Adds linux basic command notes & ssh_server.md
This commit is contained in:
parent
caa8637926
commit
43ec9604c6
|
@ -1,39 +1,215 @@
|
||||||
# Theory
|
# Theory
|
||||||
|
|
||||||
## Absolute path
|
## Absolute Path vs Relative Path in Linux/Unix
|
||||||
cd /etc
|
One of this blog follower asked us that whatâs the difference between absolute and relative path?
|
||||||
## relative path
|
|
||||||
../../../etc
|
To understand this we have to know what is a path in Linux.
|
||||||
|
### What is a path?
|
||||||
|
|
||||||
|
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters.
|
||||||
|
What is an absolute path?
|
||||||
|
|
||||||
|
An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory.
|
||||||
|
### Some examples of absolute path:
|
||||||
|
```bash
|
||||||
|
/var/ftp/pub
|
||||||
|
/etc/samba.smb.conf
|
||||||
|
/boot/grub/grub.conf
|
||||||
|
```
|
||||||
|
If you see all these paths started from / directory which is a root directory for every Linux/Unix machines.
|
||||||
|
### What is the relative path?
|
||||||
|
|
||||||
|
Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel
|
||||||
|
|
||||||
|
changing directory to /var/log/kernel by using relative path concept.
|
||||||
|
|
||||||
|
> $ pwd/var/logcd kernel
|
||||||
|
|
||||||
|
Note: If you observe there is no / before kernel which indicates itâs a relative directory to present working directory.
|
||||||
|
|
||||||
|
Changing directory to /var/log/kernel using absolute path concept.
|
||||||
|
|
||||||
|
> $ cd /var/log/kernel
|
||||||
|
|
||||||
|
Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory.
|
||||||
|
|
||||||
|
Examples of relative path and absolute path for the same operation.
|
||||||
|
|
||||||
# Basic Linux Command
|
# Basic Linux Command
|
||||||
|
|
||||||
list current directory
|
## help
|
||||||
> $ ls -l -a -r -t -h --help
|
- Man: an interface to the on-line reference manuals
|
||||||
ls = program
|
|
||||||
-l -a = parameters
|
|
||||||
|
|
||||||
Man for manual
|
|
||||||
> $ man ls
|
> $ man ls
|
||||||
|
|
||||||
print working directory
|
# Wildcard
|
||||||
|
* Show all picture (multiple char)
|
||||||
|
> $ ls pic*
|
||||||
|
? show only picture between 50 and 59 (only one char)
|
||||||
|
> $ ls pic5?.jpg
|
||||||
|
[] show only if char in [p-P]
|
||||||
|
> $ ls [pP]ic*
|
||||||
|
|
||||||
|
# Files and directory
|
||||||
|
|
||||||
|
- ls: list directory contents
|
||||||
|
> $ ls
|
||||||
|
|
||||||
|
> args = -l -a -r -t -h --help
|
||||||
|
|
||||||
|
|
||||||
|
- Pwd: output the current working directory
|
||||||
> $ pwd
|
> $ pwd
|
||||||
|
|
||||||
change directory
|
- Change directory
|
||||||
> $ cd
|
> $ cd
|
||||||
back to precedent forlder
|
back to previous folder
|
||||||
> $ cd -
|
> $ cd -
|
||||||
|
|
||||||
Make directory
|
- Make directory
|
||||||
> $ mkdir test1 test2 test3
|
> $ mkdir test1 test2 test3
|
||||||
|
|
||||||
> $ mkdir -p lol/lol/lol
|
> $ mkdir -p lol/lol/lol
|
||||||
-p to create parent directory if needed
|
-p to create parent directory if needed
|
||||||
|
|
||||||
Searching the PATH for executable files matching the names of the arguments
|
- Remove directory
|
||||||
|
|
||||||
|
> rmdir filename
|
||||||
|
|
||||||
|
> rm -rf file name
|
||||||
|
|
||||||
|
- Move directory (can be used to rename a file)
|
||||||
|
> mv file /opt/movedfile
|
||||||
|
|
||||||
|
- Copy file or directory
|
||||||
|
> $ cp file /opt/newcopiedfile
|
||||||
|
|
||||||
|
- Touch - change file timestamps but it can also create files
|
||||||
|
> $ touch nomdefichier.md
|
||||||
|
> $ touch pic{00..99}.jpeg # does not work
|
||||||
|
|
||||||
|
- Which: Searching the PATH for executable files matching the names of the arguments
|
||||||
> $ which ls
|
> $ which ls
|
||||||
|
|
||||||
Interactive processes viewer
|
- File: file — determine file type
|
||||||
|
> $ file myfile
|
||||||
|
|
||||||
|
## file viewer
|
||||||
|
- More: file perusal filter for crt viewing
|
||||||
|
|
||||||
|
> $ more filename
|
||||||
|
|
||||||
|
- Less: opposite of more but Less is more ;)
|
||||||
|
|
||||||
|
> $ less filename
|
||||||
|
|
||||||
|
- Cat: concatenate files and print on the standard output
|
||||||
|
|
||||||
|
> $ cat filename
|
||||||
|
## Users and privileges
|
||||||
|
|
||||||
|
adduser, addgroup - add a user or group to the system
|
||||||
|
> sudo adduser steve
|
||||||
|
|
||||||
|
```bash
|
||||||
|
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser steve
|
||||||
|
[sudo] password for r4v3n:
|
||||||
|
Sorry, try again.
