sudo ssh -fgN -L 33819:localhost:5043 localhost -o “IdentityFile=~/.ssh/abcid_rsa”
ssh port forward with identityfile
发表评论
分类目录归档:技术文章
How to Test Port [TCP/UDP] Connectivity from a Linux Server with nc
yum install nc
# nc -z -v [hostname/IP address] [port number]
# nc -z -v 192.168.10.12 22
Connection to 192.118.20.95 22 port [tcp/ssh] succeeded!
# nc -z -v 192.168.10.12 22
nc: connect to 192.118.20.95 port 22 (tcp) failed: No route to host
# nc -z -v -u [hostname/IP address] [port number]
# nc -z -v -u 192.168.10.12 123
Connection to 192.118.20.95 123 port [udp/ntp] succeeded!
windows 11 安卓子项目 增加代理
D:\prog\WSAToolbox>adb kill-server
D:\prog\WSAToolbox>adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
D:\prog\WSAToolbox>adb.exe connect 172.22.34.229:5555
connected to 172.22.34.229:5555
安卓系统的ip地址
D:\prog\WSAToolbox>d:
D:\prog\WSAToolbox>adb shell settings put global http_proxy 172.22.32.1:10809
Ethernet adapter vEthernet (WSL): 的地址
删除代理
adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port
升级openssl
ssh
apt-get install -y aptitude
aptitude install -f libpam0g-dev libselinux1-dev
apt-get install -y libssl-dev zlib1g-dev
# 备份ssh配置
cp -rf /etc/ssh /etc/ssh.bak
# 设置文件权限
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key
# 配置sshd配置
sed -i ‘s/^#PermitRootLogin yes/PermitRootLogin yes/’ /etc/ssh/sshd_config
sed -i ‘s/^GSSAPIAuthentication/#&/’ /etc/ssh/sshd_config
sed -i ‘s/^GSSAPICleanupCredentials/#&/’ /etc/ssh/sshd_config
sed -i ‘s/^UsePAM/#&/’ /etc/ssh/sshd_config
# 配置service, 取消notify
sed -i ‘s/^Type/#&/’ /lib/systemd/system/ssh.service
# 下载包
wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.6p1.tar.gz
tar zxf openssh-8.6p1.tar.gz
# 编译安装
cd openssh-8.6p1
./configure –prefix=/usr –with-privsep-path=/var/empty/sshd/ \
–sysconfdir=/etc/ssh –with-ssl-dir=/usr/local/openssl/ \
–with-default-path=/usr/local/bin:/bin:/usr/bin \
–with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
–with-pam –with-selinux –disable-strip –with-md5-passwords
make
make install
# 重启服务
systemctl daemon-reload
systemctl restart sshd
# 现在版本
ssh -V
openssl
https://www.howtoforge.com/tutorial/how-to-install-openssl-from-source-on-linux/
也可以看这个
https://stackoverflow.com/a/49578644
但是记得要看Openssl是不是在path里面
openwrt上安装you-get下载youtube视频
opkg update && opkg install git git-http
git clone git://github.com/soimort/you-get.git
cd you-get/
./setup.py install
you-get -i "https://www.youtube.com/watch?v=OdCeoQ2dYxE&t=34s"
esxi esir openwrt ikuai 安装注意点
客户机操作系统版本 其他5.X或更高linux64,可以选vmxnet3,获取更好的性能。
esxi 7 安装,启动的时候要输入参数,避免占用120空间
ikuai主路由 lede等做旁路由,会出现mac地址混乱的问题,要在主路由开通xx,旁路由启动yyy
安装windows 10,可能安装过程认不出网卡,先取消联网,装了vmtools之后就行了
esxi的管理口可以在启动后的黄黑屏幕设置,可以多选,选了以后就不能直通了
管理口设置的ip地址放一个网段,允许混杂,可以不插网线访问
esxi上的系统可以通过这个管理口虚拟的网卡做连通
如果用主路由+胖路由的方式上网,群晖设置外网访问upnp,说有两个路由器,把网关手工指定一下就行了
CentOS8的基础防火墙配置
systemctl使用
systemctl unmask firewalld #执行命令,即可实现取消服务的锁定
systemctl mask firewalld # 下次需要锁定该服务时执行
