You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
703 lines
8.8 KiB
703 lines
8.8 KiB
---
|
|
|
|
Alias: ["VPS command-line", "command-line"]
|
|
Tag: ["Computer", "Server", "Web", "Cloud"]
|
|
Date: 2021-08-28
|
|
DocType: "Personal"
|
|
Hierarchy: "NonRoot"
|
|
TimeStamp:
|
|
location: [48.8570517, 2.3677354]
|
|
CollapseMetaTable: Yes
|
|
|
|
---
|
|
|
|
^Top
|
|
|
|
Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]
|
|
|
|
 
|
|
|
|
```button
|
|
name Save
|
|
type command
|
|
action Save current file
|
|
id Save
|
|
```
|
|
^button-VPSConsoleSave
|
|
|
|
 
|
|
|
|
# VPS Console Dialogue
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
A quick note to use command-line to interact with VPS.
|
|
```
|
|
|
|
 
|
|
|
|
```toc
|
|
style: number
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Connection and initialisation
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
Simple commands to start using a Virtual Private Server.
|
|
```
|
|
|
|
 
|
|
|
|
#### Connection
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh username@IPv4
|
|
~~~
|
|
```
|
|
|
|
It is usual to change password:
|
|
```ad-command
|
|
~~~bash
|
|
passwd
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Initialisation and updates
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt update && sudo apt upgrade
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### User accounts
|
|
|
|
```ad-command
|
|
title: Add user
|
|
~~~bash
|
|
sudo adduser 'username'
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Delete user
|
|
~~~bash
|
|
sudo userdel -r 'username'
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Grant admin privileges
|
|
~~~bash
|
|
usermod -aG sudo 'username'
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Switch between user accounts
|
|
|
|
```ad-command
|
|
~~~bash
|
|
su - (username)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Reboot
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo reboot now
|
|
~~~
|
|
```
|
|
|
|
Or
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo systemctl reboot
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Change hostname
|
|
|
|
1. **Check the static hostname**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo hostnamectl
|
|
~~~
|
|
```
|
|
|
|
2. **Change the hostname**
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo hostnamectl set-hostname (hostname)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Securing Server access
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.
|
|
```
|
|
|
|
 
|
|
|
|
#### Server-side RSA preparation
|
|
|
|
2 simple commands to prepare the server:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
mkdir -p ~/.ssh
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
~~~bash
|
|
chmod 700 ~/.ssh
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Generating a RSA key pair
|
|
|
|
On Linux & MacOS clients, the process is simple:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh-keygen -t rsa
|
|
~~~
|
|
```
|
|
|
|
And follow the prompts.
|
|
|
|
You can then send the public key to the server:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Client's computer SSH setup
|
|
|
|
##### SSH Agent
|
|
|
|
In order to active SSH Agent, run:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh-agent $BASH
|
|
~~~
|
|
```
|
|
|
|
To add any key to the agent:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh-add ~/.ssh/(key name)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### SSH script
|
|
|
|
SSH can understand scripting for ease of use. To create and edit a config file on the local machine:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
touch/vim ~/.ssh/config
|
|
~~~
|
|
```
|
|
|
|
The declaration of a connection follows this nomenclature:
|
|
|
|
```ad-code
|
|
~~~
|
|
Host (scriptname) (serverIP)
|
|
HostName (serverIP)
|
|
IdentityFile ~/.ssh/(private key path)
|
|
User (remoteusername)
|
|
~~~
|
|
```
|
|
|
|
|
|
Once set up, a connection can be called from Terminal with the following command:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
ssh (scriptname)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Editing the Server's SSH config
|
|
|
|
To open the config file:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo (nano/vim) /etc/ssh/sshd_config
|
|
~~~
|
|
```
|
|
|
|
The following parameters enable to restrict access to the server:
|
|
|
|
```ad-code
|
|
~~~
|
|
// Enables SSH Key authentication
|
|
PubkeyAuthentication yes
|
|
|
|
// Disables password authentication (not recommended)
|
|
PasswordAuthentication no
|
|
|
|
// Disable root access (to diminish a known attack surface)
|
|
PermitRootLogin no
|
|
|
|
// Disables empty passwords
|
|
PermitEmptyPasswords no
|
|
|
|
// Set a Banner
|
|
Banner /etc/issue.net
|
|
|
|
// Manage White/Blacklists
|
|
AllowUsers (username)
|
|
AllowGroups (groupname)
|
|
DenyUsers (username)
|
|
DenyGroups (groupname)
|
|
|
|
// Change connection Port
|
|
Port xxxxx
|
|
~~~
|
|
```
|
|
|
|
After any change of the config file, restart the SSH service:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo systemctl restart sshd
|
|
~~~
|
|
```
|
|
|
|
**Note**:
|
|
issue.net needs to be set:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo nano/vim /etc/issue.net
|
|
~~~
|
|
```
|
|
|
|
With a text as set out below:
|
|
|
|
```ad-code
|
|
~~~
|
|
Warning! Authorised use only.
|
|
This server is the property of mydomain.example
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Network monitoring
|
|
|
|
```ad-command
|
|
title: simple port monitoring
|
|
~~~bash
|
|
sudo netstat -an
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: active port monitoring
|
|
~~~bash
|
|
sudo netstat -anp (IP/TCP/UDP)
|
|
~~~
|
|
```
|
|
|
|
```ad-info
|
|
title: simple port stats
|
|
~~~
|
|
sudo netstat -sp (IP/TCP/UDP)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### File management
|
|
|
|
 
