade

官方文档说,Debian系列的系统可以使用apt dist-upgrade但是对于Ubuntu来说do-release-upgrade更适合。
详看:https://help.ubuntu.com/lts/serverguide/installing-upgrading.html

更改时区

# dpkg-reconfigure tzdata

系统重启时挂载

先查看想要挂载的设备UUID

# blkid
/dev/sdb1: UUID="xxxxxxxx" TYPE="ext4" PARTUUID="95d73123-01"

编辑 /etc/fstab 加入

UUID=xxxxxxxx /home   ext4    noatime     0       3

编译内核

因为我喜欢用Google开发的新TCP拥塞控制算法模块BBR,有些服务商的内核并不自带。
所以有时候会自己编译内核。

# wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.1.15.tar.xz

然后验证签名

# unxz linux-5.1.15.tar.xz
# curl -OL https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.1.15.tar.sign
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   162  100   162    0     0   2793      0 --:--:-- --:--:-- --:--:--  2793
100   989  100   989    0     0   7166      0 --:--:-- --:--:-- --:--:--  7166

# gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman <gregkh@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: key 79BE3E4300411886: public key "Linus Torvalds <torvalds@kernel.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
pub   rsa4096 2011-09-23 [SC]
      647F28654894E3BD457199BE38DBBDC86092693E
uid           [ unknown] Greg Kroah-Hartman <gregkh@kernel.org>
sub   rsa4096 2011-09-23 [E]

pub   rsa2048 2011-09-20 [SC]
      ABAF11C65A2970B130ABE3C479BE3E4300411886
uid           [ unknown] Linus Torvalds <torvalds@kernel.org>
sub   rsa2048 2011-09-20 [E]

# gpg2 --verify linux-5.1.15.tar.sign
gpg: assuming signed data in 'linux-5.1.15.tar'
gpg: Signature made Tue 25 Jun 2019 05:35:48 AM CEST
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571  99BE 38DB BDC8 6092 693E

# gpg2 --tofu-policy good 647F28654894E3BD457199BE38DBBDC86092693E
# gpg2 --trust-model tofu --verify linux-5.1.15.tar.sign
gpg: assuming signed data in 'linux-5.1.15.tar'
gpg: Signature made Tue 25 Jun 2019 05:35:48 AM CEST
gpg:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: checking the trustdb
gpg: no ultimately trusted keys found
gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [full]
gpg: gregkh@kernel.org: Verified 1 signature in the past 0 seconds.  Encrypted
     0 messages.

展开压缩包

# tar xvf linux-5.1.15.tar
# cd linux-5.1.15
# cp -v /boot/config-$(uname -r) .config
'/boot/config-4.15.0-52-generic' -> '.config'

安装依赖

# apt install build-essential libncurses-dev bison flex libssl-dev libelf-dev

配置

# make menuconfig

BBR在Networking Support->Networking Options->advanced congestion control

配置好了之后保存,然后

# make -j 8
# make modules_install
# make install

一般来说安装结束之后grub配置应该会自动更新,而且initramfs会自动生成。如果没有,可以这样:

# update-initramfs -c -k 5.1.15
# update-grub

免密码登录

在服务器运行

ssh-keygen -b 4096 -t rsa

然后将id_rsa.pub的内容添加到authorized_keys文件里

cat id_rsa.pub >> authorized_keys

下载id_rsa,这是私有key。
修改/etc/ssh/sshd_config

PermitRootLogin prohibit-password #如果需要root登录
PasswordAuthentication no #如果需要禁用密码登录

修改完之后重启sshd

systemctl restart sshd

在Mac系统里可以在~/.ssh/config下添加

Host op
Hostname 111.111.111.111
IdentityFile ~/keys/privkey
User root

之后可以这样登录

ssh root@op
Last modification:July 4th, 2019 at 12:18 am
If you think my article is useful to you, please feel free to appreciate

Leave a Comment