|
||||||
|
[sudo] password for r4v3n:
|
||||||
|
Adding user `steve' ...
|
||||||
|
Adding new group `steve' (1002) ...
|
||||||
|
Adding new user `steve' (1002) with group `steve' ...
|
||||||
|
Creating home directory `/home/steve' ...
|
||||||
|
Copying files from `/etc/skel' ...
|
||||||
|
New password:
|
||||||
|
Retype new password:
|
||||||
|
passwd: password updated successfully
|
||||||
|
Changing the user information for steve
|
||||||
|
Enter the new value, or press ENTER for the default
|
||||||
|
Full Name []:
|
||||||
|
Room Number []:
|
||||||
|
Work Phone []:
|
||||||
|
Home Phone []:
|
||||||
|
Other []:
|
||||||
|
Is the information correct? [Y/n] y
|
||||||
|
|
||||||
|
````
|
||||||
|
|
||||||
|
user skeleton: skeleton files used for new user configuration
|
||||||
|
> $ ls /etc/skel/
|
||||||
|
|
||||||
|
```bash
|
||||||
|
─r4v3n at d3bi4n in /etc/skel
|
||||||
|
╰─» ls -a 0 (0.002s) < 05:21:24
|
||||||
|
./ ../ .bash_logout .bashrc .profile
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
- Change user
|
||||||
|
> $ su - marie
|
||||||
|
|
||||||
|
### Permissions
|
||||||
|
|
||||||
|
- Chmod: change file mode bits
|
||||||
|
|
||||||
|
A combination of the letters **ugoa** controls which users' access to the file will be changed:
|
||||||
|
- the user who owns it (u),
|
||||||
|
- other users in the file's group (g),
|
||||||
|
- other users not in the file's group (o),
|
||||||
|
- or all users (a).
|
||||||
|
|
||||||
|
If none of these are given, the effect is as if (a) were given, but bits that are set in the umask are not affected.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
marie@d3bi4n:~$ ls -l
|
||||||
|
total 4
|
||||||
|
-rw-r--r-- 1 marie marie 12 Apr 7 05:44 test
|
||||||
|
```
|
||||||
|
|
||||||
|
> $ chmod o-r mysecret
|
||||||
|
|
||||||
|
> -rw-r--**-**-- 1 marie marie 12 Apr 7 05:44 test
|
||||||
|
|
||||||
|
> $ chmod o+**rw** myscret
|
||||||
|
|
||||||
|
> -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test
|
||||||
|
|
||||||
|
###groups
|
||||||
|
|
||||||
|
Groups: print the groups a user is in
|
||||||
|
> $ groups
|
||||||
|
|
||||||
|
Adds user marie into steve group
|
||||||
|
> $ adduser marie steve
|
||||||
|
|
||||||
|
```bash
|
||||||
|
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser marie steve
|
||||||
|
Adding user `marie' to group `steve' ...
|
||||||
|
Adding user marie to group steve
|
||||||
|
Done.
