安全配置

新建用户

sudo useradd -m -s /bin/bash \
  -G users,sudo \
  arick
  
sudo passwd arick
  
  
cp -r ~{admin,arick}/.ssh
chown -R arick:arick ~arick/.ssh/

sudo bash -c 'echo -e "\numask 077" >> /etc/profile'

ssh

WireGuard vpn 的使用

sudo mkdir -p /etc/wireguard
sudo sh -c 'wg genkey | tee /etc/wireguard/private_key | wg pubkey > /etc/wireguard/public_key'

/etc/wireguard/wg0.conf

[Interface]
Address = 192.168.50.2/24
PrivateKey = <THE PRIVATE KEY>
ListenPort = 12345

[Peer]
PublicKey = u8Uo3ab+psKeOpciUIaNuBulNrOCXrU8GN3yD06/0WM=
AllowedIPs = 192.168.50.1/32

请不要忘记打开WireGuard的UDP端口。

systemctl start wg-quick@wg0

防火墙