This commit is contained in:
vl4dd 2021-04-08 06:14:27 -04:00
parent 8e5a269923
commit ea02763a32
4 changed files with 1194 additions and 92 deletions

View File

@ -1,15 +1,13 @@
# Linux # Linux
## Absolute Path vs Relative Path in Linux/Unix ## Absolute Path vs Relative Path in Linux/Unix
One of this blog follower asked us that whatâs the difference between absolute and relative path?
To understand this we have to know what is a path in Linux.
### What is a path? ### What is a path?
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters. A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters.
What is an absolute path? ### What is an absolute path?
An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory. An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory.
### Some examples of absolute path: ### Some examples of absolute path:
```bash ```bash
/var/ftp/pub /var/ftp/pub
@ -17,6 +15,7 @@ An absolute path is defined as the specifying the location of a file or director
/boot/grub/grub.conf /boot/grub/grub.conf
``` ```
If you see all these paths started from / directory which is a root directory for every Linux/Unix machines. If you see all these paths started from / directory which is a root directory for every Linux/Unix machines.
### What is the relative path? ### What is the relative path?
Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel
@ -33,7 +32,6 @@ Changing directory to /var/log/kernel using absolute path concept.
``` ```
Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory. Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory.
Examples of relative path and absolute path for the same operation.
# Basic Linux Command # Basic Linux Command
@ -47,39 +45,43 @@ Examples of relative path and absolute path for the same operation.
## Wildcard ## Wildcard
### \* Show all picture (multiple char) ### \* Show all picture (multiple char)
```bash ```bash
> $ ls pic* $ ls pic*
```
### **?** show only picture between 50 and 59 (only one char) ### **?** show only picture between 50 and 59 (only one char)
```bash
> $ ls pic5?.jpg $ ls pic5?.jpg
```
[] show only if char in [p-P] [] show only if char in [p-P]
```bash
> $ ls [pP]ic* $ ls [pP]ic*
```
## Files and directory ## Files and directory
- ls: list directory contents ### ls: list directory contents
> $ ls ```bash
$ ls
> args = -l -a -r -t -h --help $args = -l -a -r -t -h --help
```
- Pwd: output the current working directory
> $ pwd
- Cd: Change directory
> $ cd
### Pwd: output the current working directory
```bash
$ pwd
```
### Cd: Change directory
```bash
$ cd
```
back to previous folder back to previous folder
> $ cd - ```bash
$ cd -
```
### Mkdir: Make directory
```bash
$ mkdir test1 test2 test3
- Mkdir: Make directory $ mkdir -p lol/lol/lol
> $ mkdir test1 test2 test3 ```
> $ mkdir -p lol/lol/lol
-p to create parent directory if needed -p to create parent directory if needed
### Rmdir: Remove directory ### Rmdir: Remove directory
@ -152,7 +154,7 @@ $ tail -n 5 Workspace/SysAdminTraining/LinuxSysAdminsDoc/Linux/basic_cmd.md
Args -n define the number of line needed Args -n define the number of line needed
## Users ## Users
adduser, addgroup - add a user or group to the system ### adduser, addgroup - add a user or group to the system
```bash ```bash
$ sudo adduser steve $ sudo adduser steve
@ -178,22 +180,22 @@ Is the information correct? [Y/n] y
``` ```
user skeleton: skeleton files used for new user configuration ### user skeleton: skeleton files used for new user configuration
> $ ls /etc/skel/
```bash ```bash
─r4v3n at d3bi4n in /etc/skel $ ls /etc/skel/
╰─» ls -a 0 (0.002s) < 05:21:24 $ ls -a 0 (0.002s) < 05:21:24
./ ../ .bash_logout .bashrc .profile ./ ../ .bash_logout .bashrc .profile
``` ```
- Change user ### Change user
> $ su - marie ```bash
$ su - marie
```
## Permissions ## Permissions
- Chmod: change file mode bits ### Chmod: change file mode bits
A combination of the letters **ugoa** controls which users' access to the file will be changed: A combination of the letters **ugoa** controls which users' access to the file will be changed:
- the user who owns it (u), - the user who owns it (u),
@ -209,7 +211,7 @@ If none of these are given, the effect is as if (a) were given, but bits that ar
marie@d3bi4n:~$ ls -l marie@d3bi4n:~$ ls -l
total 4 total 4
-rw-r--r-- 1 marie marie 12 Apr 7 05:44 test -rw-r--r-- 1 marie marie 12 Apr 7 05:44 test
```
> $ chmod o-r mysecret > $ chmod o-r mysecret
@ -219,6 +221,7 @@ total 4
> -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test > -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test
```
##Using chmod in absolute mode ##Using chmod in absolute mode
@ -242,40 +245,40 @@ With these numeric values, you can combine them and thus one number can be used
| 6 (i.e. 4+2) | rw- | | 6 (i.e. 4+2) | rw- |
| 7 (i.e. 4+2+1) | rwx | | 7 (i.e. 4+2+1) | rwx |
most commonly used: ### most commonly used: 755 644 600 640
755 644 600 640
Can you guess the file permission in numbers on agatha.txt file in our example so far? Thats right, its 764. Can you guess the file permission in numbers on agatha.txt file in our example so far? Thats right, its 764.
