--- Alias: ["VPS command-line", "command-line"] Tag: ["💻", "🖥️", "🌐", "☁️"] Date: 2021-08-28 DocType: "Personal" Hierarchy: "NonRoot" TimeStamp: location: [48.8570517, 2.3677354] CollapseMetaTable: true --- ^Top Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]   ```button name Save type command action Save current file id Save ``` ^button-VPSConsoleSave   # VPS Console Dialogue   > [!summary]+ > A quick note to use command-line to interact with VPS.   ```toc style: number ```   ---   ### Connection and initialisation   > [!summary]+ > Simple commands to start using a Virtual Private Server.   #### Connection ```ad-command ~~~bash ssh username@IPv4 ~~~ ``` It is usual to change password: ```ad-command ~~~bash passwd ~~~ ```   #### Initialisation and updates ```ad-command ~~~bash sudo apt update && sudo apt upgrade ~~~ ```   #### User accounts [[#^Top|TOP]] ```ad-command title: Add user ~~~bash sudo adduser 'username' ~~~ ``` ```ad-command title: Delete user ~~~bash sudo userdel -r 'username' ~~~ ``` ```ad-command title: Grant admin privileges ~~~bash usermod -aG sudo 'username' ~~~ ```   #### Switch between user accounts [[#^Top|TOP]] ```ad-command ~~~bash su - (username) ~~~ ```   #### Reboot [[#^Top|TOP]] ```ad-command ~~~bash sudo reboot now ~~~ ``` Or ```ad-command ~~~bash sudo systemctl reboot ~~~ ```   #### Change hostname [[#^Top|TOP]] 1. **Check the static hostname** ```ad-command ~~~bash sudo hostnamectl ~~~ ``` 2. **Change the hostname** ```ad-command ~~~bash sudo hostnamectl set-hostname (hostname) ~~~ ```   ---   ### Securing Server access [[#^Top|TOP]]   ```ad-abstract title: Summary collapse: open This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks. ```   #### Server-side RSA preparation [[#^Top|TOP]] 2 simple commands to prepare the server: ```ad-command ~~~bash mkdir -p ~/.ssh ~~~ ``` ```ad-command ~~~bash chmod 700 ~/.ssh ~~~ ```   #### Generating a RSA key pair [[#^Top|TOP]] On Linux & MacOS clients, the process is simple: ```ad-command ~~~bash ssh-keygen -t rsa ~~~ ``` And follow the prompts. You can then send the public key to the server: ```ad-command ~~~bash ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server) ~~~ ```   #### Client's computer SSH setup [[#^Top|TOP]] ##### SSH Agent In order to active SSH Agent, run: ```ad-command ~~~bash ssh-agent $BASH ~~~ ``` To add any key to the agent: ```ad-command ~~~bash ssh-add ~/.ssh/(key name) ~~~ ```   ##### SSH script SSH can understand scripting for ease of use. To create and edit a config file on the local machine: ```ad-command ~~~bash touch/vim ~/.ssh/config ~~~ ``` The declaration of a connection follows this nomenclature: ```ad-code ~~~bash Host (scriptname) (serverIP) HostName (serverIP) IdentityFile ~/.ssh/(private key path) User (remoteusername) ~~~ ``` Once set up, a connection can be called from Terminal with the following command: ```ad-command ~~~bash ssh (scriptname) ~~~ ```   #### Editing the Server's SSH config [[#^Top|TOP]] To open the config file: ```ad-command ~~~bash sudo (nano/vim) /etc/ssh/sshd_config ~~~ ``` The following parameters enable to restrict access to the server: ```ad-code ~~~javascript // Enables SSH Key authentication PubkeyAuthentication yes // Disables password authentication (not recommended) PasswordAuthentication no // Disable root access (to diminish a known attack surface) PermitRootLogin no // Disables empty passwords PermitEmptyPasswords no // Set a Banner Banner /etc/issue.net // Manage White/Blacklists AllowUsers (username) AllowGroups (groupname) DenyUsers (username) DenyGroups (groupname) // Change connection Port Port xxxxx ~~~ ``` After any change of the config file, restart the SSH service: ```ad-command ~~~bash sudo systemctl restart sshd ~~~ ``` **Note**: issue.net needs to be set: ```ad-command ~~~bash sudo nano/vim /etc/issue.net ~~~ ``` With a text as set out below: ```ad-code ~~~ Warning! Authorised use only. This server is the property of mydomain.example ~~~ ```   #### Network monitoring [[#^Top|TOP]] ```ad-command title: simple port monitoring ~~~bash sudo netstat -an ~~~ ``` ```ad-command title: active port monitoring ~~~bash sudo netstat -anp (IP/TCP/UDP) ~~~ ``` ```ad-info title: simple port stats ~~~ sudo netstat -sp (IP/TCP/UDP) ~~~ ```   ---   ### File management [[#^Top|TOP]]   ```ad-abstract title: Summary collapse: open Simple commands to access files on the server. ```   #### File navigation [[#^Top|TOP]] ```ad-command title: Explore current directory ~~~bash ls -alh ~~~ ``` ```ad-command title: Change directory ~~~bash cd (folder path) ~~~ ``` ```ad-command title: Find a file ~~~bash sudo find / -iname (filename) ~~~ ```   #### Create file [[#^Top|TOP]] ```ad-command ~~~bash touch (filepath/name) ~~~ ```   #### Edit file [[#^Top|TOP]] ```ad-command ~~~bash vi (filepath/name) ~~~ ``` 1. Press 'i' for the edit mode 2. 