1、添加用户#adduseradduserXXX#Attachtowheelgroupgpasswd-aXXXwheel2、SSH配置主要修改/etc/ssh/sshd_config文件1、关闭root远程登录PermitRootLoginno2。添加证书登录//生成密钥ssh-keygen-trsa//至于自制的公钥数据,放在用户家目录的.ssh/authorized_keysRSAAuthenticationyesPubkeyAuthenticationyes3.禁用密码登录PasswordAuthenticationyes->no3.Ssocks配置1.安装Pip$sudocurlhttps://bootstrap.pypa.io/get-pip.py-oget-pip.pySsocks$sudopipinstallshadowsocks相关库$sudopipinstallM2Crypto$sudopipinstallgevent2。添加相应的配置文件\etc\shadowsocks\example。json{"server":"my_server_ip","server_port":8388,"local_address":"127.0.0.1","local_port":1080,"password":"mypassword","timeout":300,"method":“aes-256-cfb”,“fast_open”:false,“workers”:1,“prefer_ipv6”:false}3。配置启动服务文件\usr\lib\systemd\system\shadowsocks-server@.service[Unit]Description=ShadowsocksServerServiceAfter=network.target[Service]Type=simpleUser=nobodyExecStart=/usr/bin/ssserver-c/etc/shadowsocks/%i.json[Install]WantedBy=multi-user.target4.启动服务$sudosystemctlstartshadowsocks-server@example$sudosystemctlenableshadowsocks-server@example4.启动防火墙并添加策略1.启动服务启动服务时系统启动:$sudosystemctlstartfirewalld$sudosystemctlenablefirewalld2。添加策略//SSH和SS端口$sudofirewall-cmd--zone=public--add-port=12345/tcp--permanent3。重启防火墙$sudofirewall-cmd--reload
