Jupyter Notebook修改登陸密碼
使用命令 “ jupyter notebook password ”可以設定 Jupyter Notebook 啟動後進入 Web 介面的密碼。
官網地址:
Running a notebook server
The Jupyter notebook web application is based on a server-client structure. The notebook server uses a two-process kernel architecture based on ZeroMQ , as well as Tornado for serving HTTP requests.
Note
By default, a notebook server runs locally at 127.0.0.1:8888 and is accessible only from localhost . You may access the notebook server from the browser using .
This document describes how you can secure a notebook server and how to run it on a public interface .
Important
This is not the multi-user server you are looking for . This document describes how you can run a public server with a single user. This should only be done by someone who wants remote access to their personal machine. Even so, doing this requires a thorough understanding of the set-ups limitations and security implications. If you allow multiple users to access a notebook server as it is described in this document, their commands may collide, clobber and overwrite each other.
If you want a multi-user server, the official solution is JupyterHub . To use JupyterHub, you need a Unix server (typically Linux) running somewhere that is accessible to your users on a network. This may run over the public internet, but doing so introduces additional security concerns .
Securing a notebook server
You can protect your notebook server with a simple single password. As of notebook 5.0 this can be done automatically. To set up a password manually you can configure the
NotebookApp.password
setting in
jupyter_notebook_config.py
.
Prerequisite: A notebook configuration file
Check to see if you have a notebook configuration file,
jupyter_notebook_config.py
. The default location for this file is your Jupyter folder located in your home directory:
- Windows:
C:\Users\USERNAME\.jupyter\jupyter_notebook_config.py
- OS X:
/Users/USERNAME/.jupyter/jupyter_notebook_config.py
- Linux:
/home/USERNAME/.jupyter/jupyter_notebook_config.py
If you don’t already have a Jupyter folder, or if your Jupyter folder doesn’t contain a notebook configuration file, run the following command:
$ jupyter notebook --generate-config
This command will create the Jupyter folder if necessary, and create notebook configuration file,
jupyter_notebook_config.py
, in this folder.
Automatic Password setup
As of notebook 5.3, the first time you log-in using a token, the notebook server should give you the opportunity to setup a password from the user interface.
You will be presented with a form asking for the current _token_, as well as your _new_ _password_ ; enter both and click on
Login
and
setup
new
password
.
Next time you need to log in you’ll be able to use the new password instead of the login token, otherwise follow the procedure to set a password from the command line.
The ability to change the password at first login time may be disabled by integrations by setting the
--NotebookApp.allow_password_change=False
Starting at notebook version 5.0, you can enter and store a password for your notebook server with a single command.
jupyter notebook password
will prompt you for your password and record the hashed password in your
jupyter_notebook_config.json
.
$ jupyter notebook password
Enter password: ****
Verify password: ****[NotebookPasswordApp] Wrote hashed password to /Users/you/.jupyter/jupyter_notebook_config.json
This can be used to reset a lost password; or if you believe your credentials have been leaked and desire to change your password. Changing your password will invalidate all logged-in sessions after a server restart.
Preparing a hashed password
You can prepare a hashed password manually, using the function
notebook.auth.security.passwd()
:
In [1]: from notebook.auth import passwdIn [2]: passwd()Enter password:Verify password:Out[2]: 'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
Caution
passwd()
when called with no arguments will prompt you to enter and verify your password such as in the above code snippet. Although the function can also be passed a string as an argument such as
passwd('mypassword')
, please
do not
pass a string as an argument inside an IPython session, as it will be saved in your input history.
Adding hashed password to your notebook configuration file
You can then add the hashed password to your
jupyter_notebook_config.py
. The default location for this file
jupyter_notebook_config.py
is in your Jupyter folder in your home directory,
~/.jupyter
, e.g.:
c.NotebookApp.password = u'sha1:67c9e60bb8b6:9ffede0825894254b2e042ea597d771089e11aed'
Automatic password setup will store the hash in
jupyter_notebook_config.json
while this method stores the hash in
jupyter_notebook_config.py
. The
.json
configuration options take precedence over the
.py
one, thus the manual password may not take effect if the Json file has a password set.
Using SSL for encrypted communication
When using a password, it is a good idea to also use SSL with a web certificate, so that your hashed password is not sent unencrypted by your browser.
