melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '22e2da06e2'
${ noResults }
Obsidian/05.02 Networks/VPS Console Dialogue.md

9.6 KiB
Raw Blame History Escape

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
VPS command-line
command-line
💻
🖥️
🌐
☁️
2021-08-28 Personal NonRoot
48.8570517
2.3677354
true

^Top

Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools, Server VPN

name Save
type command
action Save current file
id Save

^button-VPSConsoleSave

VPS Console Dialogue

[!summary]+ A quick note to use command-line to interact with VPS.

style: number

Connection and initialisation

[!summary]+ Simple commands to start using a Virtual Private Server.

Connection

~~~bash
ssh username@IPv4
~~~

It is usual to change password:

~~~bash
passwd
~~~

Initialisation and updates

~~~bash
sudo apt update && sudo apt upgrade
~~~

User accounts

#^Top

title: Add user
~~~bash
sudo adduser 'username'
~~~

title: Delete user
~~~bash
sudo userdel -r 'username'
~~~

title: Grant admin privileges
~~~bash
usermod -aG sudo 'username'
~~~

Switch between user accounts

#^Top

~~~bash
su - (username)
~~~

Reboot

#^Top

~~~bash
sudo reboot now
~~~

Or

~~~bash
sudo systemctl reboot
~~~

Change hostname

#^Top

  1. Check the static hostname
~~~bash
sudo hostnamectl
~~~
  1. Change the hostname
~~~bash
sudo hostnamectl set-hostname (hostname)
~~~

Securing Server access

#^Top 

title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.

Server-side RSA preparation

#^Top 2 simple commands to prepare the server:

~~~bash
mkdir -p ~/.ssh
~~~

~~~bash
chmod 700 ~/.ssh
~~~

Generating a RSA key pair

#^Top On Linux & MacOS clients, the process is simple:

~~~bash
ssh-keygen -t rsa
~~~

And follow the prompts.

You can then send the public key to the server:

~~~bash
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
~~~

Client's computer SSH setup

#^Top

SSH Agent

In order to active SSH Agent, run:

~~~bash
ssh-agent $BASH
~~~

To add any key to the agent:

~~~bash
ssh-add ~/.ssh/(key name)
~~~

SSH script

SSH can understand scripting for ease of use. To create and edit a config file on the local machine:

~~~bash
touch/vim ~/.ssh/config
~~~

The declaration of a connection follows this nomenclature:

~~~bash
Host (scriptname) (serverIP)
    HostName (serverIP)
    IdentityFile ~/.ssh/(private key path)
    User (remoteusername)
~~~

Once set up, a connection can be called from Terminal with the following command:

~~~bash
ssh (scriptname)
~~~

Editing the Server's SSH config

#^Top To open the config file:

~~~bash
sudo (nano/vim) /etc/ssh/sshd_config
~~~

The following parameters enable to restrict access to the server:

~~~javascript
// Enables SSH Key authentication
PubkeyAuthentication yes

// Disables password authentication (not recommended)
PasswordAuthentication no

// Disable root access (to diminish a known attack surface)
PermitRootLogin no

// Disables empty passwords
PermitEmptyPasswords no

// Set a Banner
Banner /etc/issue.net

// Manage White/Blacklists
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)

// Change connection Port
Port xxxxx
~~~

After any change of the config file, restart the SSH service:

~~~bash
sudo systemctl restart sshd
~~~

Note: issue.net needs to be set:

~~~bash
sudo nano/vim /etc/issue.net
~~~

With a text as set out below:

~~~
Warning! Authorised use only.
This server is the property of mydomain.example
~~~

Network monitoring

#^Top

title: simple port monitoring
~~~bash
sudo netstat -an
~~~

title: active port monitoring
~~~bash
sudo netstat -anp (IP/TCP/UDP)
~~~

title: simple port stats
~~~
sudo netstat -sp (IP/TCP/UDP)
~~~

File management

#^Top 

title: Summary
collapse: open
Simple commands to access files on the server.

File navigation

#^Top

title: Explore current directory
~~~bash
ls -alh
~~~

title: Change directory
~~~bash
cd (folder path)
~~~

title: Find a file
~~~bash
sudo find / -iname (filename)
~~~

Create file

#^Top

~~~bash
touch (filepath/name)
~~~

Edit file

#^Top

~~~bash
vi (filepath/name)
~~~
  1. Press 'i' for the edit mode
  2. 'Esc' key to exit edit mode
  3. Type ':wq' to save & close

Delete files & folders

#^Top

title: Delete file
~~~bash
rm (file path & name)
~~~

title: Delete folder and contents
~~~bash
rm -r (folder path)
~~~

File permissions

#^Top

Checking file permissions
title: Permissions
**For a file**: ls -l (file path & name)
**For a folder**: ls -ld (folder path)

Changing file permissions
title: Change permissions
~~~bash
chmod xxx (folder/file path)
~~~

For x:

  1. read-only: 4
  2. write: 2
  3. execute: 1
title: Change owner
~~~bash
chown (owner):(group) (folder/file path)
~~~

title: Change group
~~~bash
chgrp -R (new group) (folder/file path)
~~~

Bulk changes
title: Change file permission in a folder
~~~bash
find (folder path) -type f -exec chmod xxx {} \;
~~~

title: Change sub-folder permission in a folder
~~~bash
find (folder path) -type d -exec chmod xxx {} \;
~~~

File transfer

Instructions to use rclone for file transfers can be found Server Cloud#Cloud2Cloud.

Backing up a server

#^Top

Backup preparation

Create a directory for backup:

~~~bash
sudo mkdir /Backup
~~~

Backup creation

Best is to launch the command from the Backup folder:

~~~bash
cd /Backup
~~~

Command:

~~~bash
sudo tar -cvpzf /Backup/backup.tar.gz --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash /
~~~

Once created, the backup can be transferred using the #File transfer script.

Backup cleanup

After transfer, #Delete files folders the .tar.gz file from its folder.

Backup restoring

  1. From the server:
~~~bash
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
~~~
  1. From the Client's machine, instruct:
~~~bash
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
~~~

Or through FTP:

  1. Send backup to the root folder over FTP
  2. Copy /boot/grub/menu.lst to menu.lst.bak
  3. Restore
~~~bash
sudo tar xvpfz backup.tar.gz -C /
~~~
  1. Recreate excluded directories
~~~bash
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
~~~
  1. Replace the restored menu.lst file with the .bak created in Step 2 (dropping bak)
  2. MAC address may need to be change Check:
/etc/udev/rules.d/70-persistent-net.rules

Manage commands

#^Top

Create command aliases

To do so, just create/edit the bash_aliases file:

~~~bash
sudo nano ~/.bash_aliases
~~~

Add aliases along the below noomenclature:

~~~bash
alias <ALIAS NAME>="<BASH COMMAND>"
~~~

In order to pass arguments, one can define functions:

~~~bash
<FUNCTION NAME> () {
 <BASH COMMAND SUB. ARGS WITH '$<INDEX>'>
}
~~~

Activate Bash aliases

~~~bash
source ~/.bash_aliases
~~~

Manage programs

#^Top

Check if program is running

And how many instances:

~~~bash
sudo ps ax | grep (program)
~~~

Check what program uses a port

~~~bash
sudo netstar -lntup | grep (port#)
~~~

List all programs

~~~bash
sudo apt list --installed
~~~

Remove a package

~~~bash
sudo apt remove (package name)
~~~

For cleaner removal:

~~~bash
sudo apt purge (package name)
~~~

Documentation

title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)

title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)

title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)

#^Top