https://calee0219.github.io/tag/cli/CliHugoBlox Kit (https://hugoblox.com)en-us©Mon, 09 Aug 2021 07:48:37 +0800https://calee0219.github.io/media/icon_hu_da05098ef60dc2e7.pnghttps://calee0219.github.io/tag/cli/https://calee0219.github.io/blog/note_linux_cli/Mon, 09 Aug 2021 07:48:37 +0800https://calee0219.github.io/blog/note_linux_cli/<h3 id="change-default-editor">Change default editor</h3> <ul> <li>For global <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">sudo update-alternatives --config editor </span></span><span class="line"><span class="cl"># 然後選擇數字 </span></span></code></pre></div></li> <li>For one user <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-shell" data-lang="shell"><span class="line"><span class="cl"><span class="k">select</span>-editor </span></span></code></pre></div>or in <code>.bashrc</code> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-gdscript3" data-lang="gdscript3"><span class="line"><span class="cl"><span class="k">export</span> <span class="n">EDITOR</span><span class="o">=</span><span class="s1">&#39;vim&#39;</span> </span></span><span class="line"><span class="cl"><span class="k">export</span> <span class="n">VISUAL</span><span class="o">=</span><span class="s1">&#39;vim&#39;</span> </span></span></code></pre></div></li> </ul> <h3 id="add-groups">Add groups</h3> <ul> <li>Change main group <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">sudo groupadd mynewgroup # Add a new group </span></span><span class="line"><span class="cl">usermod -g groupname username </span></span><span class="line"><span class="cl">groups username </span></span></code></pre></div></li> <li>Add secondary group <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">sudo usermod -aG groupname username </span></span></code></pre></div></li> </ul> <h3 id="password-policy">password policy</h3> <ul> <li> </li> <li> </li> <li> </li> <li><code>vim /etc/pam.d/common-password</code> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">password required pam_cracklib.so minlen=8 # 最短 8 digits </span></span></code></pre></div></li> </ul> <h2 id="ssh">SSH</h2> <h3 id="ssh-keep-alive">SSH Keep Alive</h3> <h4 id="client-side">Client side</h4> <p><code>~/.ssh/config</code></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">Host * </span></span><span class="line"><span class="cl">ServerAliveInterval 240 </span></span></code></pre></div><p><code>chmod 600 ~/.ssh/config</code></p> <h4 id="server-side">Server Side</h4> <p><code>/etc/ssh/sshd_config</code></p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">ClientAliveInterval 60 </span></span><span class="line"><span class="cl">ClientAliveCountMax 2 </span></span></code></pre></div><h3 id="ssh-tunnel">SSH Tunnel</h3> <p> </p> <ul> <li>Normal Tunnel (Local Port Forward) <ul> <li>正常情況下，你希望你的封包先過一台機器(Server Side)，再用這台機器出去，達到 VPN 的效果，你如果可以直接對這台機器(Server Side) SSH，便可以用正常的 SSH Tunnel</li> <li>指定碰到 client 的 port 就等於碰到 server 的 port</li> <li>Client <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">ssh -L [bind_address:]port:host:hostport user@host_ip </span></span></code></pre></div></li> </ul> </li> <li>Reverse Tunnel (Remote Port Forward) <ul> <li>如果你希望封包進入一台無法 SSH 的機器(Server Side)，可能是再公司防火牆內的機器，對於開 SSH Session 只能由內往外開，不能由外往內開，這時候就需要先再 Server Side 主動開 Reverse SSH Tunnel，把 port bind 再 Client Side 上的某個 port，再由 client side 戳 localhost 的這個 port</li> <li>Server: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">ssh -R 2222(bind to client port):localhost(server / server 可碰到):22(server port) user@client_ip </span></span></code></pre></div></li> <li>Client: <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">nc -v localhost 2222 </span></span></code></pre></div></li> </ul> </li> <li>Socket Proxy (Dynamic Port Forward) <ul> <li>正常情況下，你希望你的封包先過一台機器(Server Side)，再用這台機器出去，達到 VPN 的效果，同時不需要指定碰到 client 的 port 就等於碰到 server 的 port</li> <li>Client <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"><span class="line"><span class="cl">ssh -D [bind_address:]port user@server_ip </span></span></code></pre></div></li> <li> </li> </ul> </li> </ul> <h2 id="icmp-tunnel">ICMP Tunnel</h2> <ul> <li> </li> </ul>