melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aca6c98b9f'
${ noResults }
Obsidian/Networks/VPS Console Dialogue.md

530 lines
7.7 KiB
Raw Blame History

---
Alias: ["VPS command-line", "command-line"]
Tag: ["Computer", "Server", "Web", "Cloud"]
Date: 2021-08-28
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [48.8570517, 2.3677354]
CollapseMetaTable: Yes
---
Parent:: [[Selfhosting]], [[Alias Server]], [[Cloud Server]], [[Tools Server]]
 
```button
name Save
type command
action Save current file
id Save
```
^button-VPSConsoleSave
 
# VPS Console Dialogue
 
```ad-abstract
title: Summary
collapse: open
A quick note to use command-line to interact with VPS.
```
 
```toc
style: number
```
 
---
 
### Connection and initialisation
 
```ad-abstract
title: Summary
collapse: open
Simple commands to start using a Virtual Private Server.
```
 
#### Connection
`ssh username@IPv4`
It is usual to change password:
`passwd`
 
#### Initialisation and updates
`sudo apt update`
`sudo apt upgrade`
 
#### User accounts
```ad-info
title: Add user
~~~
sudo adduser 'username'
~~~
```
```ad-info
title: Delete user
~~~
sudo userdel -r 'username'
~~~
```
```ad-info
title: Grant admin privileges
~~~
usermod -aG sudo 'username'
~~~
```
 
#### Switch between user accounts
`su - (username)`
 
#### Reboot
`Sudo reboot now`
Or
`sudo systemctl reboot`
 
#### Change hostname
1. **Check the static hostname**
`sudo hostnamectl`
2. **Change the hostname**
`sudo hostnamectl set-hostname (hostname)`
 
---
 
### Securing Server access
 
```ad-abstract
title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.
```
 
#### Server-side RSA preparation
2 simple commands to prepare the server:
`mkdir -p ~/.ssh`
`chmod 700 ~/.ssh`
 
#### Generating a RSA key pair
On Linux & MacOS clients, the process is simple:
`ssh-keygen -t rsa`
And follow the prompts.
You can then send the public key to the server:
`ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)`
 
#### Client's computer SSH setup
##### SSH Agent
In order to active SSH Agent, run:
`ssh-agent $BASH`
To add any key to the agent:
`ssh-add ~/.ssh/(key name)`
 
##### SSH script
SSH can understand scripting for ease of use. To create and edit a config file on the local machine:
`touch/vim ~/.ssh/config`
The declaration of a connection follows this nomenclature:
>Host (scriptname) (serverIP)
> HostName (serverIP)
> IdentityFile ~/.ssh/(private key path)
> User (remoteusername)
Once set up, a connection can be called from Terminal with the following command:
`ssh (scriptname)`
 
#### Editing the Server's SSH config
To open the config file:
`sudo (nano/vim) /etc/ssh/sshd_config`
The following parameters enable to restrict access to the server:
> // **Enables SSH Key authentication**
PubkeyAuthentication yes
>
> // **Disables password authentication (not recommended)**
PasswordAuthentication no
>
> // **Disable root access (to diminish a known attack surface)**
PermitRootLogin no
>
> // **Disables empty passwords**
PermitEmptyPasswords no
>
> // **Set a Banner**
Banner /etc/issue.net
>
> // **Manage White/Blacklists**
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)
>
> // **Change connection Port**
Port xxxxx
After any change of the config file, restart the SSH service:
`sudo systemctl restart sshd`
**Note**:
issue.net needs to be set:
`sudo nano/vim /etc/issue.net`
With a text as set out below:
> Warning! Authorised use only.
> This server is the property of mydomain.example
 
#### Network monitoring
```ad-info
title: simple port monitoring
`sudo netstat -an`
```
```ad-info
title: acti r port monitoring
`sudo netstat -anp (IP/TCP/UDP)`
```
```ad-info
title: simple port stats
`sudo netstat -sp (IP/TCP/UDP)`
```
 
---
 
### File management
 
```ad-abstract
title: Summary
collapse: open
Simple commands to access files on the server.
```
 
#### File navigation
```ad-note
title: Explore current directory
`ls -alh`
```
```ad-note
title: Change directory
`cd (folder path)`
```
```ad-note
title: Find a file
`sudo find / -iname (filename)`
```
 
#### Create file
`touch (filepath/name)`
 
#### Edit file
`vi (filepath/name)`
1. Press 'i' for the edit mode
2. 'Esc' key to exit edit mode
3. Type ':wq' to save & close
 
#### Delete files & folders
```ad-note
title: Delete file
`rm (file path & name)`
```
```ad-note
title: Delete folder and contents
`rm -r (folder path)`
```
 
#### File permissions
##### Checking file permissions
```ad-note
title: Permissions
For a file: `ls -l (file path & name)`
For a folder: `ls -ld (folder path)`
```
 
##### Changing file permissions
```ad-note
title: Change permissions
`chmod xxx (folder/file path)`
```
For x:
1. read-only: 4
2. write: 2
3. execute: 1
```ad-note
title: Change owner
`chown (owner):(group) (folder/file path)`
```
```ad-note
title: Change group
`chgrp -R (new group) (folder/file path)`
```
 
##### Bulk changes
```ad-note
title: Change file permission in a folder
`find (folder path) -type f -exec chmod xxx {} \;`
```
```ad-note
title: Change sub-folder permission in a folder
`find (folder path) -type d -exec chmod xxx {} \;`
```
 
#### File transfer
Instructions to use rclone for file transfers can be found [[Cloud Server#Cloud2Cloud|here]].
 
---
 
### Backing up a server
 
#### Backup preparation
Create a directory for backup:
`sudo mkdir /Backup`
 
#### Backup creation
Best is to launch the command from the Backup folder:
`cd /Backup`
Command:
`sudo tar -cvpfz /Backup/backup.tar.gz --exlude=/Backup/backup.tar.gz --exlude=/proc --exlude=/tmp --exlude=/mnt --exlude=/dev --exlude=/sys --exlude=/run --exlude=/var/cache/apt/archives --exlude=/usr/src/linux-headers* --exlude=/home/*/.gvfs --exlude=/home/*/.local/share/Trash /`
Once created, the backup can be transferred using the [[#File transfer]] script.
 
#### Backup cleanup
After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.
 
#### Backup restoring
1. From the server:
`sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup`
2. From the Client's machine, instruct:
`cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024`
 
Or through **FTP**:
1. Send backup to the root folder over FTP
2. Copy /boot/grub/menu.lst to menu.lst.bak
3. Restore
`sudo tar xvpfz backup.tar.gz -C /`
4. Recreate excluded directories
```
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
```
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
6. MAC address may need to be change
Check `/etc/udev/rules.d/70-persistent-net.rules`
 
---
 
### Manage programs
 
#### Check if program is running
And how many instances:
`sudo ps ax | grep (program)`
 
#### Check what program uses a port
`sudo netstar -lntup | grep (port#)`
 
#### List all programs
`sudo apt list --installed`
 
#### Remove a package
`sudo apt remove (package name)`
For cleaner removal:
`sudo apt purge (package name)`
 
---
 
### Documentation
 
```ad-example
title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)
```
```ad-tip
title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)
```
```ad-tip
title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)
```
 
 
Reference in new issue View Git Blame Copy Permalink