Now that you know what number represents which permission, lets see how to change file permission using this knowledge. Now that you know what number represents which permission, lets see how to change file permission using this knowledge.
Suppose you want to change the file permission on agatha.txt so that everyone can read and write but no one can execute it? In that case, you can use the chmod command like this: Suppose you want to change the file permission on agatha.txt so that everyone can read and write but no one can execute it? In that case, you can use the chmod command like this:
```bash
> $ chmod 666 agatha.txt $ chmod 666 agatha.txt
```
## Danger : if a folder has not the X (executable) right => you cannot open it. ## Danger : if a folder has not the X (executable) right => you cannot open it.
-R for recursive on folder -R for recursive on folder
If you list agatha.txt now, youll see that the permission has been changed. If you list agatha.txt now, youll see that the permission has been changed.
```bash
> -rw-rw-rw- 1 abhishek abhishek 457 Aug 10 11:55 agatha.txt > -rw-rw-rw- 1 abhishek abhishek 457 Aug 10 11:55 agatha.txt
```
- Chown: change file owner and group ### Chown: change file owner and group
> $ sudo chown marie:marie agatha.txt ```bash
$ sudo chown marie:marie agatha.txt
> -rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt -rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt
```
### Groups ### Groups: print the groups a user is in
```bash
Groups: print the groups a user is in $ groups
> $ groups ```
Adds user marie into steve group Adds user marie into steve group
> $ adduser marie steve
```bash ```bash
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser marie steve $ sudo adduser marie steve
Adding user `marie' to group `steve' ... Adding user `marie' to group `steve' ...
Adding user marie to group steve Adding user marie to group steve
Done. Done.
@ -286,6 +289,37 @@ marie steve
## Sysadmin tools ## Sysadmin tools
ss### Who:
```bash
student@debianserver:/var/log$ who
waldek tty1 2021-04-08 11:06
student pts/0 2021-04-08 11:13 (172.30.6.87)
student pts/1 2021-04-08 11:14 (172.30.6.90)
student pts/2 2021-04-08 11:14 (172.30.6.98)
student pts/3 2021-04-08 11:21 (172.30.6.97)
student pts/4 2021-04-08 11:15 (172.30.6.83)
student pts/5 2021-04-08 11:15 (172.30.6.96)
student pts/6 2021-04-08 11:23 (172.30.6.92)
student pts/8 2021-04-08 11:15 (172.30.6.82)
student pts/9 2021-04-08 11:17 (172.30.6.84)
student pts/10 2021-04-08 11:16 (172.30.6.85)
student pts/11 2021-04-08 11:17 (172.30.6.86)
student tty2 2021-04-08 11:24
```
pts pseudo terminal remote
tty1 user loger localy on the machine
### Wall: write a message to all users
```bash
student@debianserver:/var/log$ wall 110101101101010
Broadcast message from student@debianserver (pts/10) (Thu Apr 8 11:29:42 2021)
110101101101010
```
### & vs && ### & vs &&
```bash ```bash
$ apt update && upgrade $ apt update && upgrade
@ -324,51 +358,60 @@ XDG_CURRENT_DESKTOP=GNOME
### How to create a symbolic link in Linux ### How to create a symbolic link in Linux
To create a symbolic link to target file from link name, To create a symbolic link to target file from link name,
you can use the ln command with -s option like this: you can use the ln command with -s option like this:
```bash ```bash
$ ln -s target_file link_name $ ln -s target_file link_name
``` ```
### alias: ### alias:
```bash ```bash
$ alias ll="ls -l" $ alias ll="ls -l"
``` ```
The -s option is important here. It determines that the link is soft link. If you dont use it, it will create a hard link. Ill explain the difference between soft links and hard links in a different article. The -s option is important here. It determines that the link is soft link. If you dont use it, it will create a hard link. Ill explain the difference between soft links and hard links in a different article.
