waldek
/
LinuxSysAdminsDoc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: waldek:7a28cd79b3ae4a014c1debf740a942da5506ef34
Branches Tags
waldek:master
waldek:Hugo
...
compare: waldek:a5c3239ab7cddeb482ac0bbf9767bab94ea05af7
Branches Tags
waldek:master
waldek:Hugo

11 Commits
7a28cd79b3 ... a5c3239ab7

Author SHA1 Message Date
waldek a5c3239ab7 adds a gitignore for vim swap files and removes the .notes.md.swp file 2021-04-08 22:24:24 +02:00
vl4dd 91345c1f0e remove ssh 2021-04-08 10:29:28 -04:00
vl4dd 4a5b049166 Adds wargames directory 2021-04-08 10:27:42 -04:00
vl4dd d5a4cd2bd4 adding info in basic_cmd 2021-04-08 07:47:24 -04:00
vl4dd ea02763a32 Adds SSH 2021-04-08 06:14:27 -04:00
vl4dd 8e5a269923 Adds cheatsheet-18.md 2021-04-08 04:51:24 -04:00
vl4dd e3ee05e3d6 Adds more commands into basic_cmd.md 2021-04-08 04:30:33 -04:00
vl4dd 05c6c94851 Adds htop picture 2021-04-08 03:43:51 -04:00
vl4dd f9b8a66d91 Merge branch 'master' of https://gitea.86thumbs.net/vl4dd/LinuxSysAdminsDoc 2021-04-08 03:42:25 -04:00
vl4dd 53ce282ff2 Adds htop picture + wget and oneliner information 2021-04-08 03:41:49 -04:00
vl4dd fe56f4c502 Merge pull request 'adds more links and some more verbose information to the readme.md file' (#3) from waldek/LinuxSysAdminsDoc:master into master 
Reviewed-on: https://gitea.86thumbs.net/vl4dd/LinuxSysAdminsDoc/pulls/3
 2021-04-08 09:02:07 +02:00
10 changed files with 1609 additions and 166 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.swp

460
Linux/basic_cmd.md
View File

@ -1,15 +1,13 @@
# Linux # Linux
## Absolute Path vs Relative Path in Linux/Unix ## Absolute Path vs Relative Path in Linux/Unix
One of this blog follower asked us that whatâs the difference between absolute and relative path?
To understand this we have to know what is a path in Linux.
### What is a path? ### What is a path?
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters. A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters.
What is an absolute path? ### What is an absolute path?
An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory. An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory.
### Some examples of absolute path: ### Some examples of absolute path:
```bash ```bash
/var/ftp/pub /var/ftp/pub
@ -17,117 +15,146 @@ An absolute path is defined as the specifying the location of a file or director
/boot/grub/grub.conf /boot/grub/grub.conf
``` ```
If you see all these paths started from / directory which is a root directory for every Linux/Unix machines. If you see all these paths started from / directory which is a root directory for every Linux/Unix machines.
### What is the relative path? ### What is the relative path?
Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel
changing directory to /var/log/kernel by using relative path concept. changing directory to /var/log/kernel by using relative path concept.
```bash
> $ pwd/var/logcd kernel $ pwd/var/logcd kernel
```
Note: If you observe there is no / before kernel which indicates itâs a relative directory to present working directory. Note: If you observe there is no / before kernel which indicates itâs a relative directory to present working directory.
Changing directory to /var/log/kernel using absolute path concept. Changing directory to /var/log/kernel using absolute path concept.
```bash
> $ cd /var/log/kernel $ cd /var/log/kernel
```
Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory. Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory.
Examples of relative path and absolute path for the same operation.