systemctl start firewalld.service #启动防火墙
systemctl stop firewalld.service #停止防火墙
systemctl reloadt firewalld.service #重载配置
systemctl restart firewalld.service #重启服务
systemctl status firewalld.service #显示服务的状态
systemctl enable firewalld.service #在开机时启用服务
systemctl disable firewalld.service #在开机时禁用服务
systemctl is-enabled firewalld.service #查看服务是否开机启动
systemctl list-unit-files|grep enabled #查看已启动的服务列表
systemctl –failed #查看启动失败的服务列表
firewall-cmd使用
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #更新防火墙规则
firewall-cmd –state #查看防火墙状态
firewall-cmd –reload #重载防火墙规则
firewall-cmd –list-ports #查看所有打开的端口
firewall-cmd –list-services #查看所有允许的服务
firewall-cmd –get-services #获取所有支持的服务
/usr/lib/firewalld/services
#区域相关
firewall-cmd –list-all-zones #查看所有区域信息
firewall-cmd –get-active-zones #查看活动区域信息
firewall-cmd –set-default-zone=public #设置public为默认区域
firewall-cmd –get-default-zone #查看默认区域信息
firewall-cmd –zone=public –add-interface=eth0 #将接口eth0加入区域public
#接口相关
firewall-cmd –zone=public –remove-interface=eth0 #从区域public中删除接口eth0
firewall-cmd –zone=default –change-interface=eth0 #修改接口eth0所属区域为default
firewall-cmd –get-zone-of-interface=eth0 #查看接口eth0所属区域
用例
firewall-cmd –query-port=8080/tcp # 查询端口是否开放
firewall-cmd –add-port=80/tcp –permanent #永久添加80端口例外(全局)
firewall-cmd –remove-port=80/tcp –permanent #永久删除80端口例外(全局)
firewall-cmd –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(全局)
firewall-cmd –zone=public –add-port=80/tcp –permanent #永久添加80端口例外(区域public)
firewall-cmd –zone=public –remove-port=80/tcp –permanent #永久删除80端口例外(区域public)
firewall-cmd –zone=public –add-port=65001-65010/tcp –permanent #永久增加65001-65010例外(区域public)
firewall-cmd –reload #重启防火墙(修改配置后要重启防火墙)
v2ray core软件提示Privoxy Fatal Error: can’t bind to 127.0.0.1:xxxxx (error number 10104)解决方法
打开命令行(管理员权限),输入
netsh winsock reset
重启电脑即可
nginx+v2ray
参照这个文章的配置,
https://www.ecsoe.com/archives/38.html
一次成功
先安装了nginx+ssl,再安装v2ray,调整配置。
yum -y update
bash <(curl -L -s https://install.direct/go.sh)
systemctl enable v2ray
vi /etc/nginx/conf.d/v2ray.conf
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
location /ray {
proxy_pass http://127.0.0.1:10000;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
{
"inbounds": [
{
"port": 10000,
"listen":"127.0.0.1",
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "你的UUID",
"alterId": 64
}
]
},
"streamSettings": {
"network": "ws",
"wsSettings": {
"path": "/ray"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {}
}
]
}
vi /etc/selinux/config
SELINUX=disabled
setenforce 0
apache下载zip文件没有content-length
同事做的一个东西,遇到一个问题。http下载一个apache提供服务的一个文件,css,html有content-length(可能是文件较小,是把结果显示的?),但是zip文件没有。导致无法做下载的进度条。网上搜了一下,也有人反应这种情况。
生猛的解决办法是注释掉
LoadModule deflate_module modules/mod_deflate.so
当然,这个会影响其他的应用,因为这个是zip包,不需要再压缩了,找到了下面的语句,增加了zip,问题也得到了解决。
# Don’t compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip)$ no-gzip dont-vary
原因就是服务器支持压缩,对zip类的文件禁用该功能就行了。