Important
Web security is rapidly changing and evolving. We provide this document as a convenience to the user, and recommend that the user keep current on changes that may impact security, such as new releases of OpenSSL. The Open Web Application Security Project ( OWASP ) website is a good resource on general security issues and web practices.
You can start the notebook to communicate via a secure protocol mode by setting the
certfile
option to your self-signed certificate, i.e.
mycert.pem
, with the command:
$ jupyter notebook --certfile=mycert.pem --keyfile mykey.key
Tip
A self-signed certificate can be generated with
openssl
. For example, the following command will create a certificate valid for 365 days with both the key and certificate data written to the same file:
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mykey.key -out mycert.pem
When starting the notebook server, your browser may warn that your self-signed certificate is insecure or unrecognized. If you wish to have a fully compliant self-signed certificate that will not raise warnings, it is possible (but rather involved) to create one, as explained in detail in this tutorial . Alternatively, you may use Let’s Encrypt to acquire a free SSL certificate and follow the steps in Using Let’s Encrypt to set up a public server.
Running a public notebook server
If you want to access your notebook server remotely via a web browser, you can do so by running a public notebook server. For optimal security when running a public notebook server, you should first secure the server with a password and SSL/HTTPS as described in Securing a notebook server .
Start by creating a certificate file and a hashed password, as explained in Securing a notebook server .
If you don’t already have one, create a config file for the notebook using the following command line:
$ jupyter notebook --generate-config
In the
~/.jupyter
directory, edit the notebook config file,
jupyter_notebook_config.py
. By default, the notebook config file has all fields commented out. The minimum set of configuration options that you should uncomment and edit in
jupyter_notebook_config.py
is the following:
# Set options for certfile, ip, password, and toggle off# browser auto-openingc.NotebookApp.certfile = u'/absolute/path/to/your/certificate/mycert.pem'c.NotebookApp.keyfile = u'/absolute/path/to/your/certificate/mykey.key'# Set ip to '*' to bind on all interfaces (ips) for the public serverc.NotebookApp.ip = '*'c.NotebookApp.password = u'sha1:bcd259ccf...<your hashed password here>'c.NotebookApp.open_browser = False# It is a good idea to set a known, fixed port for server accessc.NotebookApp.port = 9999
You can then start the notebook using the
jupyter
notebook
command.
Using Let’s Encrypt
Let’s Encrypt provides free SSL/TLS certificates. You can also set up a public server using a Let’s Encrypt certificate.
Running a public notebook server will be similar when using a Let’s Encrypt certificate with a few configuration changes. Here are the steps:
-
Create a Let’s Encrypt certificate .
-
Use Preparing a hashed password to create one.
-
If you don’t already have config file for the notebook, create one using the following command:
$ jupyter notebook --generate-config
4. In the
~/.jupyter
directory, edit the notebook config file,
jupyter_notebook_config.py
. By default, the notebook config file has all fields commented out. The minimum set of configuration options that you should to uncomment and edit in
jupyter_notebook_config.py
is the following:
# Set options for certfile, ip, password, and toggle off# browser auto-openingc.NotebookApp.certfile = u'/absolute/path/to/your/certificate/fullchain.pem'c.NotebookApp.keyfile = u'/absolute/path/to/your/certificate/privkey.pem'# Set ip to '*' to bind on all interfaces (ips) for the public serverc.NotebookApp.ip = '*'c.NotebookApp.password = u'sha1:bcd259ccf...<your hashed password here>'c.NotebookApp.open_browser = False# It is a good idea to set a known, fixed port for server accessc.NotebookApp.port = 9999
You can then start the notebook using the
jupyter
notebook
command.
Important
Use ‘https’.
Keep in mind that when you enable SSL support, you must access the notebook server over
https://
, not over plain
http://
. The startup message from the server prints a reminder in the console, but
it is easy to overlook this detail and think the server is for some reason non-responsive
.
When using SSL, always access the notebook server with ‘https://’.
You may now access the public server by pointing your browser to
where
your.host.com
is your public server’s domain.
