云服务器初始配置
配置 SSH 密钥登录服务器
登录服务器有密码登录和 SSH 密钥登录两种方式,相较于密码登录,使用 SSH 密钥登录的优点主要是:
安全性优势:极大降低爆破登录的可能性,即在发现某一用户的私钥泄漏的情况下,只需删除对应的公钥记录即可,而不用更改密码(会导致所有用户需重新登录)。
管理便捷性:若要撤销某个用户的访问权限(离职等情况),管理员只需从服务器的 ~/.ssh/authorized_keys 文件中删除对应的公钥即可。这个过程无需修改用户密码、不影响其他用户。
本地生成 SSH 密钥对
命令:ssh-keygen
- 用途:生成 SSH 密钥对。
- 常见选项:
-t <type>:指定密钥类型,如 rsa。-C "comment":在公钥末尾添加注释,通常为邮箱。-f <path_to_keyfile>:指定生成密钥文件的路径和名称。-b <bits>:指定密钥的位数(长度)。默认 RSA 为 2048 位,位数越多越安全但计算开销更大。
- 示例:
ssh-keygen -t rsa -C "your_email@example.com"
ssh-keygen -t rsa -C "server_key" -f ~/.ssh/my_server_key -b 4096
- 结果示例:
liubang060917@uk:~$ ssh-keygen -t rsa -C "server_key" -f ~/.ssh/my_server_key -b 4096
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/liubang060917/.ssh/my_server_key
Your public key has been saved in /home/liubang060917/.ssh/my_server_key.pub
The key fingerprint is:
SHA256:Xab+nNdgviMqaiLLU+PjvtuTvUkSbTrsy0nY5MGKcKI "server_key"
The key's randomart image is:
+---[RSA 4096]----+
| || || o || |
| . . + ||o . = S|
| o ||.+ .oB = . |
| o ||E .oo.Oo. |
| . o || .o +=+=o|
| . o..+ .|| o*=*|
| B+oo..+o.o |+ |
+----[SHA256]-----+
将公钥上传至服务器
不同云服务器添加公钥方式大同小异,请参考官方文档。
使用 ssh 连接工具连接服务器
- 推荐:FinalShell
服务器端加固 - 禁用密码登录以及禁止以 root 登录
操作:登录服务器,编辑 SSH 服务配置文件。
命令:vi
- 用途:编辑 SSH 服务配置文件。
- 示例:
sudo vi /etc/ssh/sshd_config
- 配置示例:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
Include /etc/ssh/sshd_config.d/*.conf
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
# 不允许以 Root 方式登录
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#HostbasedAuthentication no
#IgnoreUserKnownHosts no
#IgnoreRhosts yes
# 禁止使用密码进行 SSH 登录(下面的禁止空密码登录也就用不上了)
PasswordAuthentication no
#PermitEmptyPasswords no
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
#Banner none
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
ClientAliveInterval 120
命令:systemctl
- 用途:重启 sshd 服务(Systemd 系统)。
- 示例:
sudo systemctl restart sshd
命令:service
- 用途:重启 sshd 服务(SysVinit 系统)。
- 示例:
sudo service sshd restart
说明:修改 SSH 配置后,务必保留当前连接验证。不要直接关闭当前终端,新开一个终端测试连接,确认能登录再关闭旧连接,避免配置错误导致无法登录。
查看 SSH 登录日志
/var/log/auth.log(Debian/Ubuntu)/var/log/secure(CentOS/RHEL)
获取服务器配置信息的常见命令
以下命令用于在登录服务器后,快速了解其软硬件环境。
系统与内核信息
命令:uname
- 用途:查看系统内核与硬件架构信息。
- 选项:
-a:显示所有信息。-r:显示内核发行版。-m:显示机器硬件名。
- 示例:
uname -a
- 结果示例:
liubang060917@uk:~$ uname
Linux
liubang060917@uk:~$ uname -a
Linux uk 6.1.0-41-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.158-1 (2025-11-09) x86_64 GNU/Linux
- 解释:
Linux:系统内核。uk:主机名(hostname)。6.1.0-41-cloud-amd64:内核版本号(云环境优化、AMD64/x86_64 架构)。#1 SMP PREEMPT_DYNAMIC Debian 6.1.158-1 (2025-11-09):内核构建信息。x86_64:硬件架构为 64 位 x86。GNU/Linux:使用 GNU 工具集的 Linux 操作系统。
命令:hostnamectl
- 用途:查看和设置系统主机名及相关信息。
- 示例:
hostnamectl
- 结果示例:
Static hostname: uk
Icon name: computer-vm
Chassis: vm
Machine ID: ce282b302af8485d9a51fd1001903893
Boot ID: 4d94bbcf008243f08e1ea1a2db85aba3
