Adds linux basic command notes & ssh_server.md

This commit is contained in:
vl4dd 2021-04-07 06:56:36 -04:00
parent caa8637926
commit 43ec9604c6
2 changed files with 441 additions and 16 deletions

View File

@ -1,39 +1,215 @@
# Theory # Theory
## Absolute path ## Absolute Path vs Relative Path in Linux/Unix
cd /etc One of this blog follower asked us that whatâs the difference between absolute and relative path?
## relative path
../../../etc To understand this we have to know what is a path in Linux.
### What is a path?
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters.
What is an absolute path?
An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory.
### Some examples of absolute path:
```bash
/var/ftp/pub
/etc/samba.smb.conf
/boot/grub/grub.conf
```
If you see all these paths started from / directory which is a root directory for every Linux/Unix machines.
### What is the relative path?
Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel
changing directory to /var/log/kernel by using relative path concept.
> $ pwd/var/logcd kernel
Note: If you observe there is no / before kernel which indicates itâs a relative directory to present working directory.
Changing directory to /var/log/kernel using absolute path concept.
> $ cd /var/log/kernel
Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory.
Examples of relative path and absolute path for the same operation.
# Basic Linux Command # Basic Linux Command
list current directory ## help
> $ ls -l -a -r -t -h --help - Man: an interface to the on-line reference manuals
ls = program
-l -a = parameters
Man for manual
> $ man ls > $ man ls
print working directory # Wildcard
* Show all picture (multiple char)
> $ ls pic*
? show only picture between 50 and 59 (only one char)
> $ ls pic5?.jpg
[] show only if char in [p-P]
> $ ls [pP]ic*
# Files and directory
- ls: list directory contents
> $ ls
> args = -l -a -r -t -h --help
- Pwd: output the current working directory
> $ pwd > $ pwd
change directory - Change directory
> $ cd > $ cd
back to precedent forlder back to previous folder
> $ cd - > $ cd -
Make directory - Make directory
> $ mkdir test1 test2 test3 > $ mkdir test1 test2 test3
> $ mkdir -p lol/lol/lol > $ mkdir -p lol/lol/lol
-p to create parent directory if needed -p to create parent directory if needed
Searching the PATH for executable files matching the names of the arguments - Remove directory
> rmdir filename
> rm -rf file name
- Move directory (can be used to rename a file)
> mv file /opt/movedfile
- Copy file or directory
> $ cp file /opt/newcopiedfile
- Touch - change file timestamps but it can also create files
> $ touch nomdefichier.md
> $ touch pic{00..99}.jpeg # does not work
- Which: Searching the PATH for executable files matching the names of the arguments
> $ which ls > $ which ls
Interactive processes viewer - File: file — determine file type
> $ file myfile
## file viewer
- More: file perusal filter for crt viewing
> $ more filename
- Less: opposite of more but Less is more ;)
> $ less filename
- Cat: concatenate files and print on the standard output
> $ cat filename
## Users and privileges
adduser, addgroup - add a user or group to the system
> sudo adduser steve
```bash
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser steve
[sudo] password for r4v3n:
Sorry, try again.
[sudo] password for r4v3n:
Adding user `steve' ...
Adding new group `steve' (1002) ...
Adding new user `steve' (1002) with group `steve' ...
Creating home directory `/home/steve' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for steve
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
````
user skeleton: skeleton files used for new user configuration
> $ ls /etc/skel/
```bash
─r4v3n at d3bi4n in /etc/skel
╰─» ls -a 0 (0.002s) < 05:21:24
./ ../ .bash_logout .bashrc .profile
```
- Change user
> $ su - marie
### Permissions
- Chmod: change file mode bits
A combination of the letters **ugoa** controls which users' access to the file will be changed:
- the user who owns it (u),
- other users in the file's group (g),
- other users not in the file's group (o),
- or all users (a).
If none of these are given, the effect is as if (a) were given, but bits that are set in the umask are not affected.
```bash
marie@d3bi4n:~$ ls -l
total 4
-rw-r--r-- 1 marie marie 12 Apr 7 05:44 test
```
> $ chmod o-r mysecret
> -rw-r--**-**-- 1 marie marie 12 Apr 7 05:44 test
> $ chmod o+**rw** myscret
> -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test
###groups
Groups: print the groups a user is in
> $ groups
Adds user marie into steve group
> $ adduser marie steve
```bash
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser marie steve
Adding user `marie' to group `steve' ...
Adding user marie to group steve
Done.
marie@d3bi4n:~$ groups
marie steve
```
## Sysadmin tools
- Htop: Interactive processes viewer
> $ htop > $ htop
## text editor
- Nano: Nano's ANOther editor, an enhanced free Pico clone
(simple text editor for noobies)
> $ nano
> $ nano filename
- VIM: vim - Vi IMproved, a programmer's text editor (PGM)
> $ vim
> $ vim filename
# APT # APT
> $ apt install > $ apt install
> $ apt remove > $ apt remove

249
Linux/ssh_server.md Normal file
View File

@ -0,0 +1,249 @@
# How To Install and Enable SSH Server on Debian 10
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
# Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
> $ sudo -l
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
> $ ssh -V
# Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
> $ sudo apt-get update
In order to install a SSH server on Debian 10, run the following command
> $ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
> $ sudo systemctl status sshd
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
> $ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Enabling the SSH server on boot on Debian 10
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
$ netstat -tulpn | grep 2222
Checking SSH port on Linux using netstat
Connecting to your SSH server
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
$ ssh -p <port> <username>@<ip_address>
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
$ sudo ifconfig
Checking local IP using ifconfig
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
$ ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
Connecting to SSH server on Debian 10 Buster
Exiting your SSH server
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type logout and your connection will be terminated.
Logout from the SSH server
Disabling your SSH server
In order to disable your SSH server on Debian 10, run the following command
```bash
$ sudo systemctl stop sshd
$ sudo systemctl status sshd
```
# Stopping SSH server on Debian 10
From there, your SSH server wont be accessible anymore.
Connection refused from the SSH server
Troubleshooting
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
Here is the list of the common errors you might get during the setup.
# Debian : SSH connection refused
Usually, you are getting this error because your firewall is not properly configured on Debian.
To solve “SSH connection refused” you have to double check your UFW firewall settings.
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
```bash
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
```
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
If the rule is not set for SSH, you can set by running the iptables command again.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Debian : SSH access denied
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
To solve this issue, it depends on the authentication method you are using.
SSH password access denied
If you are using the password method, double check your password and make sure you are entering it correctly.
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
```bash
PermitRootLogin
PermitRootLogin yes
```
# SSH key access denied
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
# Debian : Unable to locate package openssh-server
For this one, you have to make sure that you have set correctly your APT repositories.
Add the following entry to your sources.list file and update your packages.
```bash
$ sudo nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian wheezy main
$ sudo apt-get update
```
Conclusion
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.