-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsearch.xml
224 lines (106 loc) · 28.4 KB
/
search.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
<?xml version="1.0" encoding="utf-8"?>
<search>
<entry>
<title>📝自用clash配置模板</title>
<link href="/my-clash-config-templates.html"/>
<url>/my-clash-config-templates.html</url>
<content type="html"><![CDATA[<figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">mixed-port:</span> <span class="number">7890</span></span><br><span class="line"></span><br><span class="line"><span class="attr">allow-lan:</span> <span class="literal">false</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># info / warning / error / debug / silent</span></span><br><span class="line"><span class="attr">log-level:</span> <span class="string">warning</span></span><br><span class="line"></span><br><span class="line"><span class="attr">mode:</span> <span class="string">rule</span></span><br><span class="line"></span><br><span class="line"><span class="comment">#自定义 geodata url</span></span><br><span class="line"><span class="attr">geox-url:</span></span><br><span class="line"> <span class="attr">geoip:</span> <span class="string">"https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat"</span></span><br><span class="line"> <span class="attr">geosite:</span> <span class="string">"https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat"</span></span><br><span class="line"> <span class="attr">mmdb:</span> <span class="string">"https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb"</span></span><br><span class="line"><span class="attr">geo-auto-update:</span> <span class="literal">true</span> <span class="comment"># 是否自动更新 geodata</span></span><br><span class="line"><span class="attr">geo-update-interval:</span> <span class="number">72</span> <span class="comment"># 更新间隔,单位:小时</span></span><br><span class="line"></span><br><span class="line"><span class="attr">ipv6:</span> <span class="literal">false</span></span><br><span class="line"></span><br><span class="line"><span class="attr">profile:</span></span><br><span class="line"> <span class="attr">store-selected:</span> <span class="literal">true</span></span><br><span class="line"> <span class="attr">store-fake-ip:</span> <span class="literal">true</span></span><br><span class="line"></span><br><span class="line"><span class="attr">dns:</span></span><br><span class="line"> <span class="attr">enable:</span> <span class="literal">true</span></span><br><span class="line"> <span class="attr">listen:</span> <span class="number">127.0</span><span class="number">.0</span><span class="number">.1</span><span class="string">:1053</span></span><br><span class="line"> <span class="attr">prefer-h3:</span> <span class="literal">false</span> </span><br><span class="line"> <span class="attr">ipv6:</span> <span class="literal">true</span> <span class="comment"># when the false, response to AAAA questions will be empty</span></span><br><span class="line"> <span class="attr">enhanced-mode:</span> <span class="string">fake-ip</span></span><br><span class="line"> <span class="attr">fake-ip-range:</span> <span class="number">198.18</span><span class="number">.0</span><span class="number">.1</span><span class="string">/16</span></span><br><span class="line"> <span class="comment">#fake-ip-filter:</span></span><br><span class="line"> <span