--- Alias: ["VPS command-line", "command-line"] Tag: ["Computer", "Server", "Web", "Cloud"] Date: 2021-08-28 DocType: "Personal" Hierarchy: "NonRoot" TimeStamp: location: [48.8570517, 2.3677354] CollapseMetaTable: Yes --- Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]   ```button name Save type command action Save current file id Save ``` ^button-VPSConsoleSave   # VPS Console Dialogue   ```ad-abstract title: Summary collapse: open A quick note to use command-line to interact with VPS. ```   ```toc style: number ```   ---   ### Connection and initialisation   ```ad-abstract title: Summary collapse: open Simple commands to start using a Virtual Private Server. ```   #### Connection `ssh username@IPv4` It is usual to change password: `passwd`   #### Initialisation and updates `sudo apt update` `sudo apt upgrade`   #### User accounts ```ad-command title: Add user ~~~ sudo adduser 'username' ~~~ ``` ```ad-command title: Delete user ~~~ sudo userdel -r 'username' ~~~ ``` ```ad-command title: Grant admin privileges ~~~ usermod -aG sudo 'username' ~~~ ```   #### Switch between user accounts ```ad-command ~~~ su - (username) ~~~ ```   #### Reboot ```ad-command ~~~ sudo reboot now ~~~ ``` Or ```ad-command ~~~ sudo systemctl reboot ~~~ ```   #### Change hostname 1. **Check the static hostname** ```ad-command ~~~ sudo hostnamectl ~~~ ``` 2. **Change the hostname** ```ad-command ~~~ sudo hostnamectl set-hostname (hostname) ~~~ ```   ---   ### Securing Server access   ```ad-abstract title: Summary collapse: open This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks. ```   #### Server-side RSA preparation 2 simple commands to prepare the server: ```ad-command ~~~ mkdir -p ~/.ssh ~~~ ``` ```ad-command ~~~ chmod 700 ~/.ssh ~~~ ```   #### Generating a RSA key pair On Linux & MacOS clients, the process is simple: ```ad-command ~~~ ssh-keygen -t rsa ~~~ ``` And follow the prompts. You can then send the public key to the server: ```ad-command ~~~ ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server) ~~~ ```   #### Client's computer SSH setup ##### SSH Agent In order to active SSH Agent, run: ```ad-command ~~~ ssh-agent $BASH ~~~ ``` To add any key to the agent: ```ad-command ~~~ ssh-add ~/.ssh/(key name) ~~~ ```   ##### SSH script SSH can understand scripting for ease of use. To create and edit a config file on the local machine: ```ad-command ~~~ touch/vim ~/.ssh/config ~~~ ``` The declaration of a connection follows this nomenclature: ```ad-code ~~~ Host (scriptname) (serverIP) HostName (serverIP) IdentityFile ~/.ssh/(private key path) User (remoteusername) ~~~ ``` Once set up, a connection can be called from Terminal with the following command: ```ad-command ~~~ ssh (scriptname) ~~~ ```   #### Editing the Server's SSH config To open the config file: ```ad-command ~~~ sudo (nano/vim) /etc/ssh/sshd_config ~~~ ``` The following parameters enable to restrict access to the server: ```ad-code ~~~ // Enables SSH Key authentication PubkeyAuthentication yes // Disables password authentication (not recommended) PasswordAuthentication no // Disable root access (to diminish a known attack surface) PermitRootLogin no // Disables empty passwords PermitEmptyPasswords no // Set a Banner Banner /etc/issue.net // Manage White/Blacklists AllowUsers (username) AllowGroups (groupname) DenyUsers (username) DenyGroups (groupname) // Change connection Port Port xxxxx ~~~ ``` After any change of the config file, restart the SSH service: ```ad-command ~~~ sudo systemctl restart sshd ~~~ ``` **Note**: issue.net needs to be set: ```ad-command ~~~ sudo nano/vim /etc/issue.net ~~~ ``` With a text as set out below: ```ad-code ~~~ Warning! Authorised use only. This server is the property of mydomain.example ~~~ ```   #### Network monitoring ```ad-command title: simple port monitoring ~~~ sudo netstat -an ~~~ ``` ```ad-command title: active port monitoring ~~~ sudo netstat -anp (IP/TCP/UDP) ~~~ ``` ```ad-info title: simple port stats ~~~ sudo netstat -sp (IP/TCP/UDP) ~~~ ```   ---   ### File management   ```ad-abstract title: Summary collapse: open Simple commands to access files on the server. ```   #### File navigation ```ad-command title: Explore current directory ~~~ ls -alh ~~~ ``` ```ad-command title: Change directory ~~~ cd (folder path) ~~~ ``` ```ad-command title: Find a file ~~~ sudo find / -iname (filename) ~~~ ```   #### Create file ```ad-command ~~~ touch (filepath/name) ~~~ ```   #### Edit file ```ad-command ~~~ vi (filepath/name) ~~~ ``` 1. Press 'i' for the edit mode 2. 'Esc' key to exit edit mode 3. Type ':wq' to save & close   #### Delete files & folders ```ad-command title: Delete file ~~~ rm (file path & name) ~~~ ``` ```ad-command title: Delete folder and contents ~~~ rm -r (folder path) ~~~ ```   #### File permissions ##### Checking file permissions ```ad-command title: Permissions **For a file**: ls -l (file path & name) **For a folder**: ls -ld (folder path) ```   ##### Changing file permissions ```ad-command title: Change permissions ~~~ chmod xxx (folder/file path) ~~~ ``` For x: 1. read-only: 4 2. write: 2 3. execute: 1 ```ad-command title: Change owner ~~~ chown (owner):(group) (folder/file path) ~~~ ``` ```ad-command title: Change group ~~~ chgrp -R (new group) (folder/file path) ~~~ ```   ##### Bulk changes ```ad-command title: Change file permission in a folder ~~~ find (folder path) -type f -exec chmod xxx {} \; ~~~ ``` ```ad-command title: Change sub-folder permission in a folder ~~~ find (folder path) -type d -exec chmod xxx {} \; ~~~ ```   #### File transfer Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2Cloud|here]].   ---   ### Backing up a server   #### Backup preparation Create a directory for backup: ```ad-command ~~~ sudo mkdir /Backup ~~~ ```   #### Backup creation Best is to launch the command from the Backup folder: ```ad-command ~~~ cd /Backup ~~~ ``` Command: ```ad-command ~~~ sudo tar -cvpzf /Backup --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash / ~~~ ``` Once created, the backup can be transferred using the [[#File transfer]] script.   #### Backup cleanup After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.   #### Backup restoring 1. From the server: ```ad-command ~~~ sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup ~~~ ``` 2. From the Client's machine, instruct: ```ad-command ~~~ cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024 ~~~ ```   Or through **FTP**: 1. Send backup to the root folder over FTP 2. Copy /boot/grub/menu.lst to menu.lst.bak 3. Restore ```ad-command ~~~ sudo tar xvpfz backup.tar.gz -C / ~~~ ``` 4. Recreate excluded directories ```ad-command ~~~ mkdir proc Mkdir lost+found mkdir mnt mkdir sys ... ~~~ ``` 5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak) 6. MAC address may need to be change Check: ```ad-path ~~~ /etc/udev/rules.d/70-persistent-net.rules ~~~ ```   ---   ### Manage programs   #### Check if program is running And how many instances: ```ad-command ~~~ sudo ps ax | grep (program) ~~~ ```   #### Check what program uses a port ```ad-command ~~~ sudo netstar -lntup | grep (port#) ~~~ ```   #### List all programs ```ad-command ~~~ sudo apt list --installed ~~~ ```   #### Remove a package ```ad-command ~~~ sudo apt remove (package name) ~~~ ``` For cleaner removal: ```ad-command ~~~ sudo apt purge (package name) ~~~ ```   ---   ### Documentation   ```ad-example title: OSXdaily [SSH generic](https://osxdaily.com/tag/ssh/) [All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/) [Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/) ``` ```ad-tip title: Mediatemple [Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands) ``` ```ad-tip title: Scripting OSX [Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/) ```