Skip to content



initial start

首先在本地新建 ssh key,

ssh-keygen -t [rsa | ed25519 | ecdsa | dsa]

ssh 常见 key 格式

参考 更新SSH key为Ed25519

  • DSA: 不安全
  • RSA: 安全性依赖于key的大小,3072位或4096位的key是安全的,小于此大小的key可能需要升级一下,1024位的key已经被认为不安全。
  • ECDSA: 安全性取决于你的计算机生成随机数的能力,该随机数将用于创建签名,ECDSA使用的NIST曲线也存在可信赖性问题。
  • Ed25519: 目前最推荐的公钥算法

然后会在本地生成 ~/.ssh 文件夹。

  • 秘钥(~/.ssh/id_rsa): sensitive and important!!
  • 公钥(~/.ssh/ contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone.
  • 公钥授权文件(~/.ssh/authorized_keys)

将登录端的 内容复制到服务器端的 authorized_keys 文件中即可。除了手动复制,也可以通过命令行,如

$ ssh-copy-id -p 30013 weiya@
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
weiya@'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '30013' 'weiya@'"
and check to make sure that only the key(s) you wanted were added.


对于 AWS,登录需要使用 .pem 文件,即

$ ssh -i YourKey.pem user@host


$ scp -i YourKey.pem YourFile user@host:~/YourFile

two consecutive ssh

$ ssh -t user@A ssh user@B

where -t avoid the warning that

Pseudo-terminal will not be allocated because stdin is not a terminal.

which would freeze the session.

If the usernames are the same, the second username can be omitted.

The port forwarding would be more clear. For example, open a jupyter session on node B, whose login node is A, then access the jupyter in the local browser after running

$ ssh -t -L 28888:localhost:8888 user@A ssh -L 8888:localhost:8888 user@B

ssh until succeed

$ until ./; do sleep 5; done

refer to How to run ssh command until succeeded?

config file

Although it would be convenient to write a simple script to avoid to type the account and hostname, it would be annoying when using scp. It is still possible to define custom functions such as scp_to_xxx or scp_from_xxx, but too many functions might be confusing and forget the detailed definitions.

Maybe we can try to write a config file (refer to Configuring your favourite hosts in SSH), in which we can define an alias for a hostname, and also specify the username, e.g., after defining

Host XX
User weiya

then I can just type ssh XX to access this server, and scp would also be much simpler, scp file XX:~/. More importantly, we can use tab-complete when entering the path, which cannot be enabled by custom functions scp_to_xx.


On the rocky server, it throws,

Bad owner or permissions on ~/.ssh/config
although the personal PC works well with same permission -rw-rw-r--. Refer to ssh returns “Bad owner or permissions on ~/.ssh/config”, change the permission
$ chmod 600 ~/.ssh/config
that is, -rw-------.

run GUI remotely/locally

weiya@T460p:~$ ssh weiya@G40
weiya@G40:~$ export DISPLAY=:0
weiya@G40:~$ firefox

如果不通过第二行来设置 DISPLAY,则会报错,

Error: no DISPLAY environment variable specified

另外 :0 可以通过在服务器端运行

weiya@G40:~$ w
 20:29:30 up 10:01,  2 users,  load average: 1.53, 1.42, 1.40
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
weiya    :0       :0               10:28   ?xdm?  22:24   0.00s /usr/lib/gdm3/gdm-x-session --run-script env GNOME

进行查看,其中 FROM 栏下的 :0 即为当前 display 号码。

参考 How to start a GUI software on a remote Linux PC via SSH

如果想要在本地运行服务器端的 GUI 程序,即将服务器端的窗口发送到本地,则登录时需要加上 -X 选项,

ssh -X

To speed up the GUI loading if necessary, try to enable compression, -C, refer to Why is Firefox so slow over SSH? - Unix & Linux Stack Exchange


  • scp a file with name including colon

add ./ before the file, since it will interpret colon x: as [user@]host prefix even if the filename has been wrapped with ".

refer to How can I scp a file with a colon in the file name?

SeverAliveInterval and ClientAliveInterval

  • SeverAliveInterval and SeverAliveCountMax are set on the client side, i.e., ~/.ssh/config
  • ClientAliveInterval and ClientAliveCountMax are set on the server side, i.e., /etc/ssh/sshd_config

refer to What do options ServerAliveInterval and ClientAliveInterval in sshd_config do exactly?

安装 spark

在内地云主机上,官网下载地址 还没 5 秒就中断了,然后找到了清华的镜像


顺带学习了 wget 重新下载 -c 和重复尝试 -t 0 的选项。

upgrade Java 7 to Java 8:

最近 oracle 更改了 license,导致 ppa 都用不了了


而且第一次听说 update-alternatives 命令,有点类似更改默认程序的感觉。

接着按照 official documentation 进行学习

腾讯云服务器nginx failed

原因:80端口被占用 解决方法:kill掉占用80端口的

sudo fuser -k 80/tcp


sudo /etc/init.d/nginx restart



参考How to reinstall nginx if I deleted /etc/nginx folder (Ubuntu 14.04)?


apt-get purge nginx nginx-common nginx-full
apt-get install nginx

注意用 purge 不会保存配置文件,而 remove 会保存配置文件。

CentOS 7

想直接在服务器上用 Julia 的 PGFPlotsX 画图,因为默认会弹出画好的 pdf 图象,除非按照官方教程中的设置


本来期望着用 evince 打开,但是最后竟然用 liberoffice 开开了,然后字体竟然不一致了,所以想着更改默认的 pdf 阅读软件,参考 How to set default browser for PDF reader Evince on Linux?

可以在 .local/share/applications/mimeapps.list 里面添加或者修改


Install software without root

conda can install many other programs, such as tree,

conda install -c eumetsat tree

The trick is to check whether the package is available via

refer to How to install packages in Linux (CentOS) without root user with automatic dependency handling?

tab fails to complete

服务器上 tab 补全失效,并且报错


因为在第三方服务器上,没有权限清理 /tmp 文件夹,于是参考 解决cannot create temp file for here-document: No space left on device问题

.bashrc 中加入

export TMPDIR=$HOME/tmp

Let’s Encrypt

If it throws the following message,

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

it is necessary to upgrade the Certbot.


按照之前的配置方法,不可用,于是参考轻松在 VPS 搭建 Shadowsocks 翻墙进行配置。



  1. How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 7
  2. CentOS 7.2 利用yum安装配置Apache2.4多虚拟主机



Back to top