思科N3K使用非思科光模块报错 作者: A diligent City lion 时间: 2020-05-13 分类: 思科 评论 因思科网络设备是不允许使用非思科标配的光模块,所以不兼容报错。 解决方法: 进入端口配置模式,输入以下命令即可解决: ``` CISCO(int-conf)service unsupported-transceiver ``` 保存配置。
将 RouterOS 设置成家庭内网 SSH 跳板 作者: A diligent City lion 时间: 2020-05-08 分类: ROS 评论 最近又开始了异地工作和生活, 对我来说能随时管理家庭内网又成了比较重要的事。 (否则就浪费了近 100mbps 的上行?) 内网部分设备开启了 SSH 服务, 常见的方案就是利用路由器做“跳板”, 会比直接 dst-nat 到特定的 SSH 端口要“相对”更安全。 我使用的是 RouterOS (下称 ROS ), 下面来看看如何配置—— 首先当然是准备公钥登录。 我们希望为跳板机使用独立的密钥对, 假设你已将其生成对并安全地存放于本地 `~/.ssh/id_rsa_bastion `。 请将其通过 WebFig 或 Winbox 上传至 ROS 存储区。 自 6.31rc10 之后 ROS 终于支持了 RSA 密钥, 因此建议放弃 DSA 并至少使用 RSA 2048 强度。 然后确保你在 ROS 开启了 SSH 服务并提升了安全要求: ``` /ip service enable ssh /ip ssh set strong-crypto=yes ``` 当然,很重要地, 请别忘了允许 SSH 转发: 需注意的是若之前曾将此项设为 yes 的话, 则之前某次 ROS 版本升级曾将其改为 remote, 这是很多人(包括我)一开始失败的原因。 具体配置项含义请参考官网。 ``` /ip ssh set forwarding-enabled=local ``` 现在可以先用现有账号 SSH 尝试登录试试。 若成功, 我们继续为跳板机新建一个仅有 SSH 权限的用户组, 如名叫 ssh_bastion : ``` /user group add name="ssh_bastion" policy=ssh,!local,!telnet,!ftp,!reboot,!read,!write,!policy,!test,!winbox,!password,!web,!sniff,!sensitive,!api,!romon,!dude,!tikapp /user add ``` 跟着交互式命令行我们增加一个用户,如 joe_black , 将其加入刚建立的 ssh_bastion 组, 并为其导入之前已上传的公钥: ``` /user ssh-keys import public-key-file=id_rsa_ehome.pub user=chappell ``` 最后我们修改 ~/.ssh/config 配置: ``` Host 1.home HostName 1.0.0.1 Host 2.home HostName 1.0.0.2 Host *.home ProxyJump bastion ForwardAgent no IdentityFile ~/.ssh/id_ed25519_home Host home.bastion HostName ddns.example.tld User joe_black IdentityFile ~/.ssh/id_rsa_bastion Host * PubkeyAuthentication yes ``` 重新进行连接测试: ``` ssh 1.home -vvv ``` ROS 的 SSH 服务和 User 权限还可以增加 IP 段限制, 比如可以限定仅接受来自某些公网 IP 的访问来提升安全, 但终究仍让人觉得不够强大。
思科交换机强制初始化密码 作者: A diligent City lion 时间: 2020-04-20 分类: 思科 评论 打开超级终端,关闭交换机; 超级终端设置:Baud Rate: 9600,Data bits: 8,Parity: None,Stop bits: 1,Flow control: None MDS SWITCH SW1 LOGIN: 2009 OCT 15 11:19:06 SW1 %PLATFORM-2-PS_FAIL: POWER SUPPLY 2 FAILED OR SHUTDOWN (SERIAL NUMBER PAC12113050) 打开交换机电源 >> MDS-Bootloader-01.00.06 (Feb 7 2007 - 19:22:57) (MPC8541E) CPU: 8541, Version: 1.1, (0x807a0011) Core: E500, Version: 2.0, (0x80200020) Clock Configuration: CPU: 999 MHz, CCB: 333 MHz, DDR: 166 MHz, LBC: 41 MHz L1: D-cache 32 kB enabled I-cache 32 kB enabled INFO: Booting off primary flash. I2C: ready DRAM: DRAM: Total SDRAM memory is 512 MB 20000000 INFO: SDRAM tests PASSED. DRAM: ECC initialization in progress...Done. INFO: Board rev = 4 type = 4 index 9032 L2 cache 256KB: enabled IDE: Bus 0: OK Device 0: Model: SILICONSYSTEMS INC 256MB Firm: Ser#: 028TTS7DSt703SC02061 Type: Hard Disk Capacity: 248.5 MB = 0.2 GB (508928 x 512) Booting bootflash:/m9100-s2ek9-kickstart-mz.3.2.1a.bin ... ............. Automatic boot of image at addr 0x00000000 ... Starting kernel... INIT: version 2.78 booting Checking all filesystems..... done. Loading system software **在此处按住ctrl+]交换机进入boot模式** INIT: Switching to runlevel: 1 IStopping kernel