### Htop: Interactive processes viewer ### Htop: Interactive processes viewer
> $ htop
- Changer default shell
> $ vim /etc/passwd
```bash ```bash
$ htop
```
### Changer default shell
```bash
$ vim /etc/passwd
steve:x:1002:1002:,,,:/home/steve:/bin/bash steve:x:1002:1002:,,,:/home/steve:/bin/bash
steve:x:1002:1002:,,,:/home/steve:/bin/fish steve:x:1002:1002:,,,:/home/steve:/bin/fish
``` ```
- |: pipe send result of the first command to the second ### Pipe | : pipe send result of the first command to the second
> cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1 ```bash
$ cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1
- Grep: print lines that match patterns ```
> $ ### Grep: print lines that match patterns
Search for specific text with grep command Search for specific text with grep command
> $ grep -l example document1.txt document2.txt ```bash
$ grep -l example document1.txt document2.txt
> $ grep -l example \*.txt $ grep -l example \*.txt
```
grep as long as you include the -r (recursive) option in the command. grep as long as you include the -r (recursive) option in the command.
```bash
> $ grep -lr example /path/to/directory1/\*.txt /path/to/directory2 $ grep -lr example /path/to/directory1/\*.txt /path/to/directory2
```
Or, to search the current directory and all subdirectories, omit the path at the end of the command. Or, to search the current directory and all subdirectories, omit the path at the end of the command.
```bash
$ grep -lr example
```
> $ grep -lr example ### Cut: remove sections from each line of files
```bash
- Cut: remove sections from each line of files
> $ > $
```
### Wc: print newline, word, and byte counts for each file
```bash
$ wc -l
- Wc: print newline, word, and byte counts for each file ### Realpath
> $ wc -l
```bash ```bash
$ realpath example.txt $ realpath example.txt
@ -377,17 +420,18 @@ $ realpath example.txt
## how to navigate in a web page source code ## how to navigate in a web page source code
- Wget: The non-interactive network downloader ### Wget: The non-interactive network downloader
```bash ```bash
$ wget www.tandemlaw.be $ wget www.tandemlaw.be
``` ```
- search url inside index.html search url inside index.html
[Bashoneliners.com](bashoneliners.com) [Bashoneliners.com](bashoneliners.com)
```bash ```bash
$ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq $ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq
``` ```
## text editor ## text editor
- Nano: Nano's ANOther editor, an enhanced free Pico clone - Nano: Nano's ANOther editor, an enhanced free Pico clone
(simple text editor for noobies) (simple text editor for noobies)
@ -396,12 +440,11 @@ $ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq
$ nano $ nano
$ nano filename $ nano filename
``` ```
- VIM: vim - Vi IMproved, a programmer's text editor (PGM) ### VIM: vim - Vi IMproved, a programmer's text editor (PGM)
``` bash
> $ vim $ vim
$ vim filename
> $ vim filename ```
# APT # APT
```bash ```bash
$ apt install $ apt install
@ -412,30 +455,30 @@ $ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq
## Display & Destop Manager ## Display & Destop Manager
* Architecture: ### Architecture:
```bash ```bash
BIOS -> GRUB -> Display Manager -> Desktop Environement BIOS -> GRUB -> Display Manager -> Desktop Environement
``` ```
* Install Desktop Environement (GUI) ### Install Desktop Environement (GUI)
```bash ```bash
$ tasksel $ tasksel
$ apt install gnome $ apt install gnome
$ apt remove gnome $ apt remove gnome
``` ```
* Reconfigurer le display manager ### Reconfigurer le display manager
```bash ```bash
$ sudo dpkg-reconfigure gdm3 $ sudo dpkg-reconfigure gdm3
``` ```
* Installer le display manager ### Installer le display manager
```bash ```bash
$ sudo apt install lightdm $ sudo apt install lightdm
$ sudo apt install gdm3 $ sudo apt install gdm3
``` ```
* remove Desktop environement ### remove Desktop environement
```bash ```bash
$ sudo apt remove lightdm $ sudo apt remove lightdm
``` ```

531
Linux/ssh.md Normal file
View File

@ -0,0 +1,531 @@
# SSH
## OpenSSH SSH client (remote login program)
- SSH: (SSH client) is a program for logging into a remote machine and for executing commands on a
remote machine
- SSH Server: server
## Fist login to remote server
```bash
$ ssh student@172.30.6.99
The authenticity of host '172.30.6.99 (172.30.6.99)' can't be established.
