---

Alias: ["Virtual Private Server"]
Tag: ["Computer", "Server", "Web", "Cloud"]
Date: 2021-08-28
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [48.8570517, 2.3677354]
CollapseMetaTable: Yes

---

Parent:: [[Selfhosting]], [[Alias Server]], [[Cloud Server]], [[Tools Server]]

&emsp;

```button
name Save
type command
action Save current file
id Save
```
^button-VPSConsoleSave

&emsp;

# VPS Console Dialogue

&emsp;

```ad-abstract
title: Summary
collapse: open
A quick note to use command-line to interact with VPS.
```

&emsp;

```toc
style: number
```

&emsp;

---

&emsp;

### Connection and initialisation

&emsp;

```ad-abstract
title: Summary
collapse: open
Simple commands to start using a Virtual Private Server.
```

&emsp;

#### Connection

`ssh username@IPv4`

It is usual to change password:
`passwd`

&emsp;

#### Initialisation and updates

`sudo apt update`
`sudo apt upgrade`

&emsp;

#### User accounts

```ad-info
title: Add user
~~~
sudo adduser 'username'
~~~
```

```ad-info
title: Delete user
~~~
sudo userdel -r 'username'
~~~
```

```ad-info
title: Grant admin privileges
~~~
usermod -aG sudo 'username'
~~~
```

&emsp;

#### Switch between user accounts

`su - (username)`

&emsp;

#### Reboot

`Sudo reboot now`

Or

`sudo systemctl reboot`

&emsp;

#### Change hostname

1. **Check the static hostname**

`sudo hostnamectl`

2. **Change the hostname**

`sudo hostnamectl set-hostname (hostname)`

&emsp;

---

&emsp;

### Securing Server access

&emsp;

```ad-abstract
title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.
```

&emsp;

#### Server-side RSA preparation

2 simple commands to prepare the server:

`mkdir -p ~/.ssh`

`chmod 700 ~/.ssh`

&emsp;

#### Generating a RSA key pair

On Linux & MacOS clients, the process is simple:

`ssh-keygen -t rsa`

And follow the prompts.

You can then send the public key to the server:

`ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)`

&emsp;

#### Client's computer SSH setup

##### SSH Agent

In order to active SSH Agent, run:

`ssh-agent $BASH`

To add any key to the agent:

`ssh-add ~/.ssh/(key name)`

&emsp;

##### SSH script

SSH can understand scripting for ease of use. To create and edit a config file on the local machine:

`touch/vim ~/.ssh/config`

The declaration of a connection follows this nomenclature:


>Host (scriptname) (serverIP)
>    HostName (serverIP)
>    IdentityFile ~/.ssh/(private key path)
>    User (remoteusername)


Once set up, a connection can be called from Terminal with the following command:

`ssh (scriptname)`

&emsp;

#### Editing the Server's SSH config

To open the config file:

`sudo (nano/vim) /etc/ssh/sshd_config`

The following parameters enable to restrict access to the server:


> // **Enables SSH Key authentication**
PubkeyAuthentication yes
>
> // **Disables password authentication (not recommended)**
PasswordAuthentication no
>
> // **Disable root access (to diminish a known attack surface)**
PermitRootLogin no
>
> // **Disables empty passwords**
PermitEmptyPasswords no
>
> // **Set a Banner**
Banner /etc/issue.net
>
> // **Manage White/Blacklists**
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)
>
> // **Change connection Port**
Port xxxxx

After any change of the config file, restart the SSH service:

`sudo systemctl restart sshd`

**Note**:
issue.net needs to be set:

`sudo nano/vim /etc/issue.net`

With a text as set out below:

> Warning! Authorised use only.
> This server is the property of mydomain.example


&emsp;

---

&emsp;

### File management

&emsp;

```ad-abstract
title: Summary
collapse: open
Simple commands to access files on the server.
```

&emsp;

#### File navigation

```ad-note
title: Explore current directory
`ls -alh`
```

```ad-note
title: Change directory
`cd (folder path)`
```

```ad-note
title: Find a file
`sudo find / -iname (filename)`
```

&emsp;

#### Create file

`touch (filepath/name)`

&emsp;

#### Edit file

`vi (filepath/name)`

1. Press 'i' for the edit mode
2. 'Esc' key to exit edit mode
3. Type ':wq' to save & close

&emsp;

#### Delete files & folders

```ad-note
title: Delete file
`rm (file path & name)`
```

```ad-note
title: Delete folder and contents
`rm -r (folder path)`
```

&emsp;

#### File permissions

##### Checking file permissions

```ad-note
title: Permissions
For a file: `ls -l (file path & name)`
For a folder: `ls -ld (folder path)`
```

&emsp;

##### Changing file permissions

```ad-note
title: Change permissions
`chmod xxx (folder/file path)`
```

For x:
1. read-only: 4
2. write: 2
3. execute: 1

```ad-note
title: Change owner
`chown (owner):(group) (folder/file path)`
```

```ad-note
title: Change group
`chgrp -R (new group) (folder/file path)`
```

&emsp;

##### Bulk changes

```ad-note
title: Change file permission in a folder
`find (folder path) -type f -exec chmod xxx {} \;`
```

```ad-note
title: Change sub-folder permission in a folder
`find (folder path) -type d -exec chmod xxx {} \;`
```

&emsp;

#### File transfer

Instructions to use rclone for file transfers can be found [[Cloud Server#Cloud2Cloud|here]].

&emsp;

---

&emsp;

### Backing up a server

&emsp;

#### Backup preparation

Create a directory for backup:

`sudo mkdir /Backup`

&emsp;

#### Backup creation

Best is to launch the command from the Backup folder:

`cd /Backup`

Command:

`sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /`

Once created, the backup can be transferred using the [[#File transfer]] script.

&emsp;

#### Backup cleanup

After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.

&emsp;

#### Backup restoring

1. From the server:

`sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup`

2. From the Client's machine, instruct:

`cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024`

&emsp;

Or through **FTP**:

1. Send backup to the root folder over FTP
2. Copy /boot/grub/menu.lst to menu.lst.bak
3. Restore
`sudo tar xvpfz backup.tar.gz -C /`
4. Recreate excluded directories
```
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
```
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
6. MAC address may need to be change
Check `/etc/udev/rules.d/70-persistent-net.rules`


&emsp;

---

&emsp;

### Manage programs

&emsp;

#### Check if program is running

And how many instances:

`sudo ps ax | grep (program)`

&emsp;

#### Check what program uses a port

`sudo netstar -lntup | grep (port#)`

&emsp;

#### List all programs

`sudo apt list --installed`

&emsp;

#### Remove a package

`sudo apt remove (package name)`

For cleaner removal:

`sudo apt purge (package name)`

&emsp;

---

&emsp;

### Documentation

&emsp;

```ad-example
title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)
```

```ad-tip
title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)
```

```ad-tip
title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)
```

&emsp;
&emsp;