# Basic Linux Command # Basic Linux Command
## help ## help
- Man: an interface to the on-line reference manuals
> $ man ls ### Man: an interface to the on-line reference manuals
```bash
$ man ls
```
## Wildcard ## Wildcard
* Show all picture (multiple char) ### \* show all picture (multiple char)
> $ ls pic* ```bash
$ ls pic*
? show only picture between 50 and 59 (only one char) ```
### **?** show only picture between 50 and 59 (only one char)
> $ ls pic5?.jpg ```bash
$ ls pic5?.jpg
[] show only if char in [p-P] ```
### [] show only if char in [p-P]
> $ ls [pP]ic* ```bash
$ ls [pP]ic*
```
## Files and directory ## Files and directory
- ls: list directory contents ### ls: list directory contents
> $ ls ```bash
$ ls
> args = -l -a -r -t -h --help $args = -l -a -r -t -h --help
```
- Pwd: output the current working directory
> $ pwd
- Cd: Change directory
> $ cd
### Pwd: output the current working directory
```bash
$ pwd
```
### Cd: Change directory
```bash
$ cd
```
back to previous folder back to previous folder
> $ cd - ```bash
$ cd -
```
- Mkdir: Make directory
> $ mkdir test1 test2 test3
> $ mkdir -p lol/lol/lol
### Mkdir: Make directory
```bash
$ mkdir test1 test2 test3
$ mkdir -p lol/lol/lol
```
-p to create parent directory if needed -p to create parent directory if needed
- Rmdir: Remove directory ### Rmdir: Remove directory
```bash
> rmdir filename $ rmdir filename
$ rm -rf filename
> rm -rf filename ```
Delete all of the files in the diectory including all subdirectories and tier contents Delete all of the files in the diectory including all subdirectories and tier contents
> $ rm -r \* .\* ```bash
$ rm -r \* .\*
```
Remove all files with the .doc extension recursively in the current working directory. Remove all files with the .doc extension recursively in the current working directory.
> $ rm \*\*/\*.doc ```bash
$ rm \*\*/\*.doc
```
### Mv: Move directory (can be used to rename a file)
```bash
$ mv file /opt/movedfile
```
- Mv: Move directory (can be used to rename a file) ### Cp: Copy file or directory
> mv file /opt/movedfile ```bash
$ cp file /opt/newcopiedfile
```
- Cp: Copy file or directory ### Touch: change file timestamps but it can also create files
> $ cp file /opt/newcopiedfile ```bash
$ touch nomdefichier.md
- Touch: change file timestamps but it can also create files $ touch pic{00..99}.jpeg # does not work
> $ touch nomdefichier.md ```
> $ touch pic{00..99}.jpeg # does not work
- Which: Searching the PATH for executable files matching the names of the arguments ### Which: Searching the PATH for executable files matching the names of the arguments
> $ which ls ```bash
$ which ls
- File: file — determine file type ```
> $ file myfile ### File: file — determine file type
```bash
$ file myfile
```
## file viewer ## file viewer
- More: file perusal filter for crt viewing
> $ more filename ### More: file perusal filter for crt viewing
```bash
- Less: opposite of more but Less is more ;) $ more filename
```
> $ less filename ### Less: opposite of more but Less is more ;)
```bash
- Cat: concatenate files and print on the standard output $ less filename
```
> $ cat filename ### Cat: concatenate files and print on the standard output
```bash
## Users $ cat filename
```
adduser, addgroup - add a user or group to the system ### tail : output the last part of files
> sudo adduser steve
```bash ```bash
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser steve $ tail -n 5 Workspace/SysAdminTraining/LinuxSysAdminsDoc/Linux/basic_cmd.md
- dhclient > get ip
- gnome networkmanager
- wpa_supplicant > encryption @ wifi
![htop](./img/htop.png)
```
Args -n define the number of line needed
## Users
### adduser, addgroup - add a user or group to the system
```bash
$ sudo adduser steve
[sudo] password for r4v3n: [sudo] password for r4v3n:
Sorry, try again. Sorry, try again.