ECDSA key fingerprint is SHA256:w2XxVfnfPpYCeCjEBzmI0AeuaqiC0Sx1FBwrGmnYh64.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.30.6.99' (ECDSA) to the list of known hosts.
student@172.30.6.99's password:
Connection closed by 172.30.6.99 port 22
```
## Login to remote server
```bash
admin@d3bi4n:~$ ssh student@172.30.6.99
student@172.30.6.99's password:
Linux debianserver 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Apr 8 11:15:57 2021 from 172.30.6.84
```
ECDSA key finger print is used to validate the server identity for future connection.
## Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
```bash
$ sudo apt-get update
```
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
```bash
$ sudo apt-get install openssh-server
```
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
```bash
$ sudo systemctl status sshd
user@w3b-73rv3r:~$ sudo systemctl status sshd
[sudo] password for user:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-04-08 05:35:36 EDT; 10min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 490 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 499 (sshd)
Tasks: 1 (limit: 4689)
Memory: 3.8M
CGroup: /system.slice/ssh.service
└─499 /usr/sbin/sshd -D
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Starting OpenBSD Secure Shell server...
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on 0.0.0.0 port 22.
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on :: port 22.
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Started OpenBSD Secure Shell server.
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: Accepted password for user from 172.30.6.99 port 55748 ssh2
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: pam_unix(sshd:session): session opened for user user by (uid=0)
r4v3n@w3b-73rv3r:~$
```
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
BasicsLinux System Administration
How To Install and Enable SSH Server on Debian 10
written by schkn
How To Install and Enable SSH Server on Debian 10
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Enabling the SSH server on boot on Debian 10
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
$ netstat -tulpn | grep 2222
Checking SSH port on Linux using netstat
Connecting to your SSH server
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
$ ssh -p <port> <username>@<ip_address>
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
$ sudo ifconfig
Checking local IP using ifconfig
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
$ ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
Connecting to SSH server on Debian 10 Buster
Exiting your SSH server
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type logout and your connection will be terminated.
Logout from the SSH server
Disabling your SSH server
In order to disable your SSH server on Debian 10, run the following command
$ sudo systemctl stop sshd
$ sudo systemctl status sshd
From there, your SSH server wont be accessible anymore.
Connection refused from the SSH server
Troubleshooting
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
Here is the list of the common errors you might get during the setup.
Debian : SSH connection refused
Usually, you are getting this error because your firewall is not properly configured on Debian.
To solve “SSH connection refused” you have to double check your UFW firewall settings.
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
If the rule is not set for SSH, you can set by running the iptables command again.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Debian : SSH access denied
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
To solve this issue, it depends on the authentication method you are using.
SSH password access denied
If you are using the password method, double check your password and make sure you are entering it correctly.
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
#PermitRootLogin
PermitRootLogin yes
SSH key access denied
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
Debian : Unable to locate package openssh-server
For this one, you have to make sure that you have set correctly your APT repositories.
Add the following entry to your sources.list file and update your packages.
$ sudo nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian wheezy main
$ sudo apt-get update
Conclusion
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

View File

@ -0,0 +1,283 @@
#How To Install and Enable SSH Server on Debian 10
[reference](https://devconnected.com/how-to-install-and-enable-ssh-server-on-debian-10/)
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Enabling the SSH server on boot on Debian 10
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
$ netstat -tulpn | grep 2222
Checking SSH port on Linux using netstat
Connecting to your SSH server
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
$ ssh -p <port> <username>@<ip_address>
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
$ sudo ifconfig
Checking local IP using ifconfig
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
$ ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
Connecting to SSH server on Debian 10 Buster
Exiting your SSH server
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type logout and your connection will be terminated.
Logout from the SSH server
Disabling your SSH server
In order to disable your SSH server on Debian 10, run the following command
$ sudo systemctl stop sshd
$ sudo systemctl status sshd
Stopping SSH server on Debian 10
From there, your SSH server wont be accessible anymore.
Connection refused from the SSH server
Troubleshooting
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
Here is the list of the common errors you might get during the setup.
Debian : SSH connection refused
Usually, you are getting this error because your firewall is not properly configured on Debian.
To solve “SSH connection refused” you have to double check your UFW firewall settings.
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
If the rule is not set for SSH, you can set by running the iptables command again.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Debian : SSH access denied
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
To solve this issue, it depends on the authentication method you are using.