Virtualization: google
Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.1.0-41-cloud-amd64
Architecture: x86-64
Hardware Vendor: Google
Hardware Model: Google Compute Engine
Firmware Version: Google
时间设置
命令:timedatectl
- 用途:设置或查询系统时间、日期和时区配置。
- 示例:
# 查看当前时间、时区、自动同步状态
timedatectl
# 查询可用时区
timedatectl list-timezones
# 设置上海时区(若一致则无变化)
timedatectl set-timezone Asia/Shanghai
- 结果示例:
liubang060917@hongkong:~$ timedatectl
Local time: Mon 2025-12-29 16:44:11 CST
Universal time: Mon 2025-12-29 08:44:11 UTC
RTC time: Mon 2025-12-29 08:44:11
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
liubang060917@japan:~$ timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
...
liubang060917@japan:~$ timedatectl set-timezone Asia/Shanghai
==== AUTHENTICATING FOR org.freedesktop.timedate1.set-timezone ====
Authentication is required to set the system timezone.
Authenticating as: root
Password:
==== AUTHENTICATION COMPLETE ====
liubang060917@japan:~$ timedatectl
Local time: Mon 2025-12-29 16:51:25 CST
Universal time: Mon 2025-12-29 08:51:25 UTC
RTC time: Mon 2025-12-29 08:51:25
Time zone: Asia/Shanghai (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
CPU 信息
命令:lscpu
- 用途:显示 CPU 架构信息。
- 示例:
lscpu
- 结果示例:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 48 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 2
On-line CPU(s) list: 0,1
Vendor ID: AuthenticAMD
BIOS Vendor ID: Smdbmds
Model name: AMD EPYC 7K62 48-Core Processor
BIOS Model name: 3.0 CPU @ 2.0GHz
BIOS CPU family: 1
CPU family: 23
Model: 49
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 1
Stepping: 0
BogoMIPS: 5190.21
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 arat
Virtualization features:
Hypervisor vendor: KVM
Virtualization type: full
Caches (sum of all):
L1d: 64 KiB (2 instances)
L1i: 64 KiB (2 instances)
L2: 8 MiB (2 instances)
L3: 16 MiB (1 instance)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0,1
Vulnerabilities:
Gather data sampling: Not affected
Indirect target selection: Not affected
Itlb multihit: Not affected
L1tf: Not affected
Mds: Not affected
Meltdown: Not affected
Mmio stale data: Not affected
Reg file data sampling: Not affected
Retbleed: Mitigation; untrained return thunk; SMT disabled
Spec rstack overflow: Mitigation; SMT disabled
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines; IBPB conditional; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
Srbds: Not affected
Tsa: Not affected
Tsx async abort: Not affected
Vmscape: Not affected
内存信息
命令:free
- 用途:查看内存与交换分区使用情况。
- 选项:
-h:人类可读格式。
- 示例:
free -h
- 结果示例:
total used free shared buff/cache available
Mem: 3.6Gi 1.9Gi 140Mi 40Mi 2.0Gi 1.8Gi
Swap: 0B 0B 0B
磁盘与文件系统信息
命令:df
- 用途:查看磁盘空间使用情况。
- 选项:
-h:人类可读。-T:显示文件系统类型。
- 示例:
df -hT
- 结果示例:
Filesystem Type Size Used Avail Use% Mounted on
