You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

703 lines
9.1 KiB

---
Alias: ["VPS command-line", "command-line"]
Tag: ["Computer", "Server", "Web", "Cloud"]
Date: 2021-08-28
DocType: "Personal"
Hierarchy: "NonRoot"
TimeStamp:
location: [48.8570517, 2.3677354]
CollapseMetaTable: Yes
---
^Top
Parent:: [[Selfhosting]], [[Server Alias]], [[Server Cloud]], [[Server Tools]], [[Server VPN]]
 
```button
name Save
type command
action Save current file
id Save
```
^button-VPSConsoleSave
 
# VPS Console Dialogue
 
```ad-abstract
title: Summary
collapse: open
A quick note to use command-line to interact with VPS.
```
 
```toc
style: number
```
 
---
 
### Connection and initialisation
 
```ad-abstract
title: Summary
collapse: open
Simple commands to start using a Virtual Private Server.
```
 
#### Connection
```ad-command
~~~bash
ssh username@IPv4
~~~
```
It is usual to change password:
```ad-command
~~~bash
passwd
~~~
```
 
#### Initialisation and updates
```ad-command
~~~bash
sudo apt update && sudo apt upgrade
~~~
```
 
#### User accounts
[[#^Top|TOP]]
```ad-command
title: Add user
~~~bash
sudo adduser 'username'
~~~
```
```ad-command
title: Delete user
~~~bash
sudo userdel -r 'username'
~~~
```
```ad-command
title: Grant admin privileges
~~~bash
usermod -aG sudo 'username'
~~~
```
 
#### Switch between user accounts
[[#^Top|TOP]]
```ad-command
~~~bash
su - (username)
~~~
```
 
#### Reboot
[[#^Top|TOP]]
```ad-command
~~~bash
sudo reboot now
~~~
```
Or
```ad-command
~~~bash
sudo systemctl reboot
~~~
```
 
#### Change hostname
[[#^Top|TOP]]
1. **Check the static hostname**
```ad-command
~~~bash
sudo hostnamectl
~~~
```
2. **Change the hostname**
```ad-command
~~~bash
sudo hostnamectl set-hostname (hostname)
~~~
```
 
---
 
### Securing Server access
[[#^Top|TOP]]
 
```ad-abstract
title: Summary
collapse: open
This section gives an overview of how to switch signing-in to a machine without having to go through typing passwords and limiting surface of brute-force attacks.
```
 
#### Server-side RSA preparation
[[#^Top|TOP]]
2 simple commands to prepare the server:
```ad-command
~~~bash
mkdir -p ~/.ssh
~~~
```
```ad-command
~~~bash
chmod 700 ~/.ssh
~~~
```
 
#### Generating a RSA key pair
[[#^Top|TOP]]
On Linux & MacOS clients, the process is simple:
```ad-command
~~~bash
ssh-keygen -t rsa
~~~
```
And follow the prompts.
You can then send the public key to the server:
```ad-command
~~~bash
ssh-copy-id -i ~/.ssh/(key name).pub (user)@(server)
~~~
```
 
#### Client's computer SSH setup
[[#^Top|TOP]]
##### SSH Agent
In order to active SSH Agent, run:
```ad-command
~~~bash
ssh-agent $BASH
~~~
```
To add any key to the agent:
```ad-command
~~~bash
ssh-add ~/.ssh/(key name)
~~~
```
 
##### SSH script
SSH can understand scripting for ease of use. To create and edit a config file on the local machine:
```ad-command
~~~bash
touch/vim ~/.ssh/config
~~~
```
The declaration of a connection follows this nomenclature:
```ad-code
~~~bash
Host (scriptname) (serverIP)
HostName (serverIP)
IdentityFile ~/.ssh/(private key path)
User (remoteusername)
~~~
```
Once set up, a connection can be called from Terminal with the following command:
```ad-command
~~~bash
ssh (scriptname)
~~~
```
 
#### Editing the Server's SSH config
[[#^Top|TOP]]
To open the config file:
```ad-command
~~~bash
sudo (nano/vim) /etc/ssh/sshd_config
~~~
```
The following parameters enable to restrict access to the server:
```ad-code
~~~javascript
// Enables SSH Key authentication
PubkeyAuthentication yes
// Disables password authentication (not recommended)
PasswordAuthentication no
// Disable root access (to diminish a known attack surface)
PermitRootLogin no
// Disables empty passwords
PermitEmptyPasswords no
// Set a Banner
Banner /etc/issue.net
// Manage White/Blacklists
AllowUsers (username)
AllowGroups (groupname)
DenyUsers (username)
DenyGroups (groupname)
// Change connection Port
Port xxxxx
~~~
```
After any change of the config file, restart the SSH service:
```ad-command
~~~bash
sudo systemctl restart sshd
~~~
```
**Note**:
issue.net needs to be set:
```ad-command
~~~bash
sudo nano/vim /etc/issue.net
~~~
```
With a text as set out below:
```ad-code
~~~
Warning! Authorised use only.
This server is the property of mydomain.example
~~~
```
 
#### Network monitoring
[[#^Top|TOP]]
```ad-command
title: simple port monitoring
~~~bash
sudo netstat -an
~~~
```
```ad-command
title: active port monitoring
~~~bash
sudo netstat -anp (IP/TCP/UDP)
~~~
```
```ad-info
title: simple port stats
~~~
sudo netstat -sp (IP/TCP/UDP)
~~~
```
 