SSH password access denied
If you are using the password method, double check your password and make sure you are entering it correctly.
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
#PermitRootLogin
PermitRootLogin yes
SSH key access denied
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
Debian : Unable to locate package openssh-server
For this one, you have to make sure that you have set correctly your APT repositories.
Add the following entry to your sources.list file and update your packages.
$ sudo nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian wheezy main
$ sudo apt-get update
Conclusion
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

245
Linux/ssh/ssh_key.md Normal file
View File

@ -0,0 +1,245 @@
# How To Set Up SSH Keys on Debian 10 Buster
The Secure Shell (or SSH) is a cryptographic protocol enabling secure communication between clients and servers.
SSH is widely used to connect to remote Linux systems in a secure way. It is also used in the Windows ecosystem to connect to remote Windows machines via OpenSSH.
SSH has two ways of authenticating users on a machine : either via a password or via a public key authentication system. Using a key-pair authentication, you wont need to type a password to login, everything is going to be automatic.
In this tutorial, we are going describe how to set up SSH keys on a Debian 10 Buster instance.
Table of Contents
1 Create SSH Key Pair on Debian
2 Copy the SSH public key to your client host
a Copy SSH keys using ssh-copy-id
b Copy SSH keys using ssh without ssh-copy-id
c Copy SSH key manually to the client
3 Connect to your remote host with SSH
4 Disable the SSH password authentication
5 Allow/Deny certain users and groups to have SSH access
6 Conclusion
1 Create SSH Key Pair on Debian
Before starting, make sure that you dont have any pre-existing SSH keys into your ssh directory.
Run a simple ls command into your .ssh directory.
$ cd /home/user/.ssh
$ ls -al
SSH directory on Linux
In order to generate a SSH key on Debian, you are going to need the ssh-keygen tool.
By default, ssh-keygen is already installed on Debian 10.
To create a SSH key pair, use the following command.
$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
This ssh-keygen will take care of creating your key.
The -t flag specifies the type of encryption used (in this case RSA).
The -b determines the number of bytes used to create your key. In general, you want to use at least 2048 bytes for a key, but we are going to use 4096 in our case.
Finally, the -C flag provides a comment for the key pair, in this case the e-mail used.
When creating your SSH keys, you will be asked a number of questions.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
You can leave this one as default, except if you want to store it in a custom key file.
Enter passphrase (empty for no passphrase)
Choose a strong passphrase for your key. In case somebody steals your key, the passphrase will be required as a second security option.
If you want to automatically connect to your server without being prompted any password, leave the passphrase blank.
Password authentication will be disabled in the next chapters, but you will still be prompted with the passphrase if you decided to define one. Passphrases are recommended for production and sensitive environments.
Enter your passphrase again, and your SSH key should be created.
Set up a SSH key on Debian using ssh-keygen
In this example, my file was created in /home/devconnected/.ssh directory.
Private and public key set up on Debian
As a result of your command, two files were created.
id_rsa: this is the PRIVATE key that is going to be used on the server side to identify incoming client requests. It should obviously not be shared with anybody. It is also used by the client to verify the servers identity.
id_rsa.pub: the “pub” extension stands for “public”. This is the PUBLIC key that is going to be used by clients to connect to the server. This is the file that you are allowed to share with clients.
2 Copy the SSH public key to your client host
In order to copy your newly created SSH key, you should not use an unsecure protocol (like TCP for example) as it would expose your SSH keys to hackers.
If your SSH keys are compromised, there are essentially no benefits in using a secure protocol like SSH.
As a consequence, heres how you should copy your SSH keys to remote hosts.
a Copy SSH keys using ssh-copy-id
To run ssh-copy-id, execute the following command.
$ ssh-copy-id remoteuser@remotehost
You may be prompted with the following question.
The authenticity of host '142.93.103.142' can't be established.
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
Are you sure you want to continue connecting (yes/no)? yes
Finally, you will be asked to provide the password the remote user.
remoteuser@remotehost's password:
Type in the password. As a result, you should see the following output.
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'remoteuser@remotehost'" and check to make sure that only the key(s) you wanted were added.
On my client host, in the .ssh directory, lets see the files created.
Public key set up on Debian client
Awesome, my client now has an authorized_keys file, specifying the host it can connect to.
Now on my client host, if I try to connect to my server with SSH, I should be able to do it.
b Copy SSH keys using ssh without ssh-copy-id
In case you dont have ssh-copy-id on your instance, you can also use the SSH command to securely transfer your file to the server.
The command is longer but it is as secure as a regular ssh-copy-id command.