udev devtmpfs 1.8G 0 1.8G 0% /dev
tmpfs tmpfs 373M 1.3M 372M 1% /run
/dev/vda1 ext4 69G 13G 57G 19% /
tmpfs tmpfs 1.9G 40K 1.9G 1% /dev/shm
tmpfs tmpfs 5.0M 0 5.0M 0% /run/lock
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/59844fb6310229fc7bd90ad84e6a646118425132cc3538f9e9fcf5258eb29b74
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/2ffd78257d457313697772f22431a7ba965acbd8d8eca6044d14d2e27451215d
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/4a004880e204a15c1f608722117df642c5e2ffc8361179a04ad90601a4df154f
tmpfs tmpfs 373M 0 373M 0% /run/user/0
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/5ef4379a5bf1c962f57fe50713d08d4b989d636a21add941ef3319d9fd333e1d
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/7d4780f7c3db5bc1c72c08eadc8f51d07d8aa74f1d9fb1e3f883fb05111d407d
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/c364cba106077c1d119a55442fbe36fd3e7e66fb7e3459dd6d2f8f497f753926
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/4ec2c624d3fb4c1935f107463f8de321e495327127691b4f221ca4950205ebd9
overlay overlay 69G 13G 57G 19% /var/lib/docker/rootfs/overlayfs/ca09273b4aad4b8afaefe1cf8a13dfb6b974b7c3e5b867cc57361d9cb298d0ff
命令:lsblk
- 用途:以树状图列出所有块设备(磁盘、分区)。
- 示例:
lsblk -f
- 结果示例:
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
sr0 iso9660 Joliet Extension config-2 2025-12-16-17-41-34-00
vda
└─vda1 ext4 1.0 1d0c589a-20cc-44a6-bd28-4f935a13819f 56G 18% /
网络配置与连接
命令:ifconfig
- 用途:配置和显示网络接口参数。
- 示例:
ifconfig
- 结果示例:
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 1e:fa:96:e5:1e:8a txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.2.0.11 netmask 255.255.252.0 broadcast 10.2.3.255
inet6 fe80::5054:ff:fea5:e184 prefixlen 64 scopeid 0x20<link>
inet6 2402:4e00:c052:1000:620e:43c2:26f4:0 prefixlen 128 scopeid 0x0<global>
ether 52:54:00:a5:e1:84 txqueuelen 1000 (Ethernet)
RX packets 9655363 bytes 5936412529 (5.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6967675 bytes 2187270459 (2.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1221279 bytes 1803363125 (1.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1221279 bytes 1803363125 (1.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth75037e9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::1896:c3ff:fe33:7f48 prefixlen 64 scopeid 0x20<link>
ether 1a:96:c3:33:7f:48 txqueuelen 0 (Ethernet)
RX packets 8 bytes 1138 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29 bytes 2775 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
命令:ip
- 用途:查看或配置网络接口与地址信息。
- 示例:
ip addr
命令:netstat
- 用途:显示网络连接、路由表、接口统计等信息。
- 常见选项组合:
netstat -tuln:查看所有监听的 TCP/UDP 端口。netstat -an | grep :<端口号>:查看特定端口状态。netstat -r:查看内核路由表。
- 示例:
netstat -tuln
命令:ss
- 用途:显示网络连接、路由表、接口统计等信息(替代 netstat)。
- 常见选项组合:
ss -tuln:查看所有监听的 TCP/UDP 端口。ss -an | grep :<端口号>:查看特定端口状态。ip route show:查看内核路由表。