log daemon: klogd. Sending all processes the TERM signal... done. ^]Sending all processes the KILL signal... done. Entering single-user mode... INIT: Going single user INIT: Sending processes the TERM signal Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software may be covered under the GNU Public License or the GNU Lesser General Public License. A copy of each such license is available at switch(boot)# conf t **进入配置模式** Enter configuration commands, one per line. End with CNTL/Z. switch(boot)(config)# admin-password p@ssw0rd123 **修改admin的密码** PAM_unix[611]: Password for admin was changed switch(boot)(config)# exit **退出配置模式** switch(boot)# dir **显示bootflash的文件** 12288 Jun 20 16:34:23 2008 lost+found/ 14675456 Jun 20 16:35:38 2008 m9100-s2ek9-kickstart-mz.3.2.1a.bin 64707517 Jun 20 16:37:27 2008 m9100-s2ek9-mz.3.2.1a.bin Usage for bootflash: filesystem 83921920 bytes total used 70132736 bytes free 162455552 bytes available switch(boot)# load bootflash:m9100-s2ek9-mz.3.2.1a.bin **加载引导系统文件** Uncompressing system image: bootflash:/m9100-s2ek9-mz.3.2.1a.bin CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC INIT: Switching to runlevel: 3 INIT: Sending processes the TERM signal Iwitch(boot)# **等待交换机加载完毕出现登录提示** MDS Switch 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-PS_OK: Power supply 1 ok (Serial number PAC12213255) 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-PS_FANOK: Fan in Power supply 1 ok 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-PS_OK: Power supply 2 ok (Serial number PAC12113050) 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-PS_FANOK: Fan in Power supply 2 ok 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-FAN_OK: Fan module ok 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-FAN_OK: Fan module ok 2009 Oct 15 11:24:12 sw1 %PLATFORM-2-FAN_OK: Fan module ok sw1 login: admin Password: Cisco Storage Area Networking Operating System (SAN-OS) Software TAC support: http://www.cisco.com/tac Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved. The copyrights to certain works contained herein are owned by other third parties and are used and distributed under license. Some parts of this software may be covered under the GNU Public License or the GNU Lesser General Public License. A copy of each such license is available at sw1# show run **查看原有配置信息** version 3.2(1a) fcdomain domain 10 static vsan 1 fcdomain fcid database no system default switchport shutdown interface fc1/1 interface fc1/2 interface fc1/3 interface fc1/4 interface fc1/5 interface fc1/6 interface fc1/7 interface fc1/8 interface fc1/9 interface fc1/10 interface fc1/11 interface fc1/12 interface fc1/13 interface fc1/14 interface fc1/15 interface fc1/16 interface fc1/17 interface fc1/18 interface fc1/19 interface fc1/20 interface fc1/21 interface fc1/22 interface fc1/23 interface fc1/24 switchname sw1 role name default-role description