class="comment"># - '*.lan'</span></span><br><span class="line"> <span class="comment"># - localhost.ptlogin2.qq.com</span></span><br><span class="line"> <span class="comment">## 默认dns 用于解析DNS服务器的域名</span></span><br><span class="line"> <span class="attr">default-nameserver:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="number">223.5</span><span class="number">.5</span><span class="number">.5</span> <span class="comment"># alibaba</span></span><br><span class="line"> <span class="comment">#- 119.29.29.29 # tencent</span></span><br><span class="line"> <span class="bullet">-</span> <span class="number">114.114</span><span class="number">.114</span><span class="number">.114</span> <span class="comment"># isp</span></span><br><span class="line"> <span class="comment">## 只配置国外DNS 与nameserver-policy配合使用</span></span><br><span class="line"> <span class="attr">nameserver:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">https://208.67.222.222/dns-query</span> <span class="comment"># opendns https://dns.opendns.com/dns-query</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">https://101.101.101.101/dns-query</span> <span class="comment"># taiwan https://dns.twnic.tw/dns-query</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">tls://8.8.8.8:853</span> <span class="comment"># google dot</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">tls://1.1.1.1:853</span> <span class="comment"># cloudflare dot</span></span><br><span class="line"> <span class="comment">## DNS解析策略 国内域名走国内DNS 其余走nameserver</span></span><br><span class="line"> <span class="attr">nameserver-policy:</span></span><br><span class="line"> <span class="string">"geosite:cn,private"</span><span class="string">:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">https://dns.alidns.com/dns-query</span> <span class="comment"># alibaba doh</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">https://doh.pub/dns-query</span> <span class="comment"># tencent doh</span></span><br><span class="line"> <span class="attr">"geosite:category-ads-all":</span> <span class="string">rcode://success</span> </span><br><span class="line"></span><br><span class="line"><span class="attr">proxies:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">foo1</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">foo2</span></span><br><span class="line"></span><br><span class="line"><span class="attr">proxy-groups:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="attr">name:</span> <span class="string">PROXY</span></span><br><span class="line"> <span class="attr">type:</span> <span class="string">select</span> </span><br><span class="line"> <span class="attr">proxies:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">foo1</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">foo2</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 规则. 常访问的国外服务靠前配置PROXY,GEOIP/GEOSITE为国内的DIRECT,其余默认PROXY</span></span><br><span class="line"><span class="attr">rules:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOSITE,google,PROXY</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOSITE,microsoft,PROXY</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOIP,PRIVATE,DIRECT</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOIP,LAN,DIRECT</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOSITE,CN,DIRECT</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">GEOIP,CN,DIRECT</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">MATCH,PROXY</span></span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 工具 </category>