- 示例:
ss -tulnp
- 结果示例:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
udp UNCONN 0 0 0.0.0.0:68 0.0.0.0:* users:(("dhclient",pid=512,fd=7))
udp UNCONN 0 0 172.19.0.1:123 0.0.0.0:* users:(("ntpd",pid=34662,fd=28))
udp UNCONN 0 0 172.18.0.1:123 0.0.0.0:* users:(("ntpd",pid=34662,fd=23))
udp UNCONN 0 0 10.2.0.11:123 0.0.0.0:* users:(("ntpd",pid=34662,fd=19))
udp UNCONN 0 0 127.0.0.1:123 0.0.0.0:* users:(("ntpd",pid=34662,fd=18))
udp UNCONN 0 0 0.0.0.0:123 0.0.0.0:* users:(("ntpd",pid=34662,fd=17))
udp UNCONN 0 0 0.0.0.0:443 0.0.0.0:* users:(("openresty",pid=3820296,fd=16),("openresty",pid=557367,fd=16))
udp UNCONN 0 0 0.0.0.0:443 0.0.0.0:* users:(("openresty",pid=3820296,fd=14),("openresty",pid=557366,fd=14))
udp UNCONN 0 0 [fe80::fc83:66ff:fe71:d99b]%veth77891c2:123 [::]:* users:(("ntpd",pid=34662,fd=32))
udp UNCONN 0 0 [fe80::f4fd:cbff:fe28:517f]%vetheba88b4:123 [::]:* users:(("ntpd",pid=34662,fd=33))
udp UNCONN 0 0 [fe80::4c35:55ff:fec0:23c2]%veth7935a16:123 [::]:* users:(("ntpd",pid=34662,fd=30))
udp UNCONN 0 0 [fe80::1896:c3ff:fe33:7f48]%veth75037e9:123 [::]:* users:(("ntpd",pid=34662,fd=31))
udp UNCONN 0 0 [fe80::d4c1:93ff:fe67:79be]%br-8b18e754535d:123 [::]:* users:(("ntpd",pid=34662,fd=29))
udp UNCONN 0 0 [fe80::6cd8:93ff:fe61:746a]%veth9d6ac70:123 [::]:* users:(("ntpd",pid=34662,fd=27))
udp UNCONN 0 0 [2402:4e00:c052:1000:620e:43c2:26f4:0]:123 [::]:* users:(("ntpd",pid=34662,fd=26))
udp UNCONN 0 0 [fe80::24eb:33ff:fe0a:1147]%vethdf8e755:123 [::]:* users:(("ntpd",pid=34662,fd=25))
udp UNCONN 0 0 [fe80::2077:e0ff:fe44:477c]%br-b4da88867feb:123 [::]:* users:(("ntpd",pid=34662,fd=24))
udp UNCONN 0 0 [fe80::5054:ff:fea5:e184]%eth0:123 [::]:* users:(("ntpd",pid=34662,fd=21))
udp UNCONN 0 0 [::1]:123 [::]:* users:(("ntpd",pid=34662,fd=20))
udp UNCONN 0 0 [::]:123 [::]:* users:(("ntpd",pid=34662,fd=16))
udp UNCONN 0 0 [::]:443 [::]:* users:(("openresty",pid=3820296,fd=15),("openresty",pid=557366,fd=15))
udp UNCONN 0 0 [::]:443 [::]:* users:(("openresty",pid=3820296,fd=17),("openresty",pid=557367,fd=17))
tcp LISTEN 0 4096 127.0.0.1:8090 0.0.0.0:* users:(("docker-proxy",pid=3937009,fd=7))
tcp LISTEN 0 4096 0.0.0.0:5173 0.0.0.0:* users:(("docker-proxy",pid=450779,fd=7))
tcp LISTEN 0 4096 127.0.0.1:5432 0.0.0.0:* users:(("docker-proxy",pid=96341,fd=7))
tcp LISTEN 0 4096 127.0.0.1:40255 0.0.0.0:* users:(("docker-proxy",pid=555376,fd=7))
tcp LISTEN 0 4096 127.0.0.1:5244 0.0.0.0:* users:(("docker-proxy",pid=460011,fd=7))
tcp LISTEN 0 4096 127.0.0.1:5246 0.0.0.0:* users:(("docker-proxy",pid=460026,fd=7))
tcp LISTEN 0 4096 0.0.0.0:20000 0.0.0.0:* users:(("1panel-core",pid=3821337,fd=12))
tcp LISTEN 0 511 0.0.0.0:443 0.0.0.0:* users:(("openresty",pid=3820296,fd=11),("openresty",pid=557367,fd=11),("openresty",pid=557366,fd=11))