Here is the command to copy your SSH keys to your client host.
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remoteserver "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
By running this command, you are going to be asked for the passphrase on the server.
Unlocking a private SSH key on Debian 10
Enter the correct passphrase and click “Unlock”.
With this command, you are taking the content of your public key and sending it over SSH to your remote host.
The command first asserts that you have the .ssh folder on your remote host. The content is appended to the actual content of the authorized_keys file (if already existing).
Lets take a look at our file on the remote host.
Set up SSH public key on Debian 10
Great! The content was correctly appended to our existing authorized_keys file.
c Copy SSH key manually to the client
Another alternative is to copy the content of your public key directly to the client filesystem.
First, display the content of the public key using the cat command.
$ cd /home/user/.ssh
$ cat id_rsa.pub
Displaying SSH public key on Debian
Go to your remote server, and find the .ssh folder on the client. You will need to append the content of the public key to the authorized_keys file on the server.
As you can see, file permissions on this file are restricted, which means that you are going to need sudo rights to modify this file.
$ cd /home/client/.ssh
$ sudo nano authorized_keys
Append your key by simply copying and pasting the content to the end of your existing authorized_keys file.
Appending a public key to the SSH authorized keys
Save your file and exit your text editor.
Now that everything is ready, and that your SSH keys are set up, it is time for you to connect to your host using your keys.
3 Connect to your remote host with SSH
Now that everything is ready, you need to connect to your server using key-based SSH authentication.
To do it, perform a normal SSH connection, like you used to do in the past.
$ ssh user@server_ip
On the first connection, you should be prompted to validate the identity of your server. This is a paragraph that you already saw when you were trying to copy your SSH keys to your client host.
The authenticity of host '142.93.103.142' can't be established.
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
Are you sure you want to continue connecting (yes/no)? yes
If you defined a passphrase in the previous sections, you will be asked to provide it now.
Enter passphrase for key '/home/user/.ssh/id_rsa'
On success, you are going to be connected to your remote host.
Congratulations! You successfully set up SSH key-based authentication for your servers.
SSH connection shell
4 Disable the SSH password authentication
When you are connecting as a known client (a client that owns a public key for this specific server), you are not going to be asked for a password.
You can be asked for the passphrase if you configured it, but most of the time it is as seamless as connecting directly to your server without any prompt.
However, if you read my article about SSH geolocating, you may remember that hackers may try to brute-force their ways into your server.
SSH bruteforce login trials
Remember all the different combinations tried by hackers to gain access to my servers?
In order to prevent SSH attacks like this from happening, we need to disable password authentication for our server. This way, only users having a key will be able to login on the server.
To disable SSH password authentication, go the /etc/ssh folder, and edit your sshd_config file.
$ sudo nano /etc/ssh/sshd_config
Look for the “PasswordAuthentication” section in this configuration file, and change its value to “No”.
Disabling password authentication for SSH access on Debian
Restart your SSH service, and make sure that everything is working properly.
$ sudo systemctl restart ssh
$ sudo systemctl status ssh
SSH service running on Debian
Awesome!
You have successfully set up SSH keys for your Linux server.
5 Allow/Deny certain users and groups to have SSH access
As an additional security rule, you can allow only certain users to access your server.
Similarly, you can deny specific users from accessing your server, if you want to ban a certain user or group for example.
In order to allow specific users to have SSH access, head over to your SSH configuration file, and add a AllowUsers entry to your file.
Similarly, if you want to whitelist a specific group on your server, add a AllowGroups entry to your SSH configuration file.
$ cd /etc/ssh
$ sudo nano sshd_config
Allowing certain users to access SSH on Debian
To deny certain users from using SSH on your server, add the following entries to your configuration file.
Similarly, if you want to deny certain groups to have SSH access to your server, add a DenyGroups entry to your SSH configuration file.
Denying certain users to access SSH on Debian 10
Restart your SSH service for the modifications to be applied.
$ sudo systemctl restart ssh
$ sudo systemctl status ssh
6 Conclusion
Today, you successfully learned how to set up SSH keys on Debian 10 Buster, but the same steps can be applied to Ubuntu and CentOS machines.
Did you know?
SSH can also be used in order to setup SSH key-based authentication on Git.
Securing your server with SSH keys is a very crucial step if you want to prevent easy yet very effective attacks to be run against your server.
If you have a Debian machine on hosted servers, it is very likely that some bots are trying to access it. SSH Keys set up is one of the steps to make those attacks uneffective.