This is a system defined role and applies to all users rule 1 permit show feature system rule 2 permit show feature snmp rule 3 permit show feature module rule 4 permit show feature hardware rule 5 permit show feature environment username admin password 5 $1$a3GxWVbH$K2i14D0BtT.pblnI01NBo1 role network-admin boot kickstart bootflash:/m9100-s2ek9-kickstart-mz.3.2.1a.bin boot system bootflash:/m9100-s2ek9-mz.3.2.1a.bin kernel core target 0.0.0.0 kernel core limit 1 snmp-server user admin network-admin auth md5 0xec3eccab3709e80dde17d3151b8ab5d9 priv 0xec3eccab3709e80dde17d3151b8ab5d9 localizedkey no snmp-server enable traps vrrp snmp-server enable traps license callhome zone name crmdb1_HBA1_DMX3_4a vsan 1 zone name crmdb1_HBA4_DMX3_13a vsan 1 zone name crmdb2_HBA1_DMX3_4a vsan 1 zone name crmdb2_HBA4_DMX3_13a vsan 1 zoneset name sw1 vsan 1 zoneset activate name sw1 vsan 1 interface fc1/1 port-license acquire no shutdown interface fc1/2 port-license acquire no shutdown interface fc1/3 port-license acquire no shutdown interface fc1/4 port-license acquire no shutdown interface fc1/5 port-license acquire no shutdown interface fc1/6 port-license acquire no shutdown interface fc1/7 port-license acquire no shutdown interface fc1/8 port-license acquire no shutdown interface fc1/9 interface fc1/10 interface fc1/11 interface fc1/12 interface fc1/13 interface fc1/14 interface fc1/15 interface fc1/16 interface fc1/17 interface fc1/18 interface fc1/19 interface fc1/20 interface fc1/21 interface fc1/22 interface fc1/23 interface fc1/24 interface mgmt0 switchport speed 100 ip address 192.168.11.1 255.255.255.0 sw1# copy running-config startup-config [########################################] 100% **确认后将更改的密码保存退出**
Chevereto及Typecho使用CDN后获取用户真实IP 作者: A diligent City lion 时间: 2020-03-30 分类: 评论 前言 因为CDN这类加速服务是通过反向代理实现的,故只能通过HTTP_X_FORWARDED_FOR,而不能通过REMOTE_ADDR获取客户端IP。 修改方法 打开config.inc.php文件,在最下方输入以下代码: //防止 CDN 造成无法获取客户真实 IP 地址 if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $list = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']); $_SERVER['REMOTE_ADDR'] = $list[0]; } 其他网站程序也是打开类似的配置文件输入上面的代码,比如chevereto图床程序是/app/settings.php 版权属于:zeruns(除特别注明外) 本文链接:https://blog.zeruns.tech/archives/414.html
KVM虚拟化安装OpenWRT 作者: A diligent City lion 时间: 2020-03-21 分类: Centos 评论 OpenWRT 有 X86_64 的版本,可以安装在 KVM 虚拟化平台上 OpenWRT 系统下载地址: https://downloads.openwrt.org/releases/19.07.0/targets/x86/64/openwrt-19.07.0-x86-64-combined-ext4.img.gz 解压后导入到 KVM `gunzip openwrt-19.07.0-x86-64-combined-ext4.img.gz` `virt-install --name=openwrt --vcpus=1 --ram=512 --os-type=linux --disk path=/kvm/disk/openwrt.img,bus=ide --autostart --network bridge=br0,model=e1000 --import --noautoconsole --graphics vnc,listen=0.0.0.0,password=000000` 安装完成后用 VNC 登录设置 root 用户密码和查看 IP 地址,如果是桥接网络,可以设置 lan 口自动获取IP # /etc/config/network config interface 'lan' option ifname 'eth0' option proto 'dhcp' 然后重启系统