tcp LISTEN 0 511 0.0.0.0:80 0.0.0.0:* users:(("openresty",pid=3820296,fd=10),("openresty",pid=557367,fd=10),("openresty",pid=557366,fd=10))
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=34567,fd=3))
tcp LISTEN 0 4096 0.0.0.0:3060 0.0.0.0:* users:(("docker-proxy",pid=444154,fd=7))
tcp LISTEN 0 20 127.0.0.1:25 0.0.0.0:* users:(("exim4",pid=53968,fd=4))
tcp LISTEN 0 4096 [::]:5173 [::]:* users:(("docker-proxy",pid=450785,fd=7))
tcp LISTEN 0 20 [::1]:25 [::]:* users:(("exim4",pid=53968,fd=5))
tcp LISTEN 0 511 [::]:443 [::]:* users:(("openresty",pid=3820296,fd=13),("openresty",pid=557367,fd=13),("openresty",pid=557366,fd=13))
tcp LISTEN 0 511 [::]:80 [::]:* users:(("openresty",pid=3820296,fd=12),("openresty",pid=557367,fd=12),("openresty",pid=557366,fd=12))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=34567,fd=4))
tcp LISTEN 0 4096 [::]:3060 [::]:* users:(("docker-proxy",pid=444159,fd=7))
用户、组、登录
命令:id
- 用途:从 /etc/group 获取真实以及有效的用户和所在组的信息打印到终端。
- 示例:
id root liubang
id
- 结果示例:
liubang060917@hongkong:~$ id root liubang
uid=0(root) gid=0(root) groups=0(root)
uid=1001(liubang) gid=1004(liubang) groups=1004(liubang),4(adm),30(dip),44(video),46(plugdev),1000(google-sudoers),1001(docker),1002(lxd)
liubang060917@hongkong:~$ id
uid=1000(liubang060917) gid=1003(liubang060917) groups=1003(liubang060917),4(adm),30(dip),44(video),46(plugdev),1000(google-sudoers),1001(docker),1002(lxd)
命令:groups
- 用途:等价于
id -Gn。 - 示例:
groups root liubang060917
- 结果示例:
root@uk:/etc# groups root liubang060917
root : root
liubang060917 : liubang060917 adm dip video plugdev google-sudoers docker lxd
命令:getent
- 用途:从系统数据库(如 /etc/passwd、/etc/shadow、/etc/group、/etc/gshadow)获取条目。
- 示例:
# 查看所有用户信息
getent passwd
# 查看密码信息(需要 root 权限)
getent shadow
- 结果示例:
root@VM-0-11-debian:~# getent passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:998:998:systemd Network Management:/:/usr/sbin/nologin
systemd-timesync:x:997:997:systemd Time Synchronization:/:/usr/sbin/nologin
messagebus:x:100:107::/nonexistent:/usr/sbin/nologin
sshd:x:101:65534::/run/sshd:/usr/sbin/nologin
debian:x:1000:1000:debian,,,:/home/debian:/bin/bash
ntpsec:x:102:109::/nonexistent:/usr/sbin/nologin
lighthouse:x:1001:1002::/home/lighthouse:/bin/bash
Debian-exim:x:103:110::/var/spool/exim4:/usr/sbin/nologin
www:x:1002:1003::/home/www:/sbin/nologin
tcpdump:x:104:111::/nonexistent:/usr/sbin/nologin
root@VM-0-11-debian:~# getent shadow
daemon:*:19573:0:99999:7:::
bin:*:19573:0:99999:7:::
sys:*:19573:0:99999:7:::
sync:*:19573:0:99999:7:::
games:*:19573:0:99999:7:::
man:*:19573:0:99999:7:::
lp:*:19573:0:99999:7:::
mail:*:19573:0:99999:7:::
news:*:19573:0:99999:7:::
uucp:*:19573:0:99999:7:::
proxy:*:19573:0:99999:7:::
www-data:*:19573:0:99999:7:::
backup:*:19573:0:99999:7:::
list:*:19573:0:99999:7:::
irc:*:19573:0:99999:7:::
