id_rsa加密码和移除密码
记得先备份异地存储好原来的id_rsa
增加密码
openssl rsa -aes256 -in id_rsa -out encrypted.id_rsa
移除密码
openssl rsa -in encrypted.id_rsa -out unencrypted.id_rsa
id_rsa文件需要400的权限, 否则不能使用.
记得先备份异地存储好原来的id_rsa
增加密码
openssl rsa -aes256 -in id_rsa -out encrypted.id_rsa
移除密码
openssl rsa -in encrypted.id_rsa -out unencrypted.id_rsa
id_rsa文件需要400的权限, 否则不能使用.
系统:centos7.x
内核要求:>3.10 (uname -r)
1.服务端安装(推荐linux)
以下三种方式,任选其一
Method 1: a signed module is available as built-in to CentOS's kernel-plus:
$ sudo yum install yum-utils epel-release $ sudo yum-config-manager --setopt=centosplus.includepkgs=kernel-plus --enablerepo=centosplus --save $ sudo sed -e 's/^DEFAULTKERNEL=kernel$/DEFAULTKERNEL=kernel-plus/' -i /etc/sysconfig/kernel $ sudo yum install kernel-plus wireguard-tools $ sudo reboot
Method 2: users wishing to stick with the standard kernel may use ELRepo's pre-built module:
$ sudo yum install epel-release elrepo-release $ sudo yum install yum-plugin-elrepo $ sudo yum install kmod-wireguard wireguard-tools
Method 3: users running non-standard kernels may wish to use the DKMS package instead:
$ sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm $ sudo curl -o /etc/yum.repos.d/jdoss-wireguard-epel-7.repo https://copr.fedorainfracloud.org/coprs/jdoss/wireguard/repo/epel-7/jdoss-wireguard-epel-7.repo $ sudo yum install wireguard-dkms wireguard-tools
从毛子网站上cpopy过来的
https://wiki.colobridge.net/%D0%BF%D0%BE%D0%BB%D0%B5%D0%B7%D0%BD%D0%BE%D0%B5/%D1%81%D0%BE%D0%B2%D0%B5%D1%82%D1%8B/%D1%88%D0%BF%D0%B0%D1%80%D0%B3%D0%B0%D0%BB%D0%BA%D0%B0_%D0%BF%D0%BE_megacli
几个常用的命令:
1、查看时钟频率,可查看 arm, core, h264, isp, v3d, uart, pwm, emmc, pixel, vec, hdmi, dpi 的频率
vcgencmd measure_clock <clock>
例如:
pi@raspberrypi:~ $ vcgencmd measure_clock arm frequency(45)=600000000 pi@raspberrypi:~ $ vcgencmd measure_clock core frequency(1)=250000000
2、查看硬件电压,可查看core, sdram_c, sdram_p 的电压
vcgencmd measure_volts <id>
例如:
pi@raspberrypi:~ $ vcgencmd measure_volts core volt=1.2000V pi@raspberrypi:~ $ vcgencmd measure_volts sdram_c volt=1.2500V
3、查看 BCM2835 Soc 温度
vcgencmd measure_temp
wpa_supplicant
是一个连接、配置WIFI
的工具,它主要包含wpa_supplicant
与wpa_cli
两个程序。通常情况下,可以通过wpa_cli
来进行WIFI
的配置与连接,如果有特殊的需要,可以编写应用程序直接调用wpa_supplicant
的接口直接开发。
ssh root@服务器IP地址 -p服务器端口号 -b 本地IP地址
多个网卡的情况下,需要走不同的网关出去, 以及白名单限制IP的情况, 指定连接IP可以省下麻烦的配置更改问题.
公网端:
socat TCP4-LISTEN:转发端口 TCP4-LISTEN:公网服务端口
socat TCP4:公网IP:转发端口 TCP4:127.0.0.1:内网服务端口
例如内网22端口, 公网转发端口 3333, 转发端口3334(公网IP接收内网IP数据的端口)
这时候连接方法 就是 ssh root@公网IP -p 3333 就连接上了内网服务器的22端口.
通俗讲就是: 内网机器通过公网IP的3333端口进行握手连接通信, 客户端透过公网的3333端口桥接到了内网机器的22端口.
PS:这里的内网指的是靠nat联网没有独立IP的网络设备.
socat虽然简单, 但握手中断后无法自动重新连接, 仅用于临时或者两端有监控脚本的运行方式能应急使用.
最近在弄树莓派内网透传串口的解决方案.
成本列表: Zero-w是找基友白piao的, Mcuzone 单网口网络扩展板(扩展板49.99,CNC外壳50).
到手使用体验效果一般, 扩展板挺好的,,顶针的供电和通信的设计把zero-w用螺丝固定上去就可以了.
扩展板的tpye-c供电也非常不错, 方便不用准备一堆的线束.