[sudo] password for r4v3n: [sudo] password for r4v3n:
@ -150,22 +177,22 @@ Is the information correct? [Y/n] y
``` ```
user skeleton: skeleton files used for new user configuration ### user skeleton: skeleton files used for new user configuration
> $ ls /etc/skel/
```bash ```bash
─r4v3n at d3bi4n in /etc/skel $ ls /etc/skel/
╰─» ls -a 0 (0.002s) < 05:21:24 $ ls -a 0 (0.002s) < 05:21:24
./ ../ .bash_logout .bashrc .profile ./ ../ .bash_logout .bashrc .profile
``` ```
- Change user ### Change user
> $ su - marie ```bash
$ su - marie
```
## Permissions ## Permissions
- Chmod: change file mode bits ### Chmod: change file mode bits
A combination of the letters **ugoa** controls which users' access to the file will be changed: A combination of the letters **ugoa** controls which users' access to the file will be changed:
- the user who owns it (u), - the user who owns it (u),
@ -181,7 +208,7 @@ If none of these are given, the effect is as if (a) were given, but bits that ar
marie@d3bi4n:~$ ls -l marie@d3bi4n:~$ ls -l
total 4 total 4
-rw-r--r-- 1 marie marie 12 Apr 7 05:44 test -rw-r--r-- 1 marie marie 12 Apr 7 05:44 test
```
> $ chmod o-r mysecret > $ chmod o-r mysecret
@ -191,8 +218,9 @@ total 4
> -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test > -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test
```
##Using chmod in absolute mode ## Using chmod in absolute mode
In the absolute mode, permissions are represented in numeric form (octal system to be precise). In this system, each file permission is represented by a number. In the absolute mode, permissions are represented in numeric form (octal system to be precise). In this system, each file permission is represented by a number.
@ -214,40 +242,40 @@ With these numeric values, you can combine them and thus one number can be used
| 6 (i.e. 4+2) | rw- | | 6 (i.e. 4+2) | rw- |
| 7 (i.e. 4+2+1) | rwx | | 7 (i.e. 4+2+1) | rwx |
most commonly used: ### most commonly used: 755 644 600 640
755 644 600 640
Can you guess the file permission in numbers on agatha.txt file in our example so far? Thats right, its 764. Can you guess the file permission in numbers on agatha.txt file in our example so far? Thats right, its 764.
Now that you know what number represents which permission, lets see how to change file permission using this knowledge. Now that you know what number represents which permission, lets see how to change file permission using this knowledge.
Suppose you want to change the file permission on agatha.txt so that everyone can read and write but no one can execute it? In that case, you can use the chmod command like this: Suppose you want to change the file permission on agatha.txt so that everyone can read and write but no one can execute it? In that case, you can use the chmod command like this:
```bash
> $ chmod 666 agatha.txt $ chmod 666 agatha.txt
```
## Danger : if a folder has not the X (executable) right => you cannot open it. ## Danger : if a folder has not the X (executable) right => you cannot open it.
-R for recursive on folder -R for recursive on folder
If you list agatha.txt now, youll see that the permission has been changed. If you list agatha.txt now, youll see that the permission has been changed.
```bash
> -rw-rw-rw- 1 abhishek abhishek 457 Aug 10 11:55 agatha.txt > -rw-rw-rw- 1 abhishek abhishek 457 Aug 10 11:55 agatha.txt
```
- Chown: change file owner and group ### Chown: change file owner and group
> $ sudo chown marie:marie agatha.txt ```bash
$ sudo chown marie:marie agatha.txt
> -rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt -rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt
```
### Groups ### Groups: print the groups a user is in
```bash
Groups: print the groups a user is in $ groups
> $ groups ```
Adds user marie into steve group Adds user marie into steve group
> $ adduser marie steve
```bash ```bash
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser marie steve $ sudo adduser marie steve
Adding user `marie' to group `steve' ... Adding user `marie' to group `steve' ...
Adding user marie to group steve Adding user marie to group steve
Done. Done.
@ -258,103 +286,203 @@ marie steve
## Sysadmin tools ## Sysadmin tools
- How to create a symbolic link in Linux ### Who:
```bash
student@debianserver:/var/log$ who
waldek tty1 2021-04-08 11:06
student pts/0 2021-04-08 11:13 (172.30.6.87)
student pts/1 2021-04-08 11:14 (172.30.6.90)
student pts/2 2021-04-08 11:14 (172.30.6.98)
student pts/3 2021-04-08 11:21 (172.30.6.97)
student pts/4 2021-04-08 11:15 (172.30.6.83)
student pts/5 2021-04-08 11:15 (172.30.6.96)
student pts/6 2021-04-08 11:23 (172.30.6.92)
student pts/8 2021-04-08 11:15 (172.30.6.82)
student pts/9 2021-04-08 11:17 (172.30.6.84)
student pts/10 2021-04-08 11:16 (172.30.6.85)
student pts/11 2021-04-08 11:17 (172.30.6.86)
student tty2 2021-04-08 11:24
```
pts pseudo terminal remote
tty1 user loger localy on the machine
### Wall: write a message to all users
```bash
student@debianserver:/var/log$ wall 110101101101010
Broadcast message from student@debianserver (pts/10) (Thu Apr 8 11:29:42 2021)
110101101101010
```
### & vs &&
```bash
$ apt update && upgrade
# && launch both instance one after the other
$ sleep 10 & htop
& launch in background the sleep 10 process and open htop
```
### exit status
```bash
$ ls thisnotexist
ls: cannot access 'thisnotexist': No such file or directory
$ echo $?
