---

Alias: ["VPS command-line", "command-line"]
Tag: ["💻", "🖥️", "🌐", "☁️"]
Date: 2021-08-28
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [48.8570517, 2.3677354]
CollapseMetaTable: true

---

 ^Top

Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]

&emsp;

```button
name Save
type command
action Save current file
id Save
```
^button-VPSConsoleSave

&emsp;

# VPS Console Dialogue

&emsp;

> [!summary]+
> A quick note to use command-line to interact with VPS.

&emsp;

```toc
style: number
```

&emsp;

---

&emsp;

### Connection and initialisation

&emsp;

> [!summary]+
> Simple commands to start using a Virtual Private Server.

&emsp;

#### Connection

```ad-command
~~~bash
ssh username@IPv4
~~~
```

It is usual to change password:
```ad-command
~~~bash
passwd
~~~
```

&emsp;

#### Initialisation and updates

```ad-command
~~~bash
sudo apt update && sudo apt upgrade
~~~
```

&emsp;

#### User accounts
[[#^Top|TOP]]
```ad-command
title: Add user
~~~bash
sudo adduser 'username'
~~~
```

```ad-command
title: Delete user
~~~bash
sudo userdel -r 'username'
~~~
```

```ad-command
title: Grant admin privileges
~~~bash
usermod -aG sudo 'username'
~~~
```

&emsp;

#### Switch between user accounts
[[#^Top|TOP]]
```ad-command
~~~bash
su - (username)
~~~
```

&emsp;

#### Reboot
[[#^Top|TOP]]
```ad-command
~~~bash
sudo reboot now
~~~
```

Or

```ad-command
~~~bash
sudo systemctl reboot
~~~
```

&emsp;

#### Change hostname
[[#^Top|TOP]]
1. **Check the static hostname**

```ad-command
~~~bash
sudo hostnamectl
~~~
```

2. **Change the hostname**

```ad-command
~~~bash
sudo hostnamectl set-hostname (hostname)
~~~
```

&emsp;

---

&emsp;

### Securing Server access
[[#^Top|TOP]]
&emsp;

```ad-abstract
title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.
```

&emsp;

#### Server-side RSA preparation
[[#^Top|TOP]]
2 simple commands to prepare the server:

```ad-command
~~~bash
mkdir -p ~/.ssh
~~~
```

```ad-command
~~~bash
chmod 700 ~/.ssh
~~~
```

&emsp;

#### Generating a RSA key pair
[[#^Top|TOP]]
On Linux & MacOS clients, the process is simple:

```ad-command
~~~bash
ssh-keygen -t rsa
~~~
```

And follow the prompts.

You can then send the public key to the server:

```ad-command
~~~bash
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
~~~
```

&emsp;

#### Client's computer SSH setup
[[#^Top|TOP]]
##### SSH Agent

In order to active SSH Agent, run:

```ad-command
~~~bash
ssh-agent $BASH
~~~
```

To add any key to the agent:

```ad-command
~~~bash
ssh-add ~/.ssh/(key name)
~~~
```

&emsp;

##### SSH script

SSH can understand scripting for ease of use. To create and edit a config file on the local machine:

```ad-command
~~~bash
touch/vim ~/.ssh/config
~~~
```

The declaration of a connection follows this nomenclature:

```ad-code
~~~bash
Host (scriptname) (serverIP)
    HostName (serverIP)
    IdentityFile ~/.ssh/(private key path)
    User (remoteusername)
~~~
```


Once set up, a connection can be called from Terminal with the following command:

```ad-command
~~~bash
ssh (scriptname)
~~~
```

&emsp;

#### Editing the Server's SSH config
[[#^Top|TOP]]
To open the config file:

```ad-command
~~~bash
sudo (nano/vim) /etc/ssh/sshd_config
~~~
```

The following parameters enable to restrict access to the server:

```ad-code
~~~javascript
// Enables SSH Key authentication
PubkeyAuthentication yes

// Disables password authentication (not recommended)
PasswordAuthentication no

// Disable root access (to diminish a known attack surface)
PermitRootLogin no

// Disables empty passwords
PermitEmptyPasswords no

// Set a Banner
Banner /etc/issue.net

// Manage White/Blacklists
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)

// Change connection Port
Port xxxxx
~~~
```

After any change of the config file, restart the SSH service:

```ad-command
~~~bash
sudo systemctl restart sshd
~~~
```

**Note**:
issue.net needs to be set:

```ad-command
~~~bash
sudo nano/vim /etc/issue.net
~~~
```

With a text as set out below:

```ad-code
~~~
Warning! Authorised use only.
This server is the property of mydomain.example
~~~
```

&emsp;

#### Network monitoring
[[#^Top|TOP]]
```ad-command
title: simple port monitoring
~~~bash
sudo netstat -an
~~~
```

```ad-command
title: active port monitoring
~~~bash
sudo netstat -anp (IP/TCP/UDP)
~~~
```

```ad-info
title: simple port stats
~~~
sudo netstat -sp (IP/TCP/UDP)
~~~
```

&emsp;

---

&emsp;