3个USB-A口, 1一个10/100Mbps的RJ45口.
两micro-usb+一个tpye-c的供电口, 可以实现不断电切换和外挂 充电宝方案, 这个比较实在.
50块钱的壳子比较掉价, 设计上比较欠缺, 8颗螺丝忒长了, 两面的挡板全是毛刺, 直接买亚克力的就行了.
装机运行后SOC温度在50左右.(没有散热风扇也没有加散热片)
目前先搞系统配置方案, 后期购入 Zero 4GLTE CAT1的扩展板再折腾下.
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p
apt -y install mtr tcpdump iftop kpartx ipmitool dnsutils ddrescue autossh whois unzip wget vim-conque golang git htpdate
cd /tmp
VERSION=$(curl -Ss https://api.github.com/repos/fatedier/frp/releases/latest |grep tag_name|grep -Po '[0-9]+\.[0-9]+\.[0-9]+.*(?=")')
#wget $(curl -Ss https://api.github.com/repos/fatedier/frp/releases/latest |grep browser_download_url|grep linux_arm| cut -d '"' -f 4) -O - | tar xz
wget https://github.com/fatedier/frp/releases/download/v${VERSION}/frp_${VERSION}_linux_arm.tar.gz -O - | tar xz
cd frp_*_linux_arm
mkdir /etc/frp
sed -i 's/network.target/network.target ntpdate.service/g' systemd/frp{c,s}.service
install frp{c,s} /usr/bin/
install systemd/frp{c,s}.service /usr/lib/systemd/system/
install frp{c,s}.ini /etc/frp/
systemctl daemon-reload
systemctl enable frpc.service
systemctl start frpc.service
systemctl status frpc.service
frpc.ini配置为默认.
附:
stream {
server {
listen 3501;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB0;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
server {
listen 3502;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB1;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
}
通过frp可以直接把串口丢到公网上去, 直接用telnet登陆进入串口.
telnet 公网IP 端口
frp和nginx主要做转发方案, 其他的还有隧道内网方案, 但基于没有独立IP的情况涉及第三方服务器服务, 像wireguard/ZeroTier/花生壳/蒲公英等等, 由于精力有限这里就暂时不涉及了. .
本文为草稿, 未完待续.
sed -i 's/#GatewayPorts no/GatewayPorts yes/g' /etc/ssh/sshd_config service sshd restart
yum install autossh -y -q
在内网主机 A 上,利用 AutoSSH 建立一条 SSH 隧道
autossh -M 4010 -NR 80:localhost:4000 username@Remote-Public-Server (-p PORT) ~/.ssh/id_rsa
参数解释:
“-M 4010”意思是使用内网主机 A 的 4010 端口监视 SSH 连接状态,连接出问题了会自动重连
“ -N”意思是不执行远程命令
“-R”意思是将远程主机(公网主机 B)的某个端口转发到本地指定机器的指定端口
can解释:
“80:localhost:4000”意思是将内网主机 A 的 4000 号端口转发至公网主机 B 的 80 号端口上
“[email protected]”意思是公网主机 B 的用户名和 IP
“-p xxxx”意思是公网主机 B 的 SSH 端口,如果是默认的 22 号端口,则可以不输入.
-f:SSH客户端在后台运行。
-C:压缩数据传输。
-N:仅做端口转发。
正向代理(-L):相当于iptable 的port forwarding.
反向代理(-R):相当于frp 或者ngrok.
socks5 代理(-D):相当于ss.
============================================================
$ cat ~/.ssh/config Host Public-Server HostName Remote-Public-Server-IP User USERNAME Port 22 IdentityFile ~/.ssh/id_rsa LocalForward 80 localhost:4000 ServerAliveInterval 30 ServerAliveCountMax 3
autossh -M 4010 -NR Public-Server ssh -M 0 -f -T -N Public-Server
#cat /lib/systemd/system/autossh.service [Unit] Description=autossh Wants=network-online.target After=network-online.target [Service] Type=simple User=autossh EnvironmentFile=/etc/default/autossh ExecStart= ExecStart=/usr/bin/autossh $SSH_OPTIONS Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
$ cat /etc/default/autossh AUTOSSH_POLL=60 AUTOSSH_FIRST_POLL=30 AUTOSSH_GATETIME=0 AUTOSSH_PORT=22000 SSH_OPTIONS="-N -R 2222:localhost:22 example.com -i /home/autossh/.ssh/id_rsa"
systemctl daemon-reload systemctl enable autossh systemctl start autossh
直接ssh进行跳板连接转发
ssh -N -T -L Public-server-Port:<local server Host>:local-server-PORT USER@Remote-Public-Server
最近在弄远程访问串口以及一些项目, 很早前就知道有frp这个东西, 但是一直没用过.