2
$ ls
Desktop Documents Downloads Music Pictures Public Templates Videos Workspace
$ echo $?
0
r4v3n@d3bi4n:~$
```
### Display Environement variables
```bash
$ env
SHELL=/bin/bash
XDG_CURRENT_DESKTOP=GNOME
...
```
### Get users password hases:
```bash
$ cat /etc/shadow | grep bash
# get hashes
$ sudo cat /etc/shadow | cut -d ":" -f2
# get name
$ sudo cat /etc/shadow | cut -d ":" -f1
```
### How to create a symbolic link in Linux
To create a symbolic link to target file from link name, To create a symbolic link to target file from link name,
you can use the ln command with -s option like this: you can use the ln command with -s option like this:
> ln -s target_file link_name ```bash
$ ln -s target_file link_name
```
### alias:
```bash
$ alias ll="ls -l"
```
The -s option is important here. It determines that the link is soft link. If you dont use it, it will create a hard link. Ill explain the difference between soft links and hard links in a different article. The -s option is important here. It determines that the link is soft link. If you dont use it, it will create a hard link. Ill explain the difference between soft links and hard links in a different article.
- Htop: Interactive processes viewer ### Htop: Interactive processes viewer
> $ htop
- Changer default shell
> $ vim /etc/passwd
```bash ```bash
$ htop
```
### Changer default shell
```bash
$ vim /etc/passwd
steve:x:1002:1002:,,,:/home/steve:/bin/bash steve:x:1002:1002:,,,:/home/steve:/bin/bash
steve:x:1002:1002:,,,:/home/steve:/bin/fish steve:x:1002:1002:,,,:/home/steve:/bin/fish
``` ```
- |: pipe send result of the first command to the second ## how to navigate in a web page source code
> cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1 ### Pipe | : pipe send result of the first command to the second
```bash
- Grep: print lines that match patterns $ cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1
> $ ```
### Grep: print lines that match patterns
Search for specific text with grep command Search for specific text with grep command
> $ grep -l example document1.txt document2.txt ```bash
$ grep -l example document1.txt document2.txt
> $ grep -l example \*.txt $ grep -l example \*.txt
```
grep as long as you include the -r (recursive) option in the command. grep as long as you include the -r (recursive) option in the command.
```bash
> $ grep -lr example /path/to/directory1/\*.txt /path/to/directory2 $ grep -lr example /path/to/directory1/\*.txt /path/to/directory2
```
Or, to search the current directory and all subdirectories, omit the path at the end of the command. Or, to search the current directory and all subdirectories, omit the path at the end of the command.