</categories>
</entry>
<entry>
<title>搭建个人NAS</title>
<link href="/My-NAS.html"/>
<url>/My-NAS.html</url>
<content type="html"><![CDATA[<h2 id="序言"><a href="#序言" class="headerlink" title="序言"></a>序言</h2><p> 几年前自己买了一块RockPro64,想着自己搞个NAS用用。然而其实历史经验告诉我,自己动手能力其实挺一般的,之所以自己搞,主要还是因为穷吧,一个简简单单两盘位的群晖NAS最便宜也要接近1K RMB了。<br> 后来看了下就想着拿树莓派之类的SBC挂个硬盘得了,比来比去还是觉得RockPro64性价比更高,于是就下单了一组,包括SBC、NAS盒子、Wifi组件、风扇、CPU散热片。<br> 现在总结下来其实可能还是买现成的NAS更省钱,因为自己组建遇到的坑、花费的时间都远超过这点价差- -。Anyway,就当记录个历程吧,总结沉淀下。</p><h2 id="系统"><a href="#系统" class="headerlink" title="系统"></a>系统</h2><p> 最早最早我是直接给RK64刷的其实是OpenMediaVault,奈何总是用着不顺手(更多的是把它当服务器用,不如直接用Linux来得顺手),后来就换了Armbian一直到现在(不用Arch系还是因为当时自己菜,怕滚挂了搞不定)。</p><h2 id="服务"><a href="#服务" class="headerlink" title="服务"></a>服务</h2><p> 之前搭建过Synchting作文件同步、Radicale做CalDav(同步联系人、日历等)、calibre-server做在线图书管理和阅读、VaultWarden做密码管理软件。<br> 后来听闻大佬在用Owncloud,自己研究一翻后上了Nextcloud,替换掉了Syncthing和Radicale。后二者体验其实还是很丝滑的,尤其是是Syncthing,同步速度很快。用Nextcloud纯粹就是想统一管理吧。</p><h2 id="网络"><a href="#网络" class="headerlink" title="网络"></a>网络</h2><p> 架构好服务后,也就来到了网络设置篇,一句话描述就是:如何在外面访问家里的NAS。这可能是所有NAS玩家的基本需求了,但是还是要强调下,公网暴露NAS服务还是有风险的,需要审慎考量是否需要,尤其NAS上有私人敏感信息的情况下。</p><p> 经多了对Frp的多次配置尝试和长期使用后,感觉目前还是比较稳定的,家里是联通的网络,Frps是一台外网AWS,会二次过墙但还算稳定。<br> 一开始我是所有服务都走Frp暴露出去的,直到有一天突然想到自己的家目录是通过Samba挂在到Nextcloud上了,如果哪天Nextcloud有什么0day,是不是我家目录也不保了,里面虽然没啥但是有些信息还是比较敏感的。所以这类服务或者数据可能还是不适合公网开放,于是就又上了Wireguard组网。</p><h3 id="目前的网路布局大概如下"><a href="#目前的网路布局大概如下" class="headerlink" title="目前的网路布局大概如下"></a>目前的网路布局大概如下</h3><p> <img src="/assets/images/nas-network.png" alt="NAS Network"></p><h4 id="Wireguard"><a href="#Wireguard" class="headerlink" title="Wireguard"></a>Wireguard</h4><ul><li>UDP流量会被运营商QOS, 组网后ping几乎完全不通,需要包装或伪装为TCP。<br>a. AWS与NAS为Linux,用Udp2Raw即可。<br>b. Udp2Raw Android端也可以用,不过为了简便实用,可通过ClashMeta配置Wireguard dialer-proxy,先走VLESS建立TLS通道,然后在其中传递Wireguard流量(udp-over-tcp)。其他服务只要支持udp转发应该也可以。</li></ul><h4 id="Frp"><a href="#Frp" class="headerlink" title="Frp"></a>Frp</h4><ul><li>NAS与AWS之间使用mTLS,增强安全性</li><li>Frps放置在Nginx之后,通过一些访问路径区分是访问博客还是访问NAS服务。自我感觉比通过SNI分流后分别访问根路径要安全(多了一步校验)。缺点就是NAS服务都需要改为路径访问了,不过因为公网暴露服务不多,所以问题不大。</li></ul>]]></content>
<categories>
<category> 工具 </category>
</categories>
<tags>
<tag> Nextcloud </tag>
<tag> NAS </tag>
</tags>
</entry>
<entry>
<title>In Memory of Haoel</title>
<link href="/In-Memory-Of-Haoel.html"/>
<url>/In-Memory-Of-Haoel.html</url>
<content type="html"><![CDATA[<p> 惊闻左耳朵耗子突发心梗辞世。震惊,怅然若失。</p><p> 回想自己迷茫的程序员之路,很多时候都是靠着这些大佬无私的分享才能坚持下来。他带给我们的绝不仅仅是技术,更多的是对自我、人生的思考,更深层次的处世哲学。</p><p> 自己总是会有很多零零散散的思考,短暂的,易忘的,也时常会想把这些总结下来,构建起像CoolShell一样博客,分享给别人,更分享给自己。然而自己还没有克服懒惰,指路灯塔却悄然熄灭,意料不及。</p><p> 他们就这样远去,我们也必须负重前行。</p><p> 无论怎样,我们都被海浪推着向前。</p><p> R.I.P</p>]]></content>
<categories>
<category> 随想 </category>
</categories>
</entry>
<entry>
<title>📝Tweets-202211</title>
<link href="/tweets-202211.html"/>
<url>/tweets-202211.html</url>
<content type="html"><![CDATA[<p>Tweets in 202211.</p>]]></content>
<categories>
<category> 随想 </category>
</categories>
</entry>
<entry>
<title>🧑💻为SSH登陆开启邮件提醒通知</title>
<link href="/%E4%B8%BASSH%E7%99%BB%E9%99%86%E5%BC%80%E5%90%AF%E9%82%AE%E4%BB%B6%E6%8F%90%E9%86%92%E9%80%9A%E7%9F%A5.html"/>
<url>/%E4%B8%BASSH%E7%99%BB%E9%99%86%E5%BC%80%E5%90%AF%E9%82%AE%E4%BB%B6%E6%8F%90%E9%86%92%E9%80%9A%E7%9F%A5.html</url>