_apt:*:19573:0:99999:7:::
nobody:*:19573:0:99999:7:::
systemd-network:!:19573::::::
systemd-timesync:!:19573::::::
messagebus:!:19573::::::
sshd:!:19573::::::
debian:$n$j9T$QKSBTStNouakWVNCHMsybf.$CfMUgtk3veUBrMbOnGp8YC6D4T4/3Nul9G4ZCsSlqO8:19573:0:99999:7:::
ntpsec:!:19576::::::
root:$5$buTzUfdO$6ZDvVsWVCHDcPqDrwBk3q/:20438:0:99999:7:::
lighthouse:!:20438:0:99999:7:::
Debian-exim:!:20438::::::
www:!:20438:0:99999:7:::
tcpdump:!:20438::::::
liubang060917:!$y$j9T$r6.seJeDUB3VR/heMw1YZ0$.qxImZu7phVuYCYD0vVuGNBrhFvWtJDEwzqyCZK7qqD:20450:0:99999:7:::
- 解释:
passwd结果:用户名:x(占位符,实际密码存储在 /etc/shadow 文件中):UID:GID:描述信息:家目录:登录 Shell
shadow结果:列 1~2: 用户名:密码 (* 或 ! 表示密码被锁定,$ 表示加密密码,空表示无密码)列 3~5: 上次密码修改时间(天数):密码最短有效期:密码最长有效期列 6~7: 密码过期警告期:密码过期宽限期列 8~9: 账户失效日期(天数):保留字段
- 示例(以用户
liubang060917为例):
/etc/passwd 行:
liubang060917:x:1000:1003:liubang060917,,,:/home/liubang060917:/bin/bash
/etc/shadow 行:
liubang060917:!$y$j9T$r6.seJeDUB3VR/heMw1YZ0$.qxImZu7phVuYCYD0vVuGNBrhFvWtJDEwzqyCZK7qqD:20450:0:99999:7:::
解释:
passwd -> 用户名=liubang060917, UID=1000, GID=1003, 家目录=/home/liubang060917, Shell=/bin/bash
shadow -> 密码字段以 "!" 开头表示锁定, 上次改密=20450 天, 最短有效期=0, 最长有效期=99999, 过期警告=7 天
命令:passwd
- 用途:更改用户密码;密码被锁定时需 root 解锁。
- 示例:
# 密码被锁定,无法自己更改
passwd
# 使用 root 解锁
sudo passwd -u liubang060917
# 解锁后可更改自己的密码
passwd
# 删除自己的密码(需 root 权限)
sudo passwd -d liubang060917
# 查看 shadow
sudo getent shadow
- 结果示例:
liubang060917@japan:~$ passwd
Changing password for liubang060917.
Current password:
passwd: Authentication token manipulation error
passwd: password unchanged
root@japan:/home/liubang060917# passwd -u liubang060917
passwd: password changed.
liubang060917@japan:~$ passwd
Changing password for liubang060917.
Current password:
New password:
(这里按 Ctrl+D 退出)
liubang060917@japan:~$ passwd -d liubang060917
passwd: Permission denied.
liubang060917@japan:~$ sudo passwd -d liubang060917
passwd: password changed.
liubang060917@japan:~$ sudo getent shadow
liubang060917::20450:0:99999:7:::
- 补充(禁用 root 登录的服务器上初始化 root 密码):
sudo getent shadow root
sudo passwd root
sudo getent shadow root
- 结果示例:
liubang060917@uk:~$ sudo getent shadow root
root:*:20431:0:99999:7:::
liubang060917@uk:~$ sudo passwd root
New password:
Retype new password:
passwd: password updated successfully
liubang060917@uk:~$ sudo getent shadow root
root:$y$j9T$IWZLVBj3fYBNWdMo.tn1t0$3jSInMjLuGyV0sDXqqpZaxxy5hBE/pKc5J3qpnR.pY0:20451:0:99999:7:::
命令:su
- 用途:切换当前用户身份(创建新的 Shell 会话)。
- 示例:
# 从 root 切换到任意账号都不需要密码
su liubang060917
# 从 liubang060917 切换到 liubang 需要密码
su liubang
# 提升至 root 需要 root 密码
su
- 结果示例:
root@hongkong:/home/liubang060917# su liubang060917
liubang060917@hongkong:~$ su liubang
Password:
liubang@hongkong:/home/liubang060917$ su
Password:
root@hongkong:/home/liubang060917# w
命令:sudo
- 用途:以其他身份执行命令(默认 root)。
- 示例:
