Subtitle: Oops, the server login can not go in

โœ๐Ÿป Combs the entire process of incorrect server operations

This article can learn:

  1. SSH Password-free login Server Simple configuration
  2. View and modify the SSHD port
  3. Elixir + Phoenix service line operation
  4. How to view Linux startup items (which services restart automatically after the server restarts)
  5. systemctlIntroduction to the

Background ๐Ÿšฆ

Originally their cloud server application has been running very stable, or for a long time did not take care of. Recently received Tencent cloud security tips, said that the server has a high-risk vulnerability ๐Ÿ•ท, need to deal with it.

After ๐Ÿšœ

I have not logged in to the server for a long time because the application is too stable (there is little traffic ๐Ÿคท๐Ÿปโ™€๏ธ). I first connected to the server using SSH from the local terminal, but it was rejected. Then I tried to log in using SSH standard method from Tencent cloud web page and was rejected ๐Ÿฃ.

I thought the password was wrong, so I chose to restart the server to change the password on Tencent cloud server instance. (Start of error operation ๐Ÿ˜ฟ)

Restart return quite quick, also 7 8 seconds, but I discover I still log in not to go in, begin to imagine, won’t be black ๐Ÿค–?

Then I chose the second login method provided by Tencent Cloud. After checking the documentation, I found that the default user name was Not root, but Ubuntu

After logging in to the server, check whether the SSH SSHD service is started

Check the SSHD status

service sshd status
Copy the code

The SSHD service is running normally, but why can’t you log in to โ“

It occurred to me that there might be a problem with the local SSH configuration

~/. SSH /config file found that the previous configuration is missing, I am right, recently changed the computer. This configuration is not processed… ๐Ÿ˜ญ

Configure SSH

To reconfigure~/.ssh/config

Add something similar

Host A user-defined character string HostName IP address User User name Port Port numberCopy the code

The IP address can be found from the console of the cloud service.

It suddenly occurred to me that the default Ubuntu account has quite large permissions. I seem to have created an account management application with smaller permissions, but I can’t remember the user name. Please confirm ๐Ÿ™ˆ again.

See which users are on the server

cat /etc/passwd
Copy the code

Find the user you created earlier.

Oh, I remember. I seem to have changed the default port of SSH, the default port is not safe, I changed to another ๐Ÿถ.

This is also why the web version of the login is not available, the web version of the default port 22 ๐Ÿ™ˆ

Check SSH port configurations

vi /etc/ssh/sshd_config
Copy the code

or

View SSH service ports directly

netstat -tnlp | grep sshd
Copy the code

SSH /.ssh/config:

As a further step, add your local SSH public key to the server’s authorization list so that you can log in without secret in the future.

vi ~/.ssh/authorized_keys
Copy the code

The server is ready to log in. But when I visited the app, I found that ๐Ÿค was still hanging.

Restore the application

I this small application is using Elixir + Phoenix development back-end, database with PostgreSQL

Check the status of nginx

service nginx status
Copy the code

Check the PostgreSQL status

service postgresql status
Copy the code

The database service is found to be up and running.

Restart the Elixir + Phoenix application

Put the application in the WWW of the user’s home folder, find the application onePiece (this small service is related to onePiece ๐Ÿดโ˜ ๏ธ), go to the bin folder, which contains the executable onePiece

#See the help
./onePiece help

#Ping application 
./onePiece ping

#Start the application
./onePiece start
Copy the code

The application then starts normally โ›ต๏ธ ๐Ÿ

Hole repairing

That’s why you logged in to the server in the first place… ๐Ÿ˜น

Tencent cloud side to do well, vulnerability details will be given the need to upgrade the software command. Follow the command.

Systemctl ๐ŸŽˆ

๐Ÿค”, do nginx, SSHD and PostgresQL restart their servers automatically? How do I view the boot option of a server?

Systemctl was found while searching for information

View services that can be managed using Systemctl

systemctl list-unit-files
Copy the code

View boot options

ls /etc/systemd/system/multi-user.target.wants/
Copy the code

As you can see from the results of this command, the nginx, SSHD, and PostgresQL servers I was wondering about are all started by default when they are restarted.

Add a service to boot

systemctl enable httpd
Copy the code

The difference between systemctl and service commands

The systemctl command can be used to restart the service and check the status of the service.

What’s the difference? In a nutshell:

  • systemctlCompared with theserviceIs a new generation of Linux startup and management commands
  • systemctlThe command is compatible withservice
  • The command format is different. Systemctl is the service name and comes lastsystemctl status httpd

Systemctl is just one of the commands in Systemd. There are many more, including checking server time, login user, startup time, etc.

Systemd tutorial: Commands

Systemd introductory tutorial: Combat

Summary ๐Ÿ‘‰

The original purpose is to go to the server to fill the vulnerability, the result is not logged in the server for a long time, coupled with unfamiliar, a blind toss, but the whole process, experience a also learn some new knowledge.

I still don’t know a lot about operation and maintenance, so I will learn more later.

Record this article is also afraid, in case the next time and double ๅ’ yi forget ๐Ÿ™ˆ ๐Ÿฃ ๐Ÿงถ ๐Ÿ™ˆ.