---
 
### File management
[[#^Top|TOP]]
 
```ad-abstract
title: Summary
collapse: open
Simple commands to access files on the server.
```
 
#### File navigation
[[#^Top|TOP]]
```ad-command
title: Explore current directory
~~~bash
ls -alh
~~~
```
```ad-command
title: Change directory
~~~bash
cd (folder path)
~~~
```
```ad-command
title: Find a file
~~~bash
sudo find / -iname (filename)
~~~
```
 
#### Create file
[[#^Top|TOP]]
```ad-command
~~~bash
touch (filepath/name)
~~~
```
 
#### Edit file
[[#^Top|TOP]]
```ad-command
~~~bash
vi (filepath/name)
~~~
```
1. Press 'i' for the edit mode
2. 'Esc' key to exit edit mode
3. Type ':wq' to save & close
 
#### Delete files & folders
[[#^Top|TOP]]
```ad-command
title: Delete file
~~~bash
rm (file path & name)
~~~
```
```ad-command
title: Delete folder and contents
~~~bash
rm -r (folder path)
~~~
```
 
#### File permissions
[[#^Top|TOP]]
##### Checking file permissions
```ad-command
title: Permissions
**For a file**: ls -l (file path & name)
**For a folder**: ls -ld (folder path)
```
 
##### Changing file permissions
```ad-command
title: Change permissions
~~~bash
chmod xxx (folder/file path)
~~~
```
For x:
1. read-only: 4
2. write: 2
3. execute: 1
```ad-command
title: Change owner
~~~bash
chown (owner):(group) (folder/file path)
~~~
```
```ad-command
title: Change group
~~~bash
chgrp -R (new group) (folder/file path)
~~~
```
 
##### Bulk changes
```ad-command
title: Change file permission in a folder
~~~bash
find (folder path) -type f -exec chmod xxx {} \;
~~~
```
```ad-command
title: Change sub-folder permission in a folder
~~~bash
find (folder path) -type d -exec chmod xxx {} \;
~~~
```
 
#### File transfer
Instructions to use rclone for file transfers can be found [[Server Cloud#Cloud2Cloud|here]].
 
---
 
### Backing up a server
[[#^Top|TOP]]
 
#### Backup preparation
Create a directory for backup:
```ad-command
~~~bash
sudo mkdir /Backup
~~~
```
 
#### Backup creation
Best is to launch the command from the Backup folder:
```ad-command
~~~bash
cd /Backup
~~~
```
Command:
```ad-command
~~~bash
sudo tar -cvpzf /Backup/backup.tar.gz --exclude=/Backup/backup.tar.gz --exclude=/proc --exclude=/tmp --exclude=/mnt --exclude=/dev --exclude=/sys --exclude=/run --exclude=/var/cache/apt/archives --exclude=/usr/src/linux-headers* --exclude=/home/*/.gvfs --exclude=/home/*/.local/share/Trash /
~~~
```
Once created, the backup can be transferred using the [[#File transfer]] script.
 
#### Backup cleanup
After transfer, [[#Delete files folders|delete]] the .tar.gz file from its folder.
 
#### Backup restoring
1. From the server:
```ad-command
~~~bash
sudo nc -l 1024 | sudo tar -xvpzf - -C /media/backup
~~~
```
2. From the Client's machine, instruct:
```ad-command
~~~bash
cat (backup path & name.tar.gz) | nc -q 0 (hostname) 1024
~~~
```
 
Or through **FTP**:
1. Send backup to the root folder over FTP
2. Copy /boot/grub/menu.lst to menu.lst.bak
3. Restore
```ad-command
~~~bash
sudo tar xvpfz backup.tar.gz -C /
~~~
```
4. Recreate excluded directories
```ad-command
~~~bash
mkdir proc
Mkdir lost+found
mkdir mnt
mkdir sys
...
~~~
```
5. Replace the restored *menu.lst* file with the *.bak* created in Step 2 (dropping bak)
6. MAC address may need to be change
Check:
```ad-path
/etc/udev/rules.d/70-persistent-net.rules
```
 
---
 
### Manage programs
[[#^Top|TOP]]
 
#### Check if program is running
And how many instances:
```ad-command
~~~bash
sudo ps ax | grep (program)
~~~
```
 
#### Check what program uses a port
```ad-command
~~~bash
sudo netstar -lntup | grep (port#)
~~~
```
 
#### List all programs
```ad-command
~~~bash
sudo apt list --installed
~~~
```
 
#### Remove a package
```ad-command
~~~bash
sudo apt remove (package name)
~~~
```
For cleaner removal:
```ad-command
~~~bash
sudo apt purge (package name)
~~~
```
 
---
 
### Documentation
 
```ad-example
title: OSXdaily
[SSH generic](https://osxdaily.com/tag/ssh/)
[All SSH commands](https://osxdaily.com/2017/02/06/list-all-terminal-commands-mac/)
[Log off user](https://osxdaily.com/2019/04/03/log-off-ssh-user/)
```
```ad-tip
title: Mediatemple
[Common SSH commands](https://mediatemple.net/community/products/dv/204643550/common-ssh-commands)
```
```ad-tip
title: Scripting OSX
[Intro to SSH for Mac admins](https://scriptingosx.com/2017/07/quick-introduction-to-ssh-for-mac-admins/)
```
[[#^Top|TOP]]