Firewall Setup
To function correctly, the firewall on the computer running the jupyter notebook server must be configured to allow connections from client machines on the access port
c.NotebookApp.port
set in
jupyter_notebook_config.py
to allow connections to the web interface. The firewall must also allow connections from 127.0.0.1 (localhost) on ports from 49152 to 65535. These ports are used by the server to communicate with the notebook kernels. The kernel communication ports are chosen randomly by ZeroMQ, and may require multiple connections per kernel, so a large range of ports must be accessible.
Running the notebook with a customized URL prefix
The notebook dashboard, which is the landing page with an overview of the notebooks in your working directory, is typically found and accessed at the default URL
.
If you prefer to customize the URL prefix for the notebook dashboard, you can do so through modifying
jupyter_notebook_config.py
. For example, if you prefer that the notebook dashboard be located with a sub-directory that contains other ipython files, e.g.
ipython/
, you can do so with configuration options like the following (see above for instructions about modifying
jupyter_notebook_config.py
):
c.NotebookApp.base_url = '/ipython/'
Embedding the notebook in another website
Sometimes you may want to embed the notebook somewhere on your website, e.g. in an IFrame. To do this, you may need to override the Content-Security-Policy to allow embedding. Assuming your website is at
, you can embed the notebook on your website with the following configuration setting in
jupyter_notebook_config.py
:
c.NotebookApp.tornado_settings = {
'headers': {
'Content-Security-Policy': "frame-ancestors 'self' "
}}
When embedding the notebook in a website using an iframe, consider putting the notebook in single-tab mode. Since the notebook opens some links in new tabs by default, single-tab mode keeps the notebook from opening additional tabs. Adding the following to
~/.jupyter/custom/custom.js
will enable single-tab mode:
define(['base/js/namespace'], function(Jupyter){
Jupyter._target = '_self';});
Known issues
Proxies
When behind a proxy, especially if your system or browser is set to autodetect the proxy, the notebook web application might fail to connect to the server’s websockets, and present you with a warning at startup. In this case, you need to configure your system not to use the proxy for the server’s address.
For example, in Firefox, go to the Preferences panel, Advanced section, Network tab, click ‘Settings…’, and add the address of the notebook server to the ‘No proxy for’ field.
Content-Security-Policy (CSP)
Certain
security guidelines
recommend that servers use a Content-Security-Policy (CSP) header to prevent cross-site scripting vulnerabilities, specifically limiting to
default-src:
https:
when possible. This directive causes two problems with Jupyter. First, it disables execution of inline javascript code, which is used extensively by Jupyter. Second, it limits communication to the https scheme, and prevents WebSockets from working because they communicate via the wss scheme (or ws for insecure communication). Jupyter uses WebSockets for interacting with kernels, so when you visit a server with such a CSP, your browser will block attempts to use wss, which will cause you to see “Connection failed” messages from jupyter notebooks, or simply no response from jupyter terminals. By looking in your browser’s javascript console, you can see any error messages that will explain what is failing.
To avoid these problem, you need to add
'unsafe-inline'
and
connect-src
https:
wss:
to your CSP header, at least for pages served by jupyter. (That is, you can leave your CSP unchanged for other parts of your website.) Note that multiple CSP headers are allowed, but successive CSP headers can only restrict the policy; they cannot loosen it. For example, if your server sends both of these headers
Content-Security-Policy “default-src https: ‘unsafe-inline’” Content-Security-Policy “connect-src https: wss:”
the first policy will already eliminate wss connections, so the second has no effect. Therefore, you can’t simply add the second header; you have to actually modify your CSP header to look more like this:
Content-Security-Policy “default-src https: ‘unsafe-inline’; connect-src https: wss:”
Docker CMD
Using
jupyter
notebook
as a
Docker CMD
results in kernels repeatedly crashing, likely due to a lack of
PID reaping
. To avoid this, use the
tini
init
as your Dockerfile
ENTRYPOINT
:
# Add Tini. Tini operates as a process subreaper for jupyter. This prevents
# kernel crashes.
ENV TINI_VERSION v0.6.0
ADD /releases/download/${TINI_VERSION}/tini /usr/bin/tini
RUN chmod +x /usr/bin/tini
ENTRYPOINT ["/usr/bin/tini", "--"]
EXPOSE 8888
CMD ["jupyter", "notebook", "--port=8888", "--no-browser", "--ip=0.0.0.0"]
About Me
........................................................................................................................ ● 本文作者:小麥苗,部分內容整理自網路,若有侵權請聯絡小麥苗刪除 ● 本文在itpub( http://blog.itpub.net/26736162 )、部落格園( http://www.cnblogs.com/lhrbest )和個人weixin公眾號( xiaomaimiaolhr )上有同步更新 ● 本文itpub地址: http://blog.itpub.net/26736162 ● 本文部落格園地址: http://www.cnblogs.com/lhrbest ● 本文pdf版、個人簡介及小麥苗雲盤地址: http://blog.itpub.net/26736162/viewspace-1624453/ ● 資料庫筆試面試題庫及解答: http://blog.itpub.net/26736162/viewspace-2134706/ ● DBA寶典今日頭條號地址: ........................................................................................................................ ● QQ群號: 230161599 (滿) 、618766405 ● weixin群:可加我weixin,我拉大家進群,非誠勿擾 ● 聯絡我請加QQ好友 ( 646634621 ) ,註明新增緣由 ● 於 2019-05-01 06:00 ~ 2019-05-30 24:00 在魔都完成 ● 最新修改時間:2019-05-01 06:00 ~ 2019-05-30 24:00 ● 文章內容來源於小麥苗的學習筆記,部分整理自網路,若有侵權或不當之處還請諒解 ● 版權所有,歡迎分享本文,轉載請保留出處 ........................................................................................................................ ● 小麥苗的微店 : ● 小麥苗出版的資料庫類叢書 : http://blog.itpub.net/26736162/viewspace-2142121/ ● 小麥苗OCP、OCM、高可用網路班 : http://blog.itpub.net/26736162/viewspace-2148098/ ● 小麥苗騰訊課堂主頁 : https://lhr.ke.qq.com/ ........................................................................................................................ 使用 weixin客戶端 掃描下面的二維碼來關注小麥苗的weixin公眾號( xiaomaimiaolhr )及QQ群(DBA寶典)、新增小麥苗weixin, 學習最實用的資料庫技術。
........................................................................................................................ |
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26736162/viewspace-2643434/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- SSH安全登陸原理:密碼登陸與公鑰登陸密碼
- 如何修改Jupyter Notebook工作路徑(Anaconda中)
- Jupyter Notebook
- PbootCMS 修改後臺登陸地址和賬號和密碼方法boot密碼
- pbootcms如何修改後臺的登陸地址/賬號以及密碼boot密碼
- 修改 jupyter notebook 啟動工作路徑的方法
- 配置SSH免密碼登陸密碼
- 修改 MySQL 登入密碼MySql密碼
- 【Jupyter Notebook】jupyter notebook呼叫另一個.ipynb檔案
- PbootCMS後臺登陸密碼忘記/找回密碼後臺登入密碼外掛boot密碼
- Jupyter Notebook的使用
- ssh直接帶密碼登入Linux,Linux自動密碼登陸利器sshpass密碼Linux
- shiro多realm配置免密碼登陸密碼
- CentOS7 配置免密碼登陸CentOS密碼
- 修改帝國網站登入密碼?網站被人修改了密碼?網站密碼
- SSH免密登陸
- PbootCMS後臺登陸密碼忘記/找回後臺登入密碼外掛boot密碼
- Jupyter Notebook入門指南
- jupyter notebook各種操作
- Jupyter Notebook的安裝
- Jupyter Notebook新增Ruby支援
- Linux配置SSH免密登陸(公私鑰登陸)Linux
- win10登陸密碼取消不了怎麼辦_win10登陸密碼取消不了的解決方法Win10密碼
- 修改預設登入網站密碼?網站密碼
- 網站登入密碼admin怎麼修改,如何安全地修改網站管理員登入密碼網站密碼
- pycharm中執行jupyter notebookPyCharm
- Jupyter Notebook 使用與安裝
- Anaconda下安裝Jupyter notebook
- jupyter notebook 刪除指定 kernel
- 搭建jupyter notebook伺服器伺服器
- 為Jupyter Notebook 新增目錄
- jupyter notebook 遠端訪問
- Jupyter notebook快速入門教程
- 密碼過期引起的ssh無法登陸密碼
- linux免密登陸設定Linux
- Linux設定免密登陸Linux
- jupyter notebook外掛環境配置
- Jupyter notebook 新增虛擬環境