登录

链接地址在这里: Control Panel

ReInstall

可供选择的系统有:

  • Almalinux
  • CentOS
  • Debian
  • Fedora
  • Rocky Linux
  • Ubuntu

不知为什么, 选择了 Almalinux. 也许是因为排在第一吧. 问了下 GPT4, 选择 Almalinux 还是 Debian, 回答是这样的:

如果您更注重稳定性、与 CentOS 的兼容性和不断增长的社区支持,AlmaLinux 可能是更合适的选择。而如果您更看重软件的新颖性和更广泛的软件包选择,那么 Debian 可能更适合您。

可供选择的有 Almalinux 8 和 Almalinux 9, 选定了要安装的系统和版本号以后, 点击 Reinstall, 网页提示重装开始:

Installation has been started. Please allow up to 10 minutes for it to complete

Root/Admin Password: **

SSH 登录

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
   ~                                                                                                                                                               20:32:53
❯ ssh root@***.***.**.***
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:*********Jd25uf5Yj5VZ9M4gDH26m5S1Gmz1TX****.
Please contact your system administrator.
Add correct host key in ~/.ssh/known_hosts to get rid of this message.
Offending RSA key in ~/.ssh/known_hosts:16
Host key for ***.***.**.*** has changed and you have requested strict checking.
Host key verification failed.
   ~                                                                                                                                                       ✘ 255   20:33:14
❯ ssh root@***.***.**.***
The authenticity of host '***.***.**.***' can't be established.
****519 key fingerprint is SHA256:*********Jd25uf5Yj5VZ9M4gDH26m5S1Gmz1TX****.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '***.***.**.***'(****519) to the list of known hosts.
root@***.***.**.***'s password:
Last failed login: Sat Mar  2 07:35:11 EST 2024 from 150.109.23.87 on ssh:notty
There were 3 failed login attempts since the last successful login.
[root@********-****** ~]#

上面这些信息是告诉用户: 因为之前已经登录过这个 IP 地址, 在本地电脑上记录了远程 VPS 的指纹, 而系统重装以后, 远程电脑的指纹已经变了, 于是拒绝登录操作.

打开本地电脑的~/.ssh/known_hosts, 找到相应的记录, 删除掉, 就可以了.

系统初始化

基本上照这个教程亦步亦趋地操作.Linux服务器初始化工作_初始化打工服务-CSDN博客

修改主机名

查看系统信息

1
hostnamectl

修改主机名

1
hostnamectl set-hostname my_host_name

禁止 ICMP 协议

1
2
echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
sysctl -p

如此一来, VPS 的 ip 就没办法 ping 通了.

关闭 SELinux

1
2
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

修改 ssh 端口

准备端口

先安装 lsof 工具

1
2
yum -y install lsof
lsof -i:1234

经检查, 1234 没有被占用.

防火墙开放端口

1
2
3
firewall-cmd --add-port=2222/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-ports

修改 ssh 端口

1
vi /etc/ssh/sshd_config

#Port 22 改为 Port 1234

1
2
systemctl restart sshd
sudo lsof -i -P -n | grep LISTEN

从此以后,ssh 登录只能用 1234 端口.

创建新用户

创建新用户

1
adduser username

修改密码

1
passwd username

赋予新用户管理员权限

1
2
usermod -aG wheel username
cat /etc/group |grep wheel

禁止 root 用户远程登录

修改配置

1
vi /etc/ssh/sshd_config

PermitRootLogin yes 改为 PermitRootLogin no

重启 sshd

1
systemctl restart sshd

为服务器开启 bbr

TCP BBR 是谷歌出品的 TCP 拥塞控制算法,可以使 Linux 服务器显著地提高吞吐量和减少 TCP 连接的延迟。

1
2
3
 echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
 echo "net.core.default_qdisc = fq_codel" >> /etc/sysctl.conf
 sysctl -p

似乎 racknerd 的 VPS 默认是已经打开了.

设置 ssh 无密登录

1
ssh-copy-id -p 1234 username@server-ip

安装几个应用程序

1
2
3
4
5
sudo dnf clean all
sudo dnf update
sudo dnf groupinstall "Development Tools"
sudo yum makecache --refresh
sudo yum -y instal wget git zsh tar util-linux-user lua

安装 tailscale

1
curl -fsSL https://tailscale.com/install.sh | sh

安装 fzf

1
2
3
sudo dnf install epel-release
sudo dnf install fzf
fzf --version

安装 neovim

如何在 Almalinux 中安装 neovim

配置 zsh

终端配置

$HOME/.zshrc 中添加 export TERM=xterm-256color 然后运行 sudo chsh -s /bin/zsh

安装 oh-my-zsh

1
2
3
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting

打开 $HOME/.zshrcplugin = (git) 改为 plugin = (git zsh-autosuggestions zsh-autosuggestions) 添加 bindkey ',' autosuggest-accept 运行命令 source $HOME/.zshrc

安装 z.lua

1
2
3
mkdir ~/github
cd ~/github
git clone https://github.com/skywind3000/z.lua.git

打开 $HOME/.zshrc, 添加 eval "$(lua /path/to/z.lua --init zsh)" 重启 zsh

安装 powerlevel10K

1
git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k

修改 $HOME/.zshrc, 把 ZSH_THEME='robbyrussell' 改为 'powerlevel10k/powerlevel10k' 重启 zsh, 完成 powerlevel10k 初始化. 以后要重置, 只需要运行命令: p10k configure