Remote Connection
Table of contents
Check if the port is open
hundred
Method 1:
Use firewall
the commands that come with centos7 to view
> firewall-cmd --query-port=port/tcp
> firewall-cmd --query-port=22/tcp # 查看22端口信息
Method 2:
> netstat -tlunp # 查看当前主机在监听的端口
> netstat -tlunp | grep 22
Ubuntu
Method 1:
First log in to the root user, and then open the terminal. After entering the root user interface, enter the command to view the port: lsof -i:22
, if no information is returned on the interface after running the command, it means that the port is not open.
# 查看端口22端口是否开启
> lsof -i:22
Method 2:
netstat -tlunp
Command to view all current open ports. Then use the pipe symbol to find the relevant information.
> netstat -tlunp # 查看当前主机在监听的端口
> netstat -tlunp | grep 22
Open port 22 of the SSH service
For remote connections, the ssh service is used. So the process is generally, first have the ssh service, and then open the corresponding port.
hundred
For viewing and opening of ssh service:
# 先查看本机是否安装SSH软件包
> ssh -V
# 如果没有安装,则安装openssh-server
> sudo yum install openssh-server
# 查看ssh服务是否开启
> service ssh status
> systemctl status sshd # Centos7.x
# 开启ssh服务
> service ssh start
> systemctl start sshd
View firewall status
# centos6以前的
> service iptables status
# centos7.x
> systemctl status firewalld
Open port:
> iptables-save # 查看防火墙开放端口
> firewall-cmd --zone=public --add-port=22/tcp --permanent # 添加开放22端口
> firewall-cmd --reload # 重载防火墙
Ubuntu
For viewing and opening of ssh service:
# 先查看本机是否安装SSH软件包
> ssh -V
# 如果没有安装,则安装openssh-server
> sudo apt-get install openssh-server
# 查看ssh服务是否开启
> service ssh status
# 开启ssh服务
> service ssh start
Open the port: use ufw (built-in) or iptables (need to be installed)
ufw
ufw generally already exists on the Ubuntu system, but if it is not installed, you can pass:
> sudo apt update
> sudo apt install ufw
For Ubuntu, if it was first installed, it may not have been turned on.
# 查看ufw的状态,inactive,表示无效
> sudo ufw status
# 开启服务
> sudo ufw enable
The ufw usage rules are as follows:
ufw enable/disable
: Turn on/off the firewallufw reload
: restart the firewallufw status
: View the defined ufw rulesufw default allow/deny
: External access is allowed/denied by defaultufw allow/deny 20
: Allow/deny access to port 20, 20 can be followed by /tcp or /udp, which means tcp or udp packets.sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22
: Allow tcp packets from 192.168.0.0/24 to access port 22 of this machine.ufw delete allow/deny 20
: Delete the previously defined "allow/deny access to port 20" rule
> sudo ufw allow 9200 # 允许外部访问9200端口(tcp/udp)
> sudo ufw allow 3690 # 允许外部访问3690端口(svn)
> sudo ufw allow from 192.168.3.23 # 允许此IP访问所有的本机端口
> sudo ufw allow proto tcp from 192.168.0.0/24 to any port 22 # 允许指定的IP段访问特定端口
> sudo ufw delete allow smtp # 删除上面建立的某条规则,
# 比如删除svn端口就是
> sudo ufw delete allow 3690
iptables
# 安装iptables
> sudo apt-get install iptables
# 添加规则
> iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# 保存规则
> iptables-save
The above completes the opening of the specified port. However, if it is not persisted, that is, if the machine is restarted, the rule will disappear. If you need persistence, you neediptables-persistent
# 安装iptables-persistent
> sudo apt-get install iptables-persistent
# 保存规则
> sudo netfilter-persistent save
# 载入规则
> sudo netfilter-persistent reload
Note that the generated rules are stored in /etc/iptables/rules.v4
and/etc/iptables/rules.v6
Port listening command netstat
For server operating systems, it is very dangerous to expose some unnecessary ports to the outside world. Generally, the command to check which ports the current host is listening on the host is netstat
.
> netstat -tlunp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1029/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1276/master
tcp6 0 0 :::22 :::* LISTEN 1029/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1276/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 846/dhclient
This command will display all ports opened by the current host.
Commonly used commands can be checkednetstat --help
by or .man netstat
> netstat -a # 列出所有端口
> netstat -at # 列出所有TCP端口
> netstat -au # 列出所有UDP端口
# 列出所有处于监听状态的 Sockets
> netstat -l # 只显示监听端口
> netstat -lt # 显示监听TCP端口
> netstat -lu # 显示监听UDP端口
> netstat -lx # 显示监听UNIX端口
# 显示每个协议的统计信息
> netstat -s # 显示所有端口的统计信息
> netstat -st # 显示所有TCP的统计信息
> netstat -su # 显示所有UDP的统计信息
# 显示核心路由信息
> netstat -r
# 查看端口和服务
> netstat -antp | grep ssh
For the netstat command, its output content indicates:
column name | meaning |
---|---|
Proto | protocol name |
recv-Q | network receive queue |
send-Q | network send queue |
Local Address | local address |
Foreign Address | external address |
State | state |
PID/Program name | PID is the process id, Program is the application using the socket |
Note:
The Proto protocol generally has tcp (tcpv4, tcpv6) and udp
recv-Q, send-Q. These two values should usually be 0. If they are not 0, there may be problems. There should be no accumulation of packets in either queue. Brief non-zero cases are acceptable.
Local Address:
- 0.0.0.0:2000: Indicates listening to port 2000 of all ip addresses on the server (0.0.0.0 indicates all local ip)
- :::2000: It also means listening to port 2000 of all local IPs. The difference from 0.0.0.0:2000 is that it represents an IPv6 address, and 0.0.0.0 represents all local IPv4 addresses.
- ":::" The first two "::" of the three: are the abbreviation of "0:0:0:0:0:0:0:0", which is equivalent to "0.0.0.0" of IPv6. Represents all IPv6 addresses of this machine, the third: is the separator between IP and port
- 127.0.0.1:8080: Indicates port 8080 that listens to the loopback address of the local machine. If a service only listens to the loopback address, it can only be accessed locally, and cannot be accessed remotely through the tcp/ip protocol
- ::1:9000: indicates the port 9000 listening to the IPv6 loopback address, ::1 indicates the IPv6 loopback address
State, link state, there are 11 types in total. There are 12 possible states in the state column. The first 11 are described according to the three-way handshake of TCP connection establishment and the four-way handshake process of TCP connection disconnection.