Create an admin user for daily operations (root authority is too high to be used directly).
adduser [username]
[root@VM_0_8_centos ~]# adduser admin
passwd [username]
The system has certain requirements for the password, it can't be too simple, otherwise. . .
[root@VM_0_8_centos ~]# passwd admin Change the password of the user admin. New password: Invalid password: the password did not pass the dictionary check-it does not contain enough different characters Re-enter the new password: Sorry, the passwords do not match. New password: Invalid password: the password did not pass the dictionary check-too simplistic/systematic Re-enter the new password: Sorry, the passwords do not match. New password: Invalid password: the password failed the dictionary check-it is based on the dictionary word Re-enter the new password: Sorry, the passwords do not match. passwd: The maximum number of service retries has been exceeded [root@VM_0_8_centos ~]# [root@VM_0_8_centos ~]# [root@VM_0_8_centos ~]# [root@VM_0_8_centos ~]# passwd admin Change the password of the user admin. New password: [root@VM_0_8_centos ~]# passwd admin Change the password of the user admin. New password: Re-enter the new password: passwd: All authentication tokens have been successfully updated. [root@VM_0_8_centos ~]#
Try to log in with the user you just created.
PS: I can't remember the ip, so I set an alias in the hosts file of the personal computer, because the Tencent Cloud server used is called qqcloud.
➜ hexo ssh admin@qqcloud The authenticity of host'qqcloud (mosaic)' can't be established. ECDSA key fingerprint is SHA256: mosaic. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added'qqcloud' (ECDSA) to the list of known hosts. admin@qqcloud's password: Last failed login: ThuOct2419:00:16 CST 2019 from Mosaic on ssh:notty There were 286 failed login attempts since the last successful login. [admin@VM_0_8_centos ~]$
There is a sentence that caught my attention:
There were 286 failed login attempts since the last successful login.
I have been attempted to log in 286 times in this while, presumably some malicious programs are trying to scramble, no wonder I am not allowed to use a simple password.
sudo [Exclusive command for root user]
Although root users are not suitable for daily use, they still need its power occasionally, such as changing hosts. These sensitive commands require root privileges. To execute these commands when logging in with a non-root privileged user, you only need to add sudo in front of the command.
[admin@VM_0_8_centos ~]$ sudo vim/etc/hosts We trust that you have learned the daily precautions from the system administrator. To sum up, it is nothing more than these three points: #1) Respect the privacy of others. #2) Consider (consequences and risks) before input. #3) The greater the power, the greater the responsibility. [sudo] admin's password: admin is not in the sudoers file. This matter will be reported. [admin@VM_0_8_centos ~]$
The new user does not have sudo privileges. Moreover, although my machine seems to be a bit low by default in Chinese, it is actually quite convenient to read these prompts.
vim/etc/sudoers
After opening the configuration file, find the configuration of the root user, and add admin as it is. When saving, it prompts that the file is read-only, just save it forcibly (wq!).
vim usage
## Next comes the main part: which users can run what software on ## which machines (the sudoers file can be shared between multiple ## systems). ## Syntax: ## ## user MACHINE=COMMANDS ## ## The COMMANDS section may have other options added to it. ## ## Allow root to run any commands anywhere root ALL=(ALL) ALL admin ALL=(ALL) ALL #sudo no need to enter a password #admin ALL=(ALL) NOPASSWD:ALL
To log in to your own cloud server from your computer, you also need to hammer the password.
First initialize on the cloud server, command:
ssh-keygen
Just press Enter where you need to enter.
[admin@VM_0_8_centos ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/id_rsa): Created directory'/home/admin/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in/home/admin/.ssh/id_rsa. Your public key has been saved in/home/admin/.ssh/id_rsa.pub. The key fingerprint is: SHA256: mosaic admin@VM_0_8_centos The key's randomart image is: +---[RSA 2048]----+ | Mosaic | | Mosaic | | Mosaic++o | | Mosaic | | Mosaic | | Mosaic Mosaic | | Mosaic Mosaic | | Mosaic Mosaic | | Mosaic Mosaic | +----[SHA256]-----+
Generated directory:/home/admin/.ssh
[admin@VM_0_8_centos .ssh]$ pwd /home/admin/.ssh [admin@VM_0_8_centos .ssh]$ ll Total amount 8 -rw------- 1 admin admin 167910 month 2500:23 id_rsa -rw-r--r-- 1 admin admin 40110 month 2500:23 id_rsa.pub [admin@VM_0_8_centos .ssh]$
Because this server needs to trust certain machines so that they can enter without entering a password, it is necessary to maintain a list of trusted users. The list contains the unique identifier of the trusted user, that is, the public key of the other party.
Create a file authorized_keys in the/home/admin/.ssh directory, and then enter the public key of the computer you want to be trusted, separated by multiple lines.
Almost, the permission of authorized_keys needs to be set to 600, otherwise it will not take effect.
chmod 600 authorized_keys
-END-