/etc/sudoers 文件示例
## This file MUST be edited with the 'visudo' command as root.
## Please consider adding local content in /etc/sudoers.d/ instead of
## directly modifying this file.
## See the man page for details on how to write a sudoers file.
#Defaults env_reset
#Defaults mail_badpass
#Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
#Defaults use_pty
#Defaults:%sudo env_keep += "http_proxy https_proxy ftp_proxy all_proxy no_proxy"
#Defaults:%sudo env_keep += "EDITOR"
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL
lighthouse ALL=(ALL) NOPASSWD: ALL
@includedir /etc/sudoers.d
- 解释:
用户(User) 主机(HostName)=(可切换的身份(Runas)) 特殊选项(如 NOPASSWD) 允许的命令(Commands)root ALL=(ALL:ALL) ALL%sudo ALL=(ALL:ALL) ALLlighthouse ALL=(ALL) NOPASSWD: ALLUser为 % 开头表示用户组。HostName为 ALL 表示对所有主机生效。Runas为 (ALL) 表示可切换为任何用户。ALL和ALL:ALL等效。Commands为 ALL 表示允许执行所有命令。
命令:useradd
- 用途:创建新用户(需要 sudo 权限)。
- 示例:
# 查看默认值
sudo useradd -D
# 创建用户
sudo useradd trump
# 查看新用户信息
id trump
getent passwd trump
sudo getent shadow trump
- 结果示例:
liubang060917@hongkong:~$ useradd -D
-bash: useradd: command not found
liubang060917@hongkong:~$ sudo useradd -D
GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
SHELL=/bin/sh
SKEL=/etc/skel
CREATE_MAIL_SPOOL=no
LOG_INIT=yes
liubang060917@hongkong:~$ sudo useradd trump
liubang060917@hongkong:~$ id trump
uid=1002(trump) gid=1005(trump) groups=1005(trump)
liubang060917@hongkong:~$ getent passwd trump
trump:x:1002:1005::/home/trump:/bin/sh
liubang060917@hongkong:~$ sudo getent shadow trump
trump:!:20451:0:99999:7:::
命令:who
- 用途:显示当前已登录系统的用户信息。
- 示例:
who
命令:w
- 用途:显示当前登录用户与活动信息。
- 示例:
w
命令:whoami
- 用途:显示当前用户名称。
- 示例:
whoami
- 结果示例:
root@VM-0-11-debian:~# who
root pts/0 2025-12-28 22:41 (114.246.196.43)
root pts/1 2025-12-28 22:42 (114.246.196.43)
root@VM-0-11-debian:~# w
23:21:51 up 12 days, 5:40, 2 users, load average: 0.00, 0.05, 0.07
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 114.246.196.43 22:41 2.00s 0.02s ? w
root pts/1 114.246.196.43 22:42 39:51 3.18s 3.17s top
root@VM-0-11-debian:~# whoami
root
命令:last
- 用途:显示用户登录历史。
- 示例:
last -w
- 结果示例:
liubang060917@japan:~$ last -w
用户名 终端 来源IP 登录时间(系统设置的时区) 登出时间/状态(持续时间)
liubang060917 pts/1 114.246.204.30 Mon Dec 29 04:09 still logged in
liubang060917 pts/0 114.246.204.30 Mon Dec 29 04:09 still logged in
liubang060917 pts/1 114.246.194.173 Sun Dec 28 16:32 - 16:34 (00:01)
liubang060917 pts/0 114.246.194.173 Sun Dec 28 16:32 - 16:34 (00:01)
liubang060917 pts/1 114.246.194.173 Sun Dec 28 16:22 - 16:25 (00:02)
liubang060917 pts/0 114.246.194.173 Sun Dec 28 16:22 - 16:25 (00:02)
liubang060917 pts/1 114.246.194.173 Sun Dec 28 16:16 - 16:22 (00:06)
liubang060917 pts/0 114.246.194.173 Sun Dec 28 16:16 - 16:22 (00:06)
liubang060917 pts/1 114.246.194.173 Sun Dec 28 15:56 - 16:16 (00:19)
liubang060917 pts/0 114.246.194.173 Sun Dec 28 15:56 - 16:16 (00:19)
liubang060917 pts/1 114.246.199.208 Wed Dec 17 07:23 - 07:27 (00:03)
liubang060917 pts/2 114.246.195.203 Sat Dec 6 13:35 - 13:37 (00:01)
liubang060917 pts/1 114.246.195.203 Sat Dec 6 13:35 - 13:37 (00:01)
liubang060917 pts/2 114.246.195.203 Sat Dec 6 13:32 - 13:35 (00:02)