<content type="html"><![CDATA[<h2 id="背景"><a href="#背景" class="headerlink" title="背景"></a>背景</h2><p> 想为自己的服务器开启登陆SSH登陆提醒,当有人登陆服务器时能够邮件通知到自己。避免服务器被“攻占”了自己还全然不知(这里只代表SSH登陆)。</p><h2 id="方法"><a href="#方法" class="headerlink" title="方法"></a>方法</h2><p> 实际这个方法时之前在网络上搜罗到的,不过忘记了参考链接。这里权当是备忘分享了。</p><p> 原理也比较简单,修改pam的sshd配置,在成功创建ssh session之后调用一段shell脚本执行发邮件操作即可。</p><p> (Ubuntu 18.04版本下配置)</p><ul><li>登陆通知代码</li></ul><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">!/bin/sh</span></span><br><span class="line"></span><br><span class="line">sender="[email protected]"</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">这里直接发给root了,实际因为机器上已经装了邮件服务器了,在邮件服务器中做了映射,将root映射到了自己的邮箱账户</span></span><br><span class="line">recepient="[email protected]"</span><br><span class="line"></span><br><span class="line">if [ "$PAM_TYPE" != "close_session" ]; then</span><br><span class="line"> host="`hostname`"</span><br><span class="line"> subject="SSH Login: $PAM_USER from $PAM_RHOST on $host"</span><br><span class="line"> # Message to send, e.g. the current environment variables.</span><br><span class="line"> message="`env`"</span><br><span class="line"> # 使用mailx发送邮件</span><br><span class="line"> echo "$message" | mailx -r "$sender" -s "$subject" "$recepient"</span><br><span class="line">fi</span><br></pre></td></tr></table></figure><ul><li>开启配置</li></ul><figure class="highlight sh"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/pam.d/sshd</span><br><span class="line"></span><br><span class="line"><span class="comment"># 编辑sshd配置 最后一行增加如下</span></span><br><span class="line">session optional pam_exec.so seteuid /etc/ssh/login_notify.sh</span><br></pre></td></tr></table></figure>]]></content>
<categories>
<category> 好物分享 </category>
</categories>
</entry>
<entry>
<title>🍜炒花蛤技巧</title>
<link href="/%E7%82%92%E8%8A%B1%E8%9B%A4%E6%8A%80%E5%B7%A7.html"/>
<url>/%E7%82%92%E8%8A%B1%E8%9B%A4%E6%8A%80%E5%B7%A7.html</url>
<content type="html"><![CDATA[<ul><li><p>去沙</p><p>总的来说,不知道是不是我操作不当,反正网上说的双手来回交叉翻动、不锈钢盆左右抖动等等这类让花蛤“晕船”的办法似乎都没生效,就是不开口,搞得我以为他们都挂了。</p><p>开水直接焖煮一分钟 或者 花蛤洗净擦干热锅不放油直接翻炒(放少量水),这两个办法应该是靠谱的。我用的后者,还是可以吐出一些脏东西的。</p><p>翻炒过程中,花蛤开口吐过之后就可以拎出来了,边烧边弄,最后整体洗干净就好了。</p><p>网上还有放香油什么的,没试过。时间够的话还是盐水静置好了。</p></li><li><p>味道</p><p>看了好几个教程,翻炒过程中都加入了少量蚝油,以蚝治蛤? 倒是味道很鲜美,哈哈。还额外放了生抽跟少量糖,提鲜用。</p><p>最后一步很关键,一定要做个淀粉勾芡,最后出锅前淋入,出来的效果软软的 很有口感,好吃!</p></li></ul>]]></content>
<categories>
<category> 我不是吃货 </category>
</categories>
</entry>
<entry>
<title>🧑💻Mac自用软件集锦</title>
<link href="/Mac%E8%87%AA%E7%94%A8%E8%BD%AF%E4%BB%B6%E9%9B%86%E9%94%A6.html"/>
<url>/Mac%E8%87%AA%E7%94%A8%E8%BD%AF%E4%BB%B6%E9%9B%86%E9%94%A6.html</url>
<content type="html"><![CDATA[<h2 id="不仅限于Mac-Just-For-Getting-Rid-of-Googles"><a href="#不仅限于Mac-Just-For-Getting-Rid-of-Googles" class="headerlink" title="不仅限于Mac(Just For Getting Rid of Googles)"></a>不仅限于Mac(Just For Getting Rid of Googles)</h2><p>之前找到了很多不错的专门用于寻找替代软件的网站,比如 alternativeto.net 等等,很有效,推荐长期使用。</p><ul><li><p>分应用代理软件</p><p>proximac,好用。</p></li><li><p>笔记软件</p><p>Vnote,纯本地Markdown,磁盘目录存储,方便同步(非DB文件存储,不用担心数据损坏)</p></li><li><p>加密软件</p><p>Cryptomator,AES加密,磁盘目录混淆存储,非DB文件,方便同步。</p><p>App端非开源,不建议使用,或者禁用网络使用。</p></li><li><p>同步工具</p><p>Syncthing,多机器去中心化存储,tcp传输协议,支持over ssh。单纯的同步工具,不需要DB,没有其他花里胡哨的。配合加密软件完美替代Dropbox(本地编辑,加密软件实时加密输出加密文件,syncthing同步加密文件至Server端,相互同步)</p></li><li><p>密码管理软件</p><p>KeepassXC,keepass的跨平台版本,好用,本身支持主密钥+密钥文件解锁,配合同步工具可实现密码数据库文件的跨平台实时同步。