melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7fbc07353e'
${ noResults }
Obsidian/Networks/VPS Console Dialogue.md

8.5 KiB
Raw Blame History Escape

Alias Tag Date DocType Hierarchy TimeStamp location CollapseMetaTable
VPS command-line
command-line
Computer
Server
Web
Cloud
2021-08-28 Personal NonRoot
48.8570517
2.3677354
Yes

Parent:: Selfhosting, Server Alias, Server Cloud, Server Tools

name Save
type command
action Save current file
id Save

^button-VPSConsoleSave

VPS Console Dialogue

title: Summary
collapse: open
A quick note to use command-line to interact with VPS.


style: number

Connection and initialisation

title: Summary
collapse: open
Simple commands to start using a Virtual Private Server.

Connection

ssh username@IPv4

It is usual to change password: passwd

Initialisation and updates

sudo apt update sudo apt upgrade

User accounts

title: Add user
~~~
sudo adduser 'username'
~~~

title: Delete user
~~~
sudo userdel -r 'username'
~~~

title: Grant admin privileges
~~~
usermod -aG sudo 'username'
~~~

Switch between user accounts

~~~
su - (username)
~~~

Reboot

~~~
sudo reboot now
~~~

Or

~~~
sudo systemctl reboot
~~~

Change hostname

  1. Check the static hostname
~~~
sudo hostnamectl
~~~
  1. Change the hostname
~~~
sudo hostnamectl set-hostname (hostname)
~~~

Securing Server access

title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.

Server-side RSA preparation

2 simple commands to prepare the server:

~~~
mkdir -p ~/.ssh
~~~

~~~
chmod 700 ~/.ssh
~~~

Generating a RSA key pair

On Linux & MacOS clients, the process is simple:

~~~
ssh-keygen -t rsa
~~~

And follow the prompts.

You can then send the public key to the server:

~~~
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
~~~

Client's computer SSH setup

SSH Agent

In order to active SSH Agent, run:

~~~
ssh-agent $BASH
~~~

To add any key to the agent:

~~~
ssh-add ~/.ssh/(key name)
~~~

SSH script

SSH can understand scripting for ease of use. To create and edit a config file on the local machine:

~~~
touch/vim ~/.ssh/config
~~~

The declaration of a connection follows this nomenclature:

~~~
Host (scriptname) (serverIP)
    HostName (serverIP)
    IdentityFile ~/.ssh/(private key path)
    User (remoteusername)
~~~

Once set up, a connection can be called from Terminal with the following command:

~~~
ssh (scriptname)
~~~

Editing the Server's SSH config

To open the config file:

~~~
sudo (nano/vim) /etc/ssh/sshd_config
~~~

The following parameters enable to restrict access to the server:

~~~
// Enables SSH Key authentication
PubkeyAuthentication yes

// Disables password authentication (not recommended)
PasswordAuthentication no

// Disable root access (to diminish a known attack surface)
PermitRootLogin no

// Disables empty passwords
PermitEmptyPasswords no

// Set a Banner
Banner /etc/issue.net

// Manage White/Blacklists
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)

// Change connection Port
Port xxxxx
~~~

After any change of the config file, restart the SSH service:

~~~
sudo systemctl restart sshd
~~~

Note: issue.net needs to be set:

~~~
sudo nano/vim /etc/issue.net
~~~

With a text as set out below:

~~~
Warning! Authorised use only.
This server is the property of mydomain.example
~~~

Network monitoring

title: simple port monitoring
~~~
sudo netstat -an
~~~

title: acti r port monitoring
~~~
sudo netstat -anp (IP/TCP/UDP)
~~~

title: simple port stats
~~~
sudo netstat -sp (IP/TCP/UDP)
~~~

File management

title: Summary
collapse: open
Simple commands to access files on the server.

File navigation

title: Explore current directory
~~~
ls -alh
~~~

title: Change directory
~~~
cd (folder path)
~~~

title: Find a file
~~~
sudo find / -iname (filename)
~~~

Create file

~~~
touch (filepath/name)
~~~

Edit file

~~~
vi (filepath/name)
~~~
  1. Press 'i' for the edit mode
  2. 'Esc' key to exit edit mode
  3. Type ':wq' to save & close

Delete files & folders

title: Delete file
~~~
rm (file path & name)
~~~

title: Delete folder and contents
~~~
rm -r (folder path)
~~~

File permissions

Checking file permissions
title: Permissions
**For a file**: ls -l (file path & name)
**For a folder**: ls -ld (folder path)

Changing file permissions
title: Change permissions
~~~
chmod xxx (folder/file path)
~~~

For x:

  1. read-only: 4
  2. write: 2
  3. execute: 1
title: Change owner
~~~
chown (owner):(group) (folder/file path)
~~~

title: Change group
~~~
chgrp -R (new group) (folder/file path)
~~~

Bulk changes
title: Change file permission in a folder
~~~
find (folder path) -type f -exec chmod xxx {} \;
~~~

title: Change sub-folder permission in a folder
~~~
find (folder path) -type d -exec chmod xxx {} \;
~~~

File transfer

Instructions to use rclone for file transfers can be found Server Cloud#Cloud2Cloud.

Backing up a server

Backup preparation

Create a directory for backup:

~~~
sudo mkdir /Backup
~~~

Backup creation

Best is to launch the command from the Backup folder:

~~~
cd /Backup
~~~

Command:

~~~
sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /
~~~

Once created, the backup can be transferred using the #File transfer script.

Backup cleanup

After transfer, #Delete files folders the .tar.gz file from its folder.

Backup restoring

  1. From the server:
~~~
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
~~~
  1. From the Client's machine, instruct:
~~~
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
~~~

Or through FTP:

  1. Send backup to the root folder over FTP
  2. Copy /boot/grub/menu.lst to menu.lst.bak
  3. Restore
~~~
sudo tar xvpfz backup.tar.gz -C /
~~~
  1. Recreate excluded directories
~~~
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
~~~
  1. Replace the restored menu.lst file with the .bak created in Step 2 (dropping bak)
  2. MAC address may need to be change Check:
~~~
/etc/udev/rules.d/70-persistent-net.rules
~~~

Manage programs

Check if program is running

And how many instances:

~~~
sudo ps ax | grep (program)
~~~

Check what program uses a port

~~~
sudo netstar -lntup | grep (port#)
~~~

List all programs

~~~
sudo apt list --installed
~~~

Remove a package

~~~
sudo apt remove (package name)
~~~

For cleaner removal:

~~~
sudo apt purge (package name)
~~~

Documentation

title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)

title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)

title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)