```bash
$ grep -lr example
```
> $ grep -lr example ### Cut: remove sections from each line of files
```bash
- Cut: remove sections from each line of files
> $ > $
```
### Wc: print newline, word, and byte counts for each file
```bash
$ wc -l
```
- Wc: print newline, word, and byte counts for each file ### Realpath
> $ wc -l
```bash ```bash
$ realpath example.txt $ realpath example.txt
/home/username/example.txt /home/username/example.txt
``` ```
### Wget: The non-interactive network downloader
```bash
$ wget www.tandemlaw.be
```
search url inside index.html
[Bashoneliners.com](bashoneliners.com)
```bash
$ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq
```
## text editor ## text editor
- Nano: Nano's ANOther editor, an enhanced free Pico clone ### Nano: Nano's ANOther editor, an enhanced free Pico clone
(simple text editor for noobies) (simple text editor for noobies)
> $ nano ```bash
$ nano
> $ nano filename $ nano filename
```
- VIM: vim - Vi IMproved, a programmer's text editor (PGM) ### VIM: vim - Vi IMproved, a programmer's text editor (PGM)
``` bash
> $ vim $ vim
$ vim filename
> $ vim filename ```
# APT # APT
> $ apt install ```bash
> $ apt remove $ apt install
> $ apt autoremove $ apt remove
> $ apt update $ apt autoremove
$ apt update
```
## Display & Destop Manager ## Display & Destop Manager
* Architecture: ### Architecture:
> BIOS -> GRUB -> Display Manager -> Desktop Environement ```bash
BIOS -> GRUB -> Display Manager -> Desktop Environement
```
### Install Desktop Environement (GUI)
```bash
$ tasksel
$ apt install gnome
$ apt remove gnome
```
* Install Desktop Environement (GUI) ### Reconfigurer le display manager
```bash
$ sudo dpkg-reconfigure gdm3
```
> $ tasksel ### Installer le display manager
> $ apt install gnome
> $ apt remove gnome ```bash
$ sudo apt install lightdm
* Reconfigurer le display manager
> $ sudo dpkg-reconfigure gdm3
* Installer le display manager
> $ sudo apt install lightdm
> $ sudo apt install gdm3
* remove Desktop environement
> $ sudo apt remove lightdm
$ sudo apt install gdm3
```
### remove Desktop environement
```bash
$ sudo apt remove lightdm
```
# Services # Services
- HTOP - HTOP
- dhclient > get ip - dhclient > get ip
- gnome networkmanager - gnome networkmanager
- wpa_supplicant > encryption @ wifi - wpa_supplicant > encryption @ wifi
![htop](./img/htop.png)

74
Linux/cheatsheet-18.md Normal file
View File

@ -0,0 +1,74 @@
| **Command** | **Description** |
| --------------|-------------------|
| `man <tool>` | Opens man pages for the specified tool. |
| `<tool> -h` | Prints the help page of the tool. |
| `apropos <keyword>` | Searches through man pages' descriptions for instances of a given keyword. |
| `cat` | Concatenate and print files. |
| `whoami` | Displays current username. |
| `id` | Returns users identity. |
| `hostname` | Sets or prints the name of the current host system. |
| `uname` | Prints operating system name. |
| `pwd` | Returns working directory name. |
| `ifconfig` | The `ifconfig` utility is used to assign or view an address to a network interface and/or configure network interface parameters. |
| `ip` | Ip is a utility to show or manipulate routing, network devices, interfaces, and tunnels. |
| `netstat` | Shows network status. |
| `ss` | Another utility to investigate sockets. |
| `ps` | Shows process status. |
| `who` | Displays who is logged in. |
| `env` | Prints environment or sets and executes a command. |
| `lsblk` | Lists block devices. |
| `lsusb` | Lists USB devices. |
| `lsof` | Lists opened files. |
| `lspci` | Lists PCI devices. |
| `sudo` | Execute command as a different user. |
| `su` | The `su` utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is then executed. |
| `useradd` | Creates a new user or update default new user information. |
| `userdel` | Deletes a user account and related files. |
| `usermod` | Modifies a user account. |
| `addgroup` | Adds a group to the system. |
| `delgroup` | Removes a group from the system. |
| `passwd` | Changes user password. |
| `dpkg` | Install, remove and configure Debian-based packages. |
| `apt` | High-level package management command-line utility. |
| `aptitude` | Alternative to `apt`. |
| `snap` | Install, remove and configure snap packages. |
| `gem` | Standard package manager for Ruby. |
| `pip` | Standard package manager for Python. |
| `git` | Revision control system command-line utility. |
| `systemctl` | Command-line based service and systemd control manager. |
| `ps` | Prints a snapshot of the current processes. |
| `journalctl` | Query the systemd journal. |
| `kill` | Sends a signal to a process. |
| `bg` | Puts a process into background. |
| `jobs` | Lists all processes that are running in the background. |
| `fg` | Puts a process into the foreground. |
| `curl` | Command-line utility to transfer data from or to a server. |
| `wget` | An alternative to `curl` that downloads files from FTP or HTTP(s) server. |
| `python3 -m http.server` | Starts a Python3 web server on TCP port 8000. |
| `ls` | Lists directory contents. |
| `cd` | Changes the directory. |