|
||||||
|
|
||||||
|
marie@d3bi4n:~$ groups
|
||||||
|
marie steve
|
||||||
|
```
|
||||||
|
|
||||||
|
## Sysadmin tools
|
||||||
|
|
||||||
|
- Htop: Interactive processes viewer
|
||||||
> $ htop
|
> $ htop
|
||||||
|
|
||||||
|
## text editor
|
||||||
|
- Nano: Nano's ANOther editor, an enhanced free Pico clone
|
||||||
|
(simple text editor for noobies)
|
||||||
|
|
||||||
|
> $ nano
|
||||||
|
|
||||||
|
> $ nano filename
|
||||||
|
|
||||||
|
- VIM: vim - Vi IMproved, a programmer's text editor (PGM)
|
||||||
|
|
||||||
|
> $ vim
|
||||||
|
|
||||||
|
> $ vim filename
|
||||||
|
|
||||||
# APT
|
# APT
|
||||||
> $ apt install
|
> $ apt install
|
||||||
> $ apt remove
|
> $ apt remove
|
||||||
|
|
|
@ -0,0 +1,249 @@
|
||||||
|
# How To Install and Enable SSH Server on Debian 10
|
||||||
|
|
||||||
|
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
|
||||||
|
|
||||||
|
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
|
||||||
|
|
||||||
|
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
|
||||||
|
|
||||||
|
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
|
||||||
|
|
||||||
|
# Prerequisites
|
||||||
|
|
||||||
|
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
|
||||||
|
|
||||||
|
To check whether you have sudo privileges or not, run the following command
|
||||||
|
|
||||||
|
> $ sudo -l
|
||||||
|
|
||||||
|
By default, the ssh utility should be installed on your host, even on minimal configurations.
|
||||||
|
|
||||||
|
In order to check the version of your SSH utility, you can run the following command
|
||||||
|
|
||||||
|
> $ ssh -V
|
||||||
|
|
||||||
|
# Installing OpenSSH Server on Debian 10
|
||||||
|
|
||||||
|
First of all, make sure that your packages are up to date by running an update command
|
||||||
|
|
||||||
|
> $ sudo apt-get update
|
||||||
|
|
||||||
|
In order to install a SSH server on Debian 10, run the following command
|
||||||
|
|
||||||
|
> $ sudo apt-get install openssh-server
|
||||||
|
|
||||||
|
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
|
||||||
|
|
||||||
|
If the installation was successful, you should now have a sshd service installed on your host.
|
||||||
|
|
||||||
|
To check your newly installed service, run the following command
|
||||||
|
|
||||||
|
> $ sudo systemctl status sshd
|
||||||
|
|
||||||
|
By default, your SSH server is going to run on port 22.
|
||||||
|
|
||||||
|
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
|
||||||
|
|
||||||
|
> $ netstat -tulpn | grep 22
|
||||||
|
|
||||||
|
Great! Your SSH server is now up and running on your Debian 10 host.
|
||||||
|
Enabling SSH traffic on your firewall settings
|
||||||
|
|
||||||
|
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
|
||||||
|
|
||||||
|
To enable SSH connections on your host, run the following command
|
||||||
|
|
||||||
|
$ sudo ufw allow ssh
|
||||||
|
|
||||||
|
Enabling SSH connections with UFW on Debian 10
|
||||||
|
Enable SSH server on system boot
|
||||||
|
|
||||||
|
As you probably saw, your SSH server is now running as a service on your host.
|
||||||
|
|
||||||
|
It is also very likely that it is instructed to start at boot time.
|
||||||
|
|
||||||
|
To check whether your service is enable or not, you can run the following command
|
||||||
|
|
||||||
|
$ sudo systemctl list-unit-files | grep enabled | grep ssh
|
||||||
|
|
||||||
|
If no results are shown on your terminal, enable the service and run the command again
|
||||||
|
|
||||||
|
$ sudo systemctl enable ssh
|
||||||
|
|
||||||
|
Enabling the SSH server on boot on Debian 10
|
||||||
|
Configuring your SSH server on Debian
|
||||||
|
|
||||||
|
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
|
||||||
|
|
||||||
|
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
|
||||||
|
|
||||||
|
By default, your SSH configuration files are located at /etc/ssh/
|
||||||
|
Listing SSH configuration files in etc
|
||||||
|
|
||||||
|
In this directory, you are going to find many different configuration files, but the most important ones are :
|
||||||
|
|
||||||
|
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
|
||||||
|
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
|
||||||
|
|
||||||
|
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
|
||||||
|
Changing SSH default port
|
||||||
|
|
||||||
|
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
|
||||||
|
|
||||||
|
Edit your sshd_config configuration file and look for the following line.
|
||||||
|
|
||||||
|
#Port 22
|
||||||
|
|
||||||
|
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
|
||||||
|
Changing the default SSH port
|
||||||
|
|
||||||
|
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
|
||||||
|
|
||||||
|
Please refer to the ‘Connecting to your SSH server’ section for further information.
|
||||||
|
Disabling Root Login on your SSH server
|
||||||
|
|
||||||
|
By default, root login is available on your SSH server.