</p><p>就是如果没有搭起前面的环境的话,想知道自己的密码好难,有些常用密码还是要自己记录下。</p><p>最终还是自建了bitwarden服务,感觉还不错,算是可以多端同时使用了。</p></li><li><p>工程画图</p><p>draw.io 简单可依赖,可本地离线。</p></li><li><p>Mac清理软件</p><p>大文件/目录清理排查,力推OminiDiskSweeper,比其他冠冕堂皇的所谓清理软件强太多。</p></li><li><p>分屏工具</p><p>ShiftIt <a href="https://github.com/fikovnik/ShiftIt/releases">https://github.com/fikovnik/ShiftIt/releases</a> 简单可靠 虽然没再更新了 不过目前的Mac版本依然可用(Catalina 10.15.5)</p></li><li><p>状态栏管理</p><p>Dozer <a href="https://github.com/Mortennn/Dozer/releases">https://github.com/Mortennn/Dozer/releases</a> 图标隐藏工具 简洁高效</p></li></ul>]]></content>
<categories>
<category> 好物分享 </category>
</categories>
</entry>
<entry>
<title>📝清空</title>
<link href="/%E6%B8%85%E7%A9%BA.html"/>
<url>/%E6%B8%85%E7%A9%BA.html</url>
<content type="html"><![CDATA[<p>本以为会花很久才能清理完的收件箱,外加贼不靠谱的客户端操作。</p><p>不曾想,用官网页面操作快得要死,几年时光的积累,也不过如此。</p>]]></content>
<categories>
<category> 心情随笔 </category>
</categories>
</entry>
<entry>
<title>📝All Refreshed</title>
<link href="/All-Refreshed.html"/>
<url>/All-Refreshed.html</url>
<content type="html"><![CDATA[<h2 id="复活"><a href="#复活" class="headerlink" title="复活"></a>复活</h2><p>博客重新部署完毕.Over.</p>]]></content>
<categories>
<category> 心情随笔 </category>
</categories>
</entry>
<entry>
<title>2️⃣stable is everything</title>
<link href="/stable%20is%20everything.html"/>
<url>/stable%20is%20everything.html</url>
<content type="html"><![CDATA[<p>天真的我,以为linux下可以挂载ntfs了,就安心地把家目录所有内容都copy到ntfs分区下然后用软链链过去了。可谁知ntfs分区下chmod chown都没用的…… 而刚好有些要求~/.ssh目录下的文件权限仅自己可见…. 玩脱了…. 改了默认umask结果别的没法执行了,哎… 为了快速解决,只能先copy回来了</p><p>等之后闲下来了,再尝试把umask改为drwx……试试吧</p>]]></content>
<categories>
<category> 心情随笔 </category>
</categories>
</entry>
<entry>
<title>🧑💻ssh常用操作</title>
<link href="/ssh%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C.html"/>
<url>/ssh%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C.html</url>
<content type="html"><![CDATA[<ul><li><p>What?<br>ssh 是secure shell(安全外壳协议)的简写,是建立在应用层和传输层基础上的安全协议,专为远程登陆会话和其他网络服务提供安全性的协议。利用ssh协议可以有效地防止远程管理过程中的信息泄露问题。<span id="more"></span></p></li><li><p>Why?<br>传统的一些网络协议,比如ftp、pop、telnet等本质来说都不是安全的,因为他们在网络上以明文的方式,很可能会被抓取到导致泄露,进而可能会出现诸如中间人攻击之类的问题。而使用ssh时,可以把所有传输的数据进行加密,而且在传输时还可以进行压缩。<br>总而言之,ssh提供了一种避免明文传输用户名密码和消息以至于必要信息泄露的方式方法。</p></li><li><p>How?<br>之前在windows下,更多的是直接使用类似之类的东东,后来到了ubuntu和mac下,一方面是因为xshell没有跨平台的版本,另一方面,后两者自带ssh,配置一下也就ok了。<br>1.基本配置<br>使用自带ssh的话,图方便安全就得自己生成ssh的密钥对了。常用命令的话就是(~/.ssh目录下操作)</p><pre>ssh-keygen -t rsa</pre><p>默认会自动生成rsa和rsa.pub两个文件,当使用ssh连接到服务器时会默认使用这对密钥。<br>若要连接至服务器,则可直接ssh username@server即可,可能会需要输入密码进行登陆<br>2.config配置<br>而当想要使用不同密钥去连接不同服务器时,就需要配置_<strong>config文件</strong>_了,示例:<br>同样是在~/.ssh下vim config</p><pre>#配置格式:#Host host别名# HostName host名称(ip或者域名)# Port 端口# User 用户名# IdentityFile ~/.ssh/私钥文件名#Host a.comHostName www.a.comPort 22User urUserNameIdentifyFile ~/.ssh/urPrivateKey</pre><p>这样,之后需要ssh某台服务器时,直接ssh a.com即可,而不用非要输入<a href="mailto:urUserName@www.a.com">urUserName@www.a.com</a>这种形式了。不过这种配置可能依旧需要输入密码。<br>3.不用密码<br>如果想要不再输入密码的话,实际就需要让服务器信任自己机器的公钥了。做法也很简单,只需要将ssh-keygen生成的密钥对中的公钥交给服务器,然后让其加入到自己的authorized_keys中。我一般都是直接把.pub文件scp到服务器的.ssh目录下,然后登陆服务器,直接将公钥追加至文件的结尾</p><pre>cat urPublickKey >> authorized_keys</pre><p>DNOE.<br>&nbsp;</p></li><li><p>To be continued…</p></li></ul>]]></content>
<categories>
<category> 好物分享 </category>
</categories>
</entry>
</search>