Remote connection (ssh service + port opening)

Language 2023-04-08 21:39:46 views: null

Remote Connection

Table of contents

Check if the port is open

hundred

Method 1:
Use firewallthe commands that come with centos7 to view

> firewall-cmd --query-port=port/tcp
> firewall-cmd --query-port=22/tcp # 查看22端口信息

Method 2:

> netstat -tlunp # 查看当前主机在监听的端口
> netstat -tlunp | grep 22

Ubuntu

Method 1:
First log in to the root user, and then open the terminal. After entering the root user interface, enter the command to view the port: lsof -i:22, if no information is returned on the interface after running the command, it means that the port is not open.

# 查看端口22端口是否开启
> lsof -i:22

Method 2:
netstat -tlunpCommand to view all current open ports. Then use the pipe symbol to find the relevant information.

> netstat -tlunp # 查看当前主机在监听的端口
> netstat -tlunp | grep 22

Open port 22 of the SSH service

For remote connections, the ssh service is used. So the process is generally, first have the ssh service, and then open the corresponding port.

hundred

For viewing and opening of ssh service:

# 先查看本机是否安装SSH软件包
> ssh -V

# 如果没有安装,则安装openssh-server
> sudo yum install openssh-server

# 查看ssh服务是否开启
> service ssh status
> systemctl status sshd # Centos7.x

# 开启ssh服务
> service ssh start
> systemctl start sshd

View firewall status

# centos6以前的
> service iptables status

# centos7.x
> systemctl status firewalld

Open port:

> iptables-save # 查看防火墙开放端口
> firewall-cmd --zone=public --add-port=22/tcp --permanent # 添加开放22端口
> firewall-cmd --reload # 重载防火墙

Ubuntu

For viewing and opening of ssh service:

# 先查看本机是否安装SSH软件包
> ssh -V

# 如果没有安装,则安装openssh-server
> sudo apt-get install openssh-server

# 查看ssh服务是否开启
> service ssh status

# 开启ssh服务
> service ssh start

Open the port: use ufw (built-in) or iptables (need to be installed)

ufw

ufw generally already exists on the Ubuntu system, but if it is not installed, you can pass:

> sudo apt update
> sudo apt install ufw

For Ubuntu, if it was first installed, it may not have been turned on.

# 查看ufw的状态,inactive,表示无效
> sudo ufw status

# 开启服务
> sudo ufw enable

The ufw usage rules are as follows:

  1. ufw enable/disable: Turn on/off the firewall
  2. ufw reload: restart the firewall
  3. ufw status: View the defined ufw rules
  4. ufw default allow/deny: External access is allowed/denied by default
  5. ufw allow/deny 20: Allow/deny access to port 20, 20 can be followed by /tcp or /udp, which means tcp or udp packets.
  6. sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22: Allow tcp packets from 192.168.0.0/24 to access port 22 of this machine.
  7. ufw delete allow/deny 20: Delete the previously defined "allow/deny access to port 20" rule
> sudo ufw allow 9200 # 允许外部访问9200端口(tcp/udp)
> sudo ufw allow 3690 # 允许外部访问3690端口(svn)
> sudo ufw allow from 192.168.3.23 # 允许此IP访问所有的本机端口
> sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22 # 允许指定的IP段访问特定端口
> sudo ufw delete allow smtp # 删除上面建立的某条规则,
# 比如删除svn端口就是 
> sudo ufw delete allow 3690

iptables

# 安装iptables
> sudo apt-get install iptables

# 添加规则
> iptables -I INPUT -p tcp --dport 22 -j ACCEPT

# 保存规则
> iptables-save

The above completes the opening of the specified port. However, if it is not persisted, that is, if the machine is restarted, the rule will disappear. If you need persistence, you neediptables-persistent

# 安装iptables-persistent
> sudo apt-get install iptables-persistent

# 保存规则
> sudo netfilter-persistent save

# 载入规则
> sudo netfilter-persistent reload

Note that the generated rules are stored in /etc/iptables/rules.v4and/etc/iptables/rules.v6

Port listening command netstat

For server operating systems, it is very dangerous to expose some unnecessary ports to the outside world. Generally, the command to check which ports the current host is listening on the host is netstat.

> netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q 	Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 	0.0.0.0:22              0.0.0.0:*               LISTEN      1029/sshd           
tcp        0      0 	127.0.0.1:25            0.0.0.0:*               LISTEN      1276/master         
tcp6       0      0 	:::22                   :::*                    LISTEN      1029/sshd           
tcp6       0      0 	::1:25                  :::*                    LISTEN      1276/master         
udp        0      0 	0.0.0.0:68              0.0.0.0:*                           846/dhclient

This command will display all ports opened by the current host.

Commonly used commands can be checkednetstat --help by or .man netstat

> netstat -a      # 列出所有端口
> netstat -at     # 列出所有TCP端口
> netstat -au     # 列出所有UDP端口

# 列出所有处于监听状态的 Sockets
> netstat -l   # 只显示监听端口
> netstat -lt  # 显示监听TCP端口
> netstat -lu  # 显示监听UDP端口
> netstat -lx  # 显示监听UNIX端口

# 显示每个协议的统计信息
> netstat -s     # 显示所有端口的统计信息
> netstat -st    # 显示所有TCP的统计信息
> netstat -su    # 显示所有UDP的统计信息

# 显示核心路由信息
> netstat -r

# 查看端口和服务
> netstat -antp | grep ssh

For the netstat command, its output content indicates:

column name meaning
Proto protocol name
recv-Q network receive queue
send-Q network send queue
Local Address local address
Foreign Address external address
State state
PID/Program name PID is the process id, Program is the application using the socket

Note:
The Proto protocol generally has tcp (tcpv4, tcpv6) and udp
recv-Q, send-Q. These two values ​​should usually be 0. If they are not 0, there may be problems. There should be no accumulation of packets in either queue. Brief non-zero cases are acceptable.
Local Address:

  1. 0.0.0.0:2000: Indicates listening to port 2000 of all ip addresses on the server (0.0.0.0 indicates all local ip)
  2. :::2000: It also means listening to port 2000 of all local IPs. The difference from 0.0.0.0:2000 is that it represents an IPv6 address, and 0.0.0.0 represents all local IPv4 addresses.
  3. ":::" The first two "::" of the three: are the abbreviation of "0:0:0:0:0:0:0:0", which is equivalent to "0.0.0.0" of IPv6. Represents all IPv6 addresses of this machine, the third: is the separator between IP and port
  4. 127.0.0.1:8080: Indicates port 8080 that listens to the loopback address of the local machine. If a service only listens to the loopback address, it can only be accessed locally, and cannot be accessed remotely through the tcp/ip protocol
  5. ::1:9000: indicates the port 9000 listening to the IPv6 loopback address, ::1 indicates the IPv6 loopback address

State, link state, there are 11 types in total. There are 12 possible states in the state column. The first 11 are described according to the three-way handshake of TCP connection establishment and the four-way handshake process of TCP connection disconnection.

Guess you like

Origin blog.csdn.net/weixin_41012765/article/details/125816981
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com