### File management
[[#^Top|TOP]]
&emsp;

```ad-abstract
title: Summary
collapse: open
Simple commands to access files on the server.
```

&emsp;

#### File navigation
[[#^Top|TOP]]
```ad-command
title: Explore current directory
~~~bash
ls -alh
~~~
```

```ad-command
title: Change directory
~~~bash
cd (folder path)
~~~
```

```ad-command
title: Find a file
~~~bash
sudo find / -iname (filename)
~~~
```

&emsp;

#### Create file
[[#^Top|TOP]]
```ad-command
~~~bash
touch (filepath/name)
~~~
```

&emsp;

#### Edit file
[[#^Top|TOP]]
```ad-command
~~~bash
vi (filepath/name)
~~~
```

1. Press 'i' for the edit mode
2. 'Esc' key to exit edit mode
3. Type ':wq' to save & close

&emsp;

#### Delete files & folders
[[#^Top|TOP]]
```ad-command
title: Delete file
~~~bash
rm (file path & name)
~~~
```

```ad-command
title: Delete folder and contents
~~~bash
rm -r (folder path)
~~~
```

&emsp;

#### File permissions
[[#^Top|TOP]]
##### Checking file permissions

```ad-command
title: Permissions
**For a file**: ls -l (file path & name)
**For a folder**: ls -ld (folder path)
```

&emsp;

##### Changing file permissions

```ad-command
title: Change permissions
~~~bash
chmod xxx (folder/file path)
~~~
```

For x:
1. read-only: 4
2. write: 2
3. execute: 1

```ad-command
title: Change owner
~~~bash
chown (owner):(group) (folder/file path)
~~~
```

```ad-command
title: Change group
~~~bash
chgrp -R (new group) (folder/file path)
~~~
```

&emsp;

##### Bulk changes

```ad-command
title: Change file permission in a folder
~~~bash
find (folder path) -type f -exec chmod xxx {} \;
~~~
```

```ad-command
title: Change sub-folder permission in a folder
~~~bash
find (folder path) -type d -exec chmod xxx {} \;
~~~
```

&emsp;

#### File transfer

Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2Cloud|here]].

&emsp;

---

&emsp;

### Backing up a server
[[#^Top|TOP]]
&emsp;

#### Backup preparation

Create a directory for backup:

```ad-command
~~~bash
sudo mkdir /Backup
~~~
```

&emsp;

#### Backup creation

Best is to launch the command from the Backup folder:

```ad-command
~~~bash
cd /Backup
~~~
```

Command:

```ad-command
~~~bash
sudo tar -cvpzf /Backup/backup.tar.gz --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash /
~~~
```

Once created, the backup can be transferred using the [[#File transfer]] script.

&emsp;

#### Backup cleanup

After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.

&emsp;

#### Backup restoring

1. From the server:

```ad-command
~~~bash
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
~~~
```

2. From the Client's machine, instruct:

```ad-command
~~~bash
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
~~~
```

&emsp;

Or through **FTP**:

1. Send backup to the root folder over FTP
2. Copy /boot/grub/menu.lst to menu.lst.bak
3. Restore
```ad-command
~~~bash
sudo tar xvpfz backup.tar.gz -C /
~~~
```
4. Recreate excluded directories
```ad-command
~~~bash
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
~~~
```
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
6. MAC address may need to be change
Check:

```ad-path
/etc/udev/rules.d/70-persistent-net.rules
```


&emsp;

---

&emsp;

### Manage commands
[[#^Top|TOP]]
&emsp;

#### Create command aliases

To do so, just create/edit the `bash_aliases` file:

```ad-command
~~~bash
sudo nano ~/.bash_aliases
~~~
```

&emsp;

Add aliases along the below nomenclature:

```ad-code
~~~bash
alias <ALIAS NAME>="<BASH COMMAND>"
~~~
```

&emsp;

In order to pass arguments, one can define functions:

```ad-code
~~~bash
<FUNCTION NAME> () {
 <BASH COMMAND SUB. ARGS WITH '$<INDEX>'>
}
~~~
```

&emsp;

#### Activate Bash aliases

```ad-command
~~~bash
source ~/.bash_aliases
~~~
```

&emsp;

---

&emsp;

### Manage programs
[[#^Top|TOP]]
&emsp;

#### Check if program is running

And how many instances:

```ad-command
~~~bash
sudo ps ax | grep (program)
~~~
```

&emsp;

#### Check what program uses a port

```ad-command
~~~bash
sudo netstar -lntup | grep (port#)
~~~
```

&emsp;

#### List all programs

```ad-command
~~~bash
sudo apt list --installed
~~~
```

&emsp;

#### Remove a package

```ad-command
~~~bash
sudo apt remove (package name)
~~~
```

For cleaner removal:

```ad-command
~~~bash
sudo apt purge (package name)
~~~
```

&emsp;

---

&emsp;

### Tools

&emsp;

#### Generate a random string

> [!command]
> ```bash
> openssl rand -base64 5
> ```

&emsp;

---

&emsp;

### Documentation

&emsp;

```ad-example
title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)
```

```ad-tip
title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)
```

```ad-tip
title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)
```

[[#^Top|TOP]]

&emsp;
&emsp;