|
||||||
|
|
||||||
|
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
|
||||||
|
|
||||||
|
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
|
||||||
|
|
||||||
|
To disable root login on your SSH server, modify the following line
|
||||||
|
|
||||||
|
#PermitRootLogin
|
||||||
|
|
||||||
|
PermitRootLogin no
|
||||||
|
|
||||||
|
Disabling root login for SSH on Debian
|
||||||
|
Configuring key-based SSH authentication
|
||||||
|
|
||||||
|
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
|
||||||
|
|
||||||
|
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
|
||||||
|
Restarting your SSH server to apply changes
|
||||||
|
|
||||||
|
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
|
||||||
|
|
||||||
|
$ sudo systemctl restart sshd
|
||||||
|
$ sudo systemctl status sshd
|
||||||
|
|
||||||
|
SSH server status from systemd
|
||||||
|
|
||||||
|
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
|
||||||
|
|
||||||
|
$ netstat -tulpn | grep 2222
|
||||||
|
|
||||||
|
Checking SSH port on Linux using netstat
|
||||||
|
Connecting to your SSH server
|
||||||
|
|
||||||
|
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
|
||||||
|
|
||||||
|
$ ssh -p <port> <username>@<ip_address>
|
||||||
|
|
||||||
|
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
|
||||||
|
|
||||||
|
$ sudo ifconfig
|
||||||
|
|
||||||
|
Checking local IP using ifconfig
|
||||||
|
|
||||||
|
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
|
||||||
|
|
||||||
|
$ ssh -p 2222 <user>@127.0.0.1
|
||||||
|
|
||||||
|
You will be asked to provide your password and to certify that the authenticity of the server is correct.
|
||||||
|
Connecting to SSH server on Debian 10 Buster
|
||||||
|
Exiting your SSH server
|
||||||
|
|
||||||
|
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.
|
||||||
|
Logout from the SSH server
|
||||||
|
Disabling your SSH server
|
||||||
|
|
||||||
|
In order to disable your SSH server on Debian 10, run the following command
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo systemctl stop sshd
|
||||||
|
$ sudo systemctl status sshd
|
||||||
|
```
|
||||||
|
|
||||||
|
# Stopping SSH server on Debian 10
|
||||||
|
|
||||||
|
From there, your SSH server won’t be accessible anymore.
|
||||||
|
Connection refused from the SSH server
|
||||||
|
Troubleshooting
|
||||||
|
|
||||||
|
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
|
||||||
|
|
||||||
|
Here is the list of the common errors you might get during the setup.
|
||||||
|
# Debian : SSH connection refused
|
||||||
|
|
||||||
|
Usually, you are getting this error because your firewall is not properly configured on Debian.
|
||||||
|
|
||||||
|
To solve “SSH connection refused” you have to double check your UFW firewall settings.
|
||||||
|
|
||||||
|
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo ufw status
|
||||||
|
|
||||||
|
Status: active
|
||||||
|
|
||||||
|
To Action From
|
||||||
|
-- ------ ----
|
||||||
|
22/tcp ALLOW Anywhere
|
||||||
|
```
|
||||||
|
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
|
||||||
|
|
||||||
|
$ sudo iptables -L -n
|
||||||
|
|
||||||
|
Chain INPUT (policy ACCEPT)
|
||||||
|
target prot opt source destination
|
||||||
|
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
|
||||||
|
|
||||||
|
If the rule is not set for SSH, you can set by running the iptables command again.
|
||||||
|
|
||||||
|
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||||
|
|
||||||
|
Debian : SSH access denied
|
||||||
|
|
||||||
|
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
|
||||||
|
|
||||||
|
To solve this issue, it depends on the authentication method you are using.
|
||||||
|
SSH password access denied
|
||||||
|
|
||||||
|
If you are using the password method, double check your password and make sure you are entering it correctly.
|
||||||
|
|
||||||
|
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
|
||||||
|
|
||||||
|
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
PermitRootLogin
|
||||||
|
|
||||||
|
PermitRootLogin yes
|
||||||
|
```
|
||||||
|
# SSH key access denied
|
||||||
|
|
||||||
|
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
|
||||||
|
|
||||||
|
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
|
||||||
|
|
||||||
|
# Debian : Unable to locate package openssh-server
|
||||||
|
|
||||||
|
For this one, you have to make sure that you have set correctly your APT repositories.
|
||||||
|
|
||||||
|
Add the following entry to your sources.list file and update your packages.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ sudo nano /etc/apt/sources.list
|
||||||
|
|
||||||
|
deb http://ftp.us.debian.org/debian wheezy main
|
||||||
|
|
||||||
|
$ sudo apt-get update
|
||||||
|
```
|
||||||
|
Conclusion
|
||||||
|
|
||||||
|
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
|
||||||
|
|
||||||
|
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
|
||||||
|
|
||||||
|
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.
|
Loading…
Reference in New Issue