Oops, the server can't log in and toss about it

Subtitle: Record a server restart application recovery process

Sorting out the entire process of server error operations is a review of my own ✍️

This article can learn:

1. SSH password-free login server simple configuration
2. sshd port view and modification
3. Elixir + Phoenix service online operation
4. How to check the startup items of Linux (which services will automatically restart after the server restarts)
5. Introduction to systemctl

Background🚦

The application on my cloud server has been running very stable, but I haven't taken care of it for a long time. Recently, I received a security reminder from Tencent Cloud that the server has high-risk vulnerabilities and needs to be dealt with.

After 🚜

Because the application is too stable (the number of visits is very small 🤷🏻‍♀️) I haven't logged in to the server for a long time. First, the local terminal ssh connected to the server and found that it was rejected. Then I tried to log in using the ssh standard method from Tencent Cloud's webpage, but was rejected 🐣.

I thought the password was wrong, so I chose to restart the server to change the password on the Tencent Cloud server instance. (The beginning of the wrong operation 😿)

The restart is quite fast, only seven or eight seconds, but I found that I still can't log in, so I started to brainstorm, and I won't be hacked, right?

Then I chose the second login method provided by Tencent Cloud. I checked the document and found that the default username is not root, but ubuntu

After entering the server, first determine whether the ssh sshd service is started

View sshd status

service sshd status

I found that the sshd service is running normally, but why can’t I log in ❓

Suddenly thought that there may be a problem with the local ssh configuration

Check the ~/.ssh/config file and find that the previous configuration is gone, and it is even right. Recently, I changed the computer. This configuration is not handled... 😭

Configure ssh

Reconfigure ~/.ssh/config

Add similar content

Host 这里自定义个字符串
    HostName IP地址
    User 用户名
    Port 端口号

The IP address can be found from the console of the cloud service.

It suddenly occurred to me that the default ubuntu account has a lot of permissions. I seem to have created an account management application with a smaller permission, but I can’t remember the user name. Please check again 🙈.

See which users are on the server

cat /etc/passwd

Find the user created before.

Oh, I remembered it again. I seem to have changed the default port of ssh. The default port is not safe, so I changed it to another 🐶.

This is why the web version cannot log in, the default port of the web version is 22 🙈

View ssh port configuration

vi /etc/ssh/sshd_config

or

View the ssh service port directly

netstat -tnlp | grep sshd

Well, we have found all the content needed in ~/.ssh/config

One more step is to add your local ssh public key to the server's authorization list, and you can log in without password in the future.

vi ~/.ssh/authorized_keys

The server can log in normally. But after a visit, I found that the application is still hanging 🐤.

Restore application

My small application is a backend developed by Elixir + Phoenix, and the database uses PostgreSQL

Check the status of nginx

service nginx status

View the status of PostgreSQL

service postgresql status

The database service is found to be running normally.

Restart elixir + Phoenix application

Put the application in the www of the user's home folder, find the application onePiece (this small service is related to One Piece), enter the bin folder, there is an executable file onePiece

# 查看帮助
./onePiece help

# ping 应用 
./onePiece ping

# 启动应用
./onePiece start

Then the application started normally ☠️ ⛵️ ⚓️ 🏝

Vulnerability patch

This is the purpose of logging into the server at the beginning... 😹

Tencent Cloud is doing quite well here, and the software commands that need to be upgraded will be given in the vulnerability details. Just execute according to the order.

systemctl 🎈

During this process, I have a question 🤔, nginx , sshd , postgresql restart the server, will they automatically restart? How to check the startup items of the server?

When searching for information, I found systemctl

View the services that can be managed using systemctl

systemctl list-unit-files

View startup items

ls /etc/systemd/system/multi-user.target.wants/

From the results of this command, you can see that the nginx , sshd , postgresql servers that I had questions before will start by default when they restart.

Add a service to boot

systemctl enable httpd

The difference between systemctl and service commands

service command to restart the service and view the service status, but I can also use the systemctl command to manage it.

What is the difference between the two? simply put:

• systemctl is a new generation of Linux system startup and management commands compared to service
• systemctl command is compatible with service
• The command format is not the same. systemctl is the service name at the end systemctl status httpd

systemctl just Systemd . In fact, there are more, including checking server time, logging in users, startup time, etc. For details, please refer to Ruan Yifeng’s blog post:

Systemd Getting Started Tutorial: Command

Systemd Getting Started Tutorial: Practical

Summary 👉

The original purpose was to go to the server to fix the loopholes. As a result, I didn't log in to the server for a long time, and I was unfamiliar with it. However, I learned some new knowledge during the whole process.

I still have a lot of things I don't understand in operation and maintenance, and I will study hard later.

Recording this article is also scared, if I forget it again and again ☠️ 🙈 🐣 🧶 🤪.