melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1eb04237f0'
${ noResults }
Obsidian/Networks/VPS Console Dialogue.md

7.7 KiB
Raw Blame History Escape

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
VPS command-line
command-line
Computer
Server
Web
Cloud
2021-08-28 Personal NonRoot
48.8570517
2.3677354
Yes

Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools

name Save
type command
action Save current file
id Save

^button-VPSConsoleSave

VPS Console Dialogue

title: Summary
collapse: open
A quick note to use command-line to interact with VPS.


style: number

Connection and initialisation

title: Summary
collapse: open
Simple commands to start using a Virtual Private Server.

Connection

ssh username@IPv4

It is usual to change password: passwd

Initialisation and updates

sudo apt update sudo apt upgrade

User accounts

title: Add user
~~~
sudo adduser 'username'
~~~

title: Delete user
~~~
sudo userdel -r 'username'
~~~

title: Grant admin privileges
~~~
usermod -aG sudo 'username'
~~~

Switch between user accounts

su - (username)

Reboot

Sudo reboot now

Or

sudo systemctl reboot

Change hostname

  1. Check the static hostname

sudo hostnamectl

  1. Change the hostname

sudo hostnamectl set-hostname (hostname)

Securing Server access

title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.

Server-side RSA preparation

2 simple commands to prepare the server:

mkdir -p ~/.ssh

chmod 700 ~/.ssh

Generating a RSA key pair

On Linux & MacOS clients, the process is simple:

ssh-keygen -t rsa

And follow the prompts.

You can then send the public key to the server:

ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)

Client's computer SSH setup

SSH Agent

In order to active SSH Agent, run:

ssh-agent $BASH

To add any key to the agent:

ssh-add ~/.ssh/(key name)

SSH script

SSH can understand scripting for ease of use. To create and edit a config file on the local machine:

touch/vim ~/.ssh/config

The declaration of a connection follows this nomenclature:

Host (scriptname) (serverIP) HostName (serverIP) IdentityFile ~/.ssh/(private key path) User (remoteusername)

Once set up, a connection can be called from Terminal with the following command:

ssh (scriptname)

Editing the Server's SSH config

To open the config file:

sudo (nano/vim) /etc/ssh/sshd_config

The following parameters enable to restrict access to the server:

// Enables SSH Key authentication PubkeyAuthentication yes

// Disables password authentication (not recommended) PasswordAuthentication no

// Disable root access (to diminish a known attack surface) PermitRootLogin no

// Disables empty passwords PermitEmptyPasswords no

// Set a Banner Banner /etc/issue.net

// Manage White/Blacklists AllowUsers (username) AllowGroups (groupname) DenyUsers (username) DenyGroups (groupname)

// Change connection Port Port xxxxx

After any change of the config file, restart the SSH service:

sudo systemctl restart sshd

Note: issue.net needs to be set:

sudo nano/vim /etc/issue.net

With a text as set out below:

Warning! Authorised use only. This server is the property of mydomain.example

Network monitoring

title: simple port monitoring
`sudo netstat -an`

title: acti r port monitoring
`sudo netstat -anp (IP/TCP/UDP)`

title: simple port stats
`sudo netstat -sp (IP/TCP/UDP)`

File management

title: Summary
collapse: open
Simple commands to access files on the server.

File navigation

title: Explore current directory
`ls -alh`

title: Change directory
`cd (folder path)`

title: Find a file
`sudo find / -iname (filename)`

Create file

touch (filepath/name)

Edit file

vi (filepath/name)

  1. Press 'i' for the edit mode
  2. 'Esc' key to exit edit mode
  3. Type ':wq' to save & close

Delete files & folders

title: Delete file
`rm (file path & name)`

title: Delete folder and contents
`rm -r (folder path)`

File permissions

Checking file permissions
title: Permissions
For a file: `ls -l (file path & name)`
For a folder: `ls -ld (folder path)`

Changing file permissions
title: Change permissions
`chmod xxx (folder/file path)`

For x:

  1. read-only: 4
  2. write: 2
  3. execute: 1
title: Change owner
`chown (owner):(group) (folder/file path)`

title: Change group
`chgrp -R (new group) (folder/file path)`

Bulk changes
title: Change file permission in a folder
`find (folder path) -type f -exec chmod xxx {} \;`

title: Change sub-folder permission in a folder
`find (folder path) -type d -exec chmod xxx {} \;`

File transfer

Instructions to use rclone for file transfers can be found Server Cloud#Cloud2Cloud.

Backing up a server

Backup preparation

Create a directory for backup:

sudo mkdir /Backup

Backup creation

Best is to launch the command from the Backup folder:

cd /Backup

Command:

sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /

Once created, the backup can be transferred using the #File transfer script.

Backup cleanup

After transfer, #Delete files folders the .tar.gz file from its folder.

Backup restoring

  1. From the server:

sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup

  1. From the Client's machine, instruct:

cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024

Or through FTP:

  1. Send backup to the root folder over FTP
  2. Copy /boot/grub/menu.lst to menu.lst.bak
  3. Restore sudo tar xvpfz backup.tar.gz -C /
  4. Recreate excluded directories
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
  1. Replace the restored menu.lst file with the .bak created in Step 2 (dropping bak)
  2. MAC address may need to be change Check /etc/udev/rules.d/70-persistent-net.rules

Manage programs

Check if program is running

And how many instances:

sudo ps ax | grep (program)

Check what program uses a port

sudo netstar -lntup | grep (port#)

List all programs

sudo apt list --installed

Remove a package

sudo apt remove (package name)

For cleaner removal:

sudo apt purge (package name)

Documentation

title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)

title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)

title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)