liubang060917 pts/1 114.246.195.203 Sat Dec 6 13:32 - 13:35 (00:03)
liubang060917 pts/2 114.246.195.203 Sat Dec 6 13:31 - 13:32 (00:01)
liubang060917 pts/1 114.246.195.203 Sat Dec 6 13:31 - 13:32 (00:01)
liubang060917 pts/0 35.235.242.49 Sat Dec 6 13:26 - 13:39 (00:13)
liubang060917 pts/0 35.235.240.242 Sat Dec 6 10:12 - 10:26 (00:14)
liubang060917 pts/1 35.235.244.242 Sat Dec 6 09:57 - 10:21 (00:24)
liubang060917 pts/0 35.235.244.241 Sat Dec 6 09:53 - 10:06 (00:12)
reboot system boot 6.1.0-40-cloud-amd64 Sat Dec 6 09:50 still running
- 说明:
pts/0、pts/1等代表伪终端,通常通过 SSH 等网络连接登录。tty1、tty2等代表物理控制台终端。
系统运行状态
命令:uptime
- 用途:显示系统运行时间、登录用户数及系统平均负载。
- 示例:
uptime
- 结果示例:
root@VM-0-11-debian:~# uptime
现在时间、系统已经运行了多长时间、目前有多少登陆用户、系统在过去的 1 分钟、5 分钟和 15 分钟内的平均负载。
16:10:56 up 12 days, 22:29, 2 users, load average: 0.04, 0.01, 0.00
命令:top
- 用途:实时查看系统整体运行情况。
- 示例:
top
- 结果示例:
liubang060917@hongkong:~$ top
top - 16:14:17 up 1 day, 5:46, 2 users, load average: 0.15, 0.21, 0.18 (同 uptime)
Tasks: 411 total, 1 running, 410 sleeping, 0 stopped, 0 zombie
%Cpu(s): 1.3 us, 2.3 sy, 0.0 ni, 96.3 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st (按 t 切换样式)
MiB Mem : 3924.7 total, 120.5 free, 3041.3 used, 1081.7 buff/cache (同 free,按 m 切换样式)
MiB Swap: 0.0 total, 0.0 free, 0.0 used. 883.4 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
479298 liubang+ 20 0 18360 7928 5488 S 1.0 0.2 0:32.04 sshd
2507 root 20 0 1234092 7680 2228 S 0.3 0.2 0:24.88 containerd-shim
2750 999 20 0 62716 9896 1284 S 0.3 0.2 3:27.20 redis-server
6249 root 20 0 1672784 4496 0 S 0.3 0.1 0:00.10 docker-proxy
479328 liubang+ 20 0 8572 4440 2568 S 0.3 0.1 0:14.10 top
534267 liubang+ 20 0 9028 5084 2960 R 0.3 0.1 0:00.04 top
1 root 20 0 168676 8352 4320 S 0.0 0.2 0:06.48 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.01 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
5 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 slub_flushwq
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 netns
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-events_highpri
10 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
11 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_tasks_kthread
12 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_tasks_rude_kthread
13 root 20 0 0 0 0 I 0.0 0.0 0:00.00 rcu_tasks_trace_kthread
14 root 20 0 0 0 0 S 0.0 0.0 0:09.78 ksoftirqd/0
15 root 20 0 0 0 0 I 0.0 0.0 0:43.15 rcu_preempt
16 root rt 0 0 0 0 S 0.0 0.0 0:00.44 migration/0
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
20 root rt 0 0 0 0 S 0.0 0.0 0:00.72 migration/1
21 root 20 0 0 0 0 S 0.0 0.0 0:09.88 ksoftirqd/1
23 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/1:0H-events_highpri
26 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
27 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 inet_frag_wq
28 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kauditd
29 root 20 0 0 0 0 S 0.0 0.0 0:00.20 khungtaskd
31 root 20 0 0 0 0 S 0.0 0.0 0:00.00 oom_reaper
服务与进程管理
命令:systemctl
- 用途:管理系统服务(Systemd 系统)。
- 示例:
# 列出所有服务单元
systemctl list-units --type=service
# 查看服务状态
systemctl status <服务名>
# 设置服务开机自启
systemctl enable <服务名>
默认评论
Halo系统提供的评论