'Esc' key to exit edit mode 3. Type ':wq' to save & close   #### Delete files & folders [[#^Top|TOP]] ```ad-command title: Delete file ~~~bash rm (file path & name) ~~~ ``` ```ad-command title: Delete folder and contents ~~~bash rm -r (folder path) ~~~ ```   #### File permissions [[#^Top|TOP]] ##### Checking file permissions ```ad-command title: Permissions **For a file**: ls -l (file path & name) **For a folder**: ls -ld (folder path) ```   ##### Changing file permissions ```ad-command title: Change permissions ~~~bash chmod xxx (folder/file path) ~~~ ``` For x: 1. read-only: 4 2. write: 2 3. execute: 1 ```ad-command title: Change owner ~~~bash chown (owner):(group) (folder/file path) ~~~ ``` ```ad-command title: Change group ~~~bash chgrp -R (new group) (folder/file path) ~~~ ```   ##### Bulk changes ```ad-command title: Change file permission in a folder ~~~bash find (folder path) -type f -exec chmod xxx {} \; ~~~ ``` ```ad-command title: Change sub-folder permission in a folder ~~~bash find (folder path) -type d -exec chmod xxx {} \; ~~~ ```   #### File transfer Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2Cloud|here]].   ---   ### Backing up a server [[#^Top|TOP]]   #### Backup preparation Create a directory for backup: ```ad-command ~~~bash sudo mkdir /Backup ~~~ ```   #### Backup creation Best is to launch the command from the Backup folder: ```ad-command ~~~bash cd /Backup ~~~ ``` Command: ```ad-command ~~~bash sudo tar -cvpzf /Backup/backup.tar.gz --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash / ~~~ ``` Once created, the backup can be transferred using the [[#File transfer]] script.   #### Backup cleanup After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.   #### Backup restoring 1. From the server: ```ad-command ~~~bash sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup ~~~ ``` 2. From the Client's machine, instruct: ```ad-command ~~~bash cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024 ~~~ ```   Or through **FTP**: 1. Send backup to the root folder over FTP 2. Copy /boot/grub/menu.lst to menu.lst.bak 3. Restore ```ad-command ~~~bash sudo tar xvpfz backup.tar.gz -C / ~~~ ``` 4. Recreate excluded directories ```ad-command ~~~bash mkdir proc Mkdir lost+found mkdir mnt mkdir sys ... ~~~ ``` 5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak) 6. MAC address may need to be change Check: ```ad-path /etc/udev/rules.d/70-persistent-net.rules ```   ---   ### Manage commands [[#^Top|TOP]]   #### Create command aliases To do so, just create/edit the `bash_aliases` file: ```ad-command ~~~bash sudo nano ~/.bash_aliases ~~~ ```   Add aliases along the below noomenclature: ```ad-code ~~~bash alias ="" ~~~ ```   In order to pass arguments, one can define functions: ```ad-code ~~~bash () { '> } ~~~ ```   #### Activate Bash aliases ```ad-command ~~~bash source ~/.bash_aliases ~~~ ```   ---   ### Manage programs [[#^Top|TOP]]   #### Check if program is running And how many instances: ```ad-command ~~~bash sudo ps ax | grep (program) ~~~ ```   #### Check what program uses a port ```ad-command ~~~bash sudo netstar -lntup | grep (port#) ~~~ ```   #### List all programs ```ad-command ~~~bash sudo apt list --installed ~~~ ```   #### Remove a package ```ad-command ~~~bash sudo apt remove (package name) ~~~ ``` For cleaner removal: ```ad-command ~~~bash sudo apt purge (package name) ~~~ ```   ---   ### Tools   #### Generate a random string > [!command] > ```bash > openssl rand -base64 5 > ```   ---   ### Documentation   ```ad-example title: OSXdaily [SSH generic](https://osxdaily.com/tag/ssh/) [All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/) [Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/) ``` ```ad-tip title: Mediatemple [Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands) ``` ```ad-tip title: Scripting OSX [Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/) ``` [[#^Top|TOP]]