|
|
|
|
```ad-abstract
|
|
title: Summary
|
|
collapse: open
|
|
Simple commands to access files on the server.
|
|
```
|
|
|
|
 
|
|
|
|
#### File navigation
|
|
|
|
```ad-command
|
|
title: Explore current directory
|
|
~~~bash
|
|
ls -alh
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Change directory
|
|
~~~bash
|
|
cd (folder path)
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Find a file
|
|
~~~bash
|
|
sudo find / -iname (filename)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Create file
|
|
|
|
```ad-command
|
|
~~~bash
|
|
touch (filepath/name)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Edit file
|
|
|
|
```ad-command
|
|
~~~bash
|
|
vi (filepath/name)
|
|
~~~
|
|
```
|
|
|
|
1. Press 'i' for the edit mode
|
|
2. 'Esc' key to exit edit mode
|
|
3. Type ':wq' to save & close
|
|
|
|
 
|
|
|
|
#### Delete files & folders
|
|
|
|
```ad-command
|
|
title: Delete file
|
|
~~~bash
|
|
rm (file path & name)
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Delete folder and contents
|
|
~~~bash
|
|
rm -r (folder path)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### File permissions
|
|
|
|
##### Checking file permissions
|
|
|
|
```ad-command
|
|
title: Permissions
|
|
**For a file**: ls -l (file path & name)
|
|
**For a folder**: ls -ld (folder path)
|
|
```
|
|
|
|
 
|
|
|
|
##### Changing file permissions
|
|
|
|
```ad-command
|
|
title: Change permissions
|
|
~~~bash
|
|
chmod xxx (folder/file path)
|
|
~~~
|
|
```
|
|
|
|
For x:
|
|
1. read-only: 4
|
|
2. write: 2
|
|
3. execute: 1
|
|
|
|
```ad-command
|
|
title: Change owner
|
|
~~~bash
|
|
chown (owner):(group) (folder/file path)
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Change group
|
|
~~~bash
|
|
chgrp -R (new group) (folder/file path)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
##### Bulk changes
|
|
|
|
```ad-command
|
|
title: Change file permission in a folder
|
|
~~~bash
|
|
find (folder path) -type f -exec chmod xxx {} \;
|
|
~~~
|
|
```
|
|
|
|
```ad-command
|
|
title: Change sub-folder permission in a folder
|
|
~~~bash
|
|
find (folder path) -type d -exec chmod xxx {} \;
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### File transfer
|
|
|
|
Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2Cloud|here]].
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Backing up a server
|
|
|
|
 
|
|
|
|
#### Backup preparation
|
|
|
|
Create a directory for backup:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo mkdir /Backup
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Backup creation
|
|
|
|
Best is to launch the command from the Backup folder:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
cd /Backup
|
|
~~~
|
|
```
|
|
|
|
Command:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo tar -cvpzf /Backup --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash /
|
|
~~~
|
|
```
|
|
|
|
Once created, the backup can be transferred using the [[#File transfer]] script.
|
|
|
|
 
|
|
|
|
#### Backup cleanup
|
|
|
|
After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.
|
|
|
|
 
|
|
|
|
#### Backup restoring
|
|
|
|
1. From the server:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
|
|
~~~
|
|
```
|
|
|
|
2. From the Client's machine, instruct:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
Or through **FTP**:
|
|
|
|
1. Send backup to the root folder over FTP
|
|
2. Copy /boot/grub/menu.lst to menu.lst.bak
|
|
3. Restore
|
|
```ad-command
|
|
~~~bash
|
|
sudo tar xvpfz backup.tar.gz -C /
|
|
~~~
|
|
```
|
|
4. Recreate excluded directories
|
|
```ad-command
|
|
~~~bash
|
|
mkdir proc
|
|
Mkdir lost+found
|
|
mkdir mnt
|
|
mkdir sys
|
|
...
|
|
~~~
|
|
```
|
|
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
|
|
6. MAC address may need to be change
|
|
Check:
|
|
|
|
```ad-path
|
|
~~~
|
|
/etc/udev/rules.d/70-persistent-net.rules
|
|
~~~
|
|
```
|
|
|
|
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Manage programs
|
|
|
|
 
|
|
|
|
#### Check if program is running
|
|
|
|
And how many instances:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo ps ax | grep (program)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Check what program uses a port
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo netstar -lntup | grep (port#)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### List all programs
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt list --installed
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
#### Remove a package
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt remove (package name)
|
|
~~~
|
|
```
|
|
|
|
For cleaner removal:
|
|
|
|
```ad-command
|
|
~~~bash
|
|
sudo apt purge (package name)
|
|
~~~
|
|
```
|
|
|
|
 
|
|
|
|
---
|
|
|
|
 
|
|
|
|
### Documentation
|
|
|
|
 
|
|
|
|
```ad-example
|
|
title: OSXdaily
|
|
[SSH generic](https://osxdaily.com/tag/ssh/)
|
|
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
|
|
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)
|
|
```
|
|
|
|
```ad-tip
|
|
title: Mediatemple
|
|
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)
|
|
```
|
|
|
|
```ad-tip
|
|
title: Scripting OSX
|
|
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)
|
|
```
|
|
|
|
 
|
|
 
|
|
[[#^Top|TOP]] |