默认root没有密码,官方说不需要设置root密码,不能用root 登录,也不能用su 切换到root。如果用 sudo passwd root 给 root 设置密码后就启用root了。

SSH 设置

安装 SSH Server

默认没有安装 ssh server。安装命令:sudo apt install openssh-server,查看 sshd 的状态:sudo service ssh status 或者 sudo systemctl status sshd

设置 SSH监听端口为9001

修改配置文件,sudo vim /etc/ssh/sshd_confi``g
第5行,原来是 Port 22, 改成 Port 9001

  1.   1 # Package generated configuration file
  2.   2 # See the sshd_config(5) manpage for details
  3.   3 
  4.   4 # What ports, IPs and protocols we listen for
  5.   5 Port 9001
  6.   6 # Use these options to restrict which interfaces/protocols sshd will bind to
  7.   7 #ListenAddress ::
  8.   8 #ListenAddress 0.0.0.0
  9.   9 Protocol 2
  10.  10 # HostKeys for protocol version 2
  11.  11 HostKey /etc/ssh/ssh_host_rsa_key
  12.  12 HostKey /etc/ssh/ssh_host_dsa_key
  13.  13 HostKey /etc/ssh/ssh_host_ecdsa_key
  14.  14 HostKey /etc/ssh/ssh_host_ed25519_key
  15.  15 #Privilege Separation is turned on for security
  16.  16 UsePrivilegeSeparation yes
  17.  17 
  18.  18 # Lifetime and size of ephemeral version 1 server key
  19.  19 KeyRegenerationInterval 3600
  20.  20 ServerKeyBits 1024
  21.  21 
  22.  22 # Logging
  23.  23 SyslogFacility AUTH
  24.  24 LogLevel INFO
  25.  25 
  26.  26 # Authentication:
  27.  27 LoginGraceTime 120
  28.  28 PermitRootLogin prohibit-password
  29.  29 StrictModes yes
  30.  30 
  31.  31 RSAAuthentication yes
  32.  32 PubkeyAuthentication yes
  33.  33 #AuthorizedKeysFile     %h/.ssh/authorized_keys
  34.  34 
  35.  35 # Don't read the user's ~/.rhosts and ~/.shosts files
  36.  36 IgnoreRhosts yes
  37.  37 # For this to work you will also need host keys in /etc/ssh_known_hosts
  38.  38 RhostsRSAAuthentication no
  39.  39 # similar for protocol version 2
  40.  40 HostbasedAuthentication no
  41. ... ...

第 28 行,PermitRootLogin prohibit-password,意思是不允许远程用 root密码方式登录
重启 sshd 生效,命令: sudo service ssh restart 或者 sudo systemctl restart sshd.service

防火墙开放端口

默认 UFW 已经安装,但是没有 enable, 启用 UFW,命令: sudo ufw enable

  • 开放某端口 sudo ufw allow 9001
  • 关闭开放的端口: sudo ufw delete allow 9001
  • 查看开放了哪些端口: sudo ufw status
  • 用编号显示开放的端口: sudo ufw status numbered
  • 用编号删除开放的端口:sudo ufw delete 2

    IP 操作

    查看 IP 命令 ip address

    修改 IP

    sudo vim /etc/network/interfaces,修改完理论上重启网络服务生效,命令:sudo systemctl restart networking.service。但是发现重启网络服务后查看IP,原来的 IP 和 新的 IP 都显示了。重启电脑后解决,命令 :sudo reboot