主要是centos7安装部署, debian安装过程差不多,稍微变通一下.
frp分为公网端(frps)和内网端(frpc), 桌面端通过公网端的IP进入内网.
由于一般只运行一个端, 所以下面的配置全表以frp进行命名.
yum install epel-release -y -q yum install golang git wget -y -q git clone https://github.com/fatedier/frp cd frp export GO111MODULE=on export GOPROXY=https://goproxy.io make #由于一般只运行一个端, 下面的配置全表以frp进行命名, 所以此处的install根据情况选择一个进行使用. #install bin/frps /usr/bin/frp #install bin/frpc /usr/bin/frp
cat >/etc/frp.conf<<EOF [common] bind_addr = 0.0.0.0 bind_port = 7000 vhost_http_port = 8000 vhost_https_port = 8001 dashboard_port = 7500 privilege_token = 123456 dashboard_user = ubuntu dashboard_pwd = 123 log_file = /var/log/frps.log log_level = info log_max_days = 3 max_pool_count = 5 authentication_timeout = 900 tcp_mux = true EOF
cat >/etc/frp.conf<<EOF [common] server_addr = 服务器域名 server_port = 7000 # for authentication privilege_token = 12345678 #if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:[email protected]:8080 # http_proxy = socks5://user:[email protected]:1080 # console or real logFile path like ./frpc.log #log_file = /var/log/frpc.log # trace, debug, info, warn, error log_level = debug log_max_days = 3 #启用压缩 use_compression = true login_fail_exit = false [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 2200 #http代理 [HTTP] type = http local_ip = 127.0.0.1 local_port = 8080 #自己的域名 custom_domains = xxxx remote_port = 800 EOF
frps -c /etc/frp.conf #启动公网服务端 frpc -c /etc/frc.conf #启动内网端
cat>/lib/systemd/system/frp.service<<EOF [Unit] Description=fraps service After=network.target syslog.target Wants=network.target [Service] Type=simple ExecStart=/usr/bin/frp -c /etc/frp.conf [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable frps systemctl start frps
=============================
apt install supervisor -y cat>/etc/supervisor/conf.d/frp.conf<<EOF [program:frp] command = /usr/bin/frp -c /etc/frp.conf autostart = true EOF systemctl restart supervisor
systemctl services 配置文件
cat>/usr/lib/systemd/system/frpc.service<<EOF
[Unit]
Description=Frp Client Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
[Install]
WantedBy=multi-user.target
EOF
cat>/usr/lib/systemd/system/[email protected]<<EOF
[Unit]
Description=Frp Client Service
After=network.target
[Service]
Type=idle
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/%i.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/%i.ini
[Install]
WantedBy=multi-user.target
cat> /usr/lib/systemd/system/[email protected]
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/%i.ini
[Install]
WantedBy=multi-user.target
EOF
cat>/usr/lib/systemd/system/frps.service<<EOF
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
[Install]
WantedBy=multi-user.target
EOF
思科的隧道默认是gre模式, 用tunnel mode ipip可以选择ipip模式
interface Tunnel0 ip address 172.16.1.1 255.255.255.0 ip tcp adjust-mss 1420 tunnel source 10.23.30.1 #tunnel mode ipip tunnel destination 10.23.30.206
linux下的操作: modprobe ip_gre iptunnel add tun0 mode gre remote 10.23.30.1 local 10.23.30.206 ttl 225 ifconfig tun0 172.16.1.2/24 ifconfig tun0 up ifconfig tun0 pointopoint 172.16.1.1 ifconfig tun0 multicast
思科隧道能玩的参数大致如下
tunnel bandwidth tunnel checksum tunnel destination tunnel endpoint service-policy output tunnel entropy tunnel key tunnel mode tunnel path-mtu-discovery tunnel rbscp ack_split tunnel rbscp delay tunnel rbscp input_drop tunnel rbscp long_drop tunnel rbscp report tunnel rbscp window_stuff tunnel route-via tunnel sequence-datagrams tunnel source tunnel tos tunnel ttl tunnel vrftunnel bandwidth tunnel checksum tunnel destination tunnel endpoint service-policy output tunnel entropy tunnel key tunnel mode tunnel path-mtu-discovery tunnel rbscp ack_split tunnel rbscp delay tunnel rbscp input_drop tunnel rbscp long_drop tunnel rbscp report tunnel rbscp window_stuff tunnel route-via tunnel sequence-datagrams tunnel source tunnel tos tunnel ttl tunnel vrf
interface g0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 99 switchport trunk allowed vlan 1-100,111
Sw1(confit-if)#switchport access vlan 30 Sw1(confit-if)#switchport mode dotlq-tunnel Q-in-Q switchport trunk encapsulation [dot1q | isl]
https://github.com/robcowart/elastiflow
https://hub.docker.com/r/elastiflow/flow-collector