Take it easy, sit back and relax
This is my first personal note, as the title suggests, it is my own personal notes (personal-oriented) to record some knowledge points I encounter in daily life that need to be recorded.
I feel that writing anywhere is not as good as writing in a blog (actually, there is no other place to write), and read as needed.
The content of personal notes is generally fragmented and messy, please bear with me.
Domestic machines:
Debian13
Ubuntu 22.04
CentOS 9 stream
Windows 11 Pro for Workstations
Windows 10 LTSC
Windows Server 2022
Windows Server 2012 R2
Default username and password:
Linux: root LeitboGi0ro
Windows: Administrator Teddysun.com
Default port number:
Linux: 22
Windows: 3389
Edit hostname
Edit hosts
Some cloud providers reset the hosts file on reboot; you can make it immutable
To revert
Then reboot.
Generate ED25519 key pair
Find the key pair under ~/.ssh/, download and delete the files from the server.
Next, paste the public key content into authorized_keys
and set correct permissions
Configure sshd_config
Ensure PubkeyAuthentication yes
If you want to disable password login and use key only (recommended)
Find #PasswordAuthentication yes, uncomment and change yes to no
Restart ssh
First enter root
and enter root password.
Find PermitRootLogin no and change to PermitRootLogin yes
Sometimes it is PermitRootLogin prohibit-password which means prohibit password login, change to yes.
Restart the SSH service
Open gdm-password
Comment out the following line and reboot
We use the Campus Network Joint Mirror Source Debian , Ubuntu
Clear the contents and replace with the mirror source.
Old systems like Debian 10 may lack files.
It is recommended to use Alibaba Cloud mirror here Debian , Ubuntu
Note! Alibaba source speed is slow (usually around 500KB/s), only recommended for Alibaba Cloud servers or systems not supported by campus mirrors (such as Debian 9 and below).
Check current system language
LANG should be changed to zh_CN.UTF-8
Enter locales
Inside find and install zh_CN.UTF-8
Select zh_CN.UTF-8 and install Chinese fonts
After reboot, check locale to see zh_CN.UTF-8.
Check bashrc and profile for language locked to "C"
If there is code locking to "C", comment it out.
Install UFW
Add basic rules
Add source IP rule (Allow access from IPs in the 10.x.x.x range)
Add multiple IP rules (For machines with multiple public IPs)
Enable UFW firewall
View firewall rules
Delete firewall rule (View rule number, delete rule number 1)
Reload firewall
Add 2001:67c:2960::64 or 2a00:1098:2b::1
First install 4. Install WireGuard related components
Then install 5. Auto-configure WARP WireGuard IPv4 network
If installation fails, it might be because some LXC do not have iptables installed; install and reboot.
This note is complete. Next:
wget --no-check-certificate -qO InstallNET.sh 'https://raw.githubusercontent.com/leitbogioro/Tools/master/Linux_reinstall/InstallNET.sh' && chmod a+x InstallNET.sh
wget --no-check-certificate -qO InstallNET.sh 'https://gitee.com/mb9e8j2/Tools/raw/master/Linux_reinstall/InstallNET.sh' && chmod a+x InstallNET.sh
bash InstallNET.sh -debian
bash InstallNET.sh -ubuntu
bash InstallNET.sh -centos
bash InstallNET.sh -windows
bash InstallNET.sh -windows10
bash InstallNET.sh -windows2022
bash InstallNET.sh -windows2012
nano /etc/hostname
nano /etc/hosts
sudo chattr +i /etc/hosts
sudo chattr -i /etc/hosts
ssh-keygen -t ed25519
nano ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
nano /etc/ssh/sshd_config
sudo systemctl restart ssh
su -
nano /etc/ssh/sshd_config
sudo systemctl restart ssh
nano /etc/pam.d/gdm-password
auth required pam_succeed_if.so user != root quiet_success
nano /etc/apt/sources.list
locale
sudo apt-get update
sudo apt-get install locales
sudo dpkg-reconfigure locales
sudo update-locale LANG=zh_CN.UTF-8
sudo apt-get install fonts-wqy-zenhei
nano ~/.bashrc
nano ~/.profile
rm ~/.bashrc
nano ~/.bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color|*-256color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
#alias grep='grep --color=auto'
#alias fgrep='fgrep --color=auto'
#alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
sudo apt-get update
sudo apt-get install ufw
sudo ufw allow 22
sudo ufw allow 22/tcp
sudo ufw allow 22/udp
sudo ufw allow from 10.0.0.0/8 to any port 22
sudo ufw allow from 10.0.0.0/8 to any port 22/tcp
sudo ufw allow from 10.0.0.0/8 to any port 22/udp
sudo ufw allow from any to {server IP} port 22
sudo ufw allow proto tcp from any to {server IP} port 22
sudo ufw allow proto udp from any to {server IP} port 22
sudo ufw enable
sudo ufw status
sudo ufw status numbered
sudo ufw delete 1
sudo ufw reload
nano /etc/resolv.conf
bash <(curl -fsSL git.io/warp.sh) menu
apt update && apt install -y iptables
systemctl restart wg-quick@wgcf