| `clear` | Clears the terminal. |
| `touch` | Creates an empty file. |
| `mkdir` | Creates a directory. |
| `tree` | Lists the contents of a directory recursively. |
| `mv` | Move or rename files or directories. |
| `cp` | Copy files or directories. |
| `nano` | Terminal based text editor. |
| `which` | Returns the path to a file or link. |
| `find` | Searches for files in a directory hierarchy. |
| `updatedb` | Updates the locale database for existing contents on the system. |
| `locate` | Uses the locale database to find contents on the system. |
| `more` | Pager that is used to read STDOUT or files. |
| `less` | An alternative to `more` with more features. |
| `head` | Prints the first ten lines of STDOUT or a file. |
| `tail` | Prints the last ten lines of STDOUT or a file. |
| `sort` | Sorts the contents of STDOUT or a file. |
| `grep` | Searches for specific results that contain given patterns. |
| `cut` | Removes sections from each line of files. |
| `tr` | Replaces certain characters. |
| `column` | Command-line based utility that formats its input into multiple columns. |
| `awk` | Pattern scanning and processing language. |
| `sed` | A stream editor for filtering and transforming text. |
| `wc` | Prints newline, word, and byte counts for a given input. |
| `chmod` | Changes permission of a file or directory. |
| `chown` | Changes the owner and group of a file or directory. |

BIN
Linux/img/htop.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 243 KiB

13
Linux/readme.md
View File

@ -0,0 +1,13 @@
# Linux
## overview
- Linux basics
- Files and Directory
- Users & Groups
- Privileges
- Linux tools
- SSH
- SSH client
- SSH server
- SH key
- Vim - [Beginer's guide](https://www.linux.com/training-tutorials/vim-101-beginners-guide-vim/ )

283
Linux/ssh/install_ssh_server.md Normal file
View File

@ -0,0 +1,283 @@
#How To Install and Enable SSH Server on Debian 10
[reference](https://devconnected.com/how-to-install-and-enable-ssh-server-on-debian-10/)
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Enabling the SSH server on boot on Debian 10
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
$ netstat -tulpn | grep 2222
Checking SSH port on Linux using netstat
Connecting to your SSH server
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
$ ssh -p <port> <username>@<ip_address>
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
$ sudo ifconfig
Checking local IP using ifconfig
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
$ ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
Connecting to SSH server on Debian 10 Buster
Exiting your SSH server
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type logout and your connection will be terminated.
Logout from the SSH server
Disabling your SSH server
In order to disable your SSH server on Debian 10, run the following command
$ sudo systemctl stop sshd
$ sudo systemctl status sshd
Stopping SSH server on Debian 10
From there, your SSH server wont be accessible anymore.
Connection refused from the SSH server
Troubleshooting
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
Here is the list of the common errors you might get during the setup.
Debian : SSH connection refused
Usually, you are getting this error because your firewall is not properly configured on Debian.
To solve “SSH connection refused” you have to double check your UFW firewall settings.
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
If the rule is not set for SSH, you can set by running the iptables command again.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Debian : SSH access denied
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
To solve this issue, it depends on the authentication method you are using.
SSH password access denied
If you are using the password method, double check your password and make sure you are entering it correctly.
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
#PermitRootLogin
PermitRootLogin yes
SSH key access denied
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
Debian : Unable to locate package openssh-server
For this one, you have to make sure that you have set correctly your APT repositories.
Add the following entry to your sources.list file and update your packages.
$ sudo nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian wheezy main
$ sudo apt-get update
Conclusion
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

531
Linux/ssh/ssh.md Normal file
View File

@ -0,0 +1,531 @@
# SSH
## OpenSSH SSH client (remote login program)
- SSH: (SSH client) is a program for logging into a remote machine and for executing commands on a
remote machine
- SSH Server: server
## Fist login to remote server
```bash
$ ssh student@172.30.6.99
The authenticity of host '172.30.6.99 (172.30.6.99)' can't be established.
ECDSA key fingerprint is SHA256:w2XxVfnfPpYCeCjEBzmI0AeuaqiC0Sx1FBwrGmnYh64.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.30.6.99' (ECDSA) to the list of known hosts.
student@172.30.6.99's password:
Connection closed by 172.30.6.99 port 22
```
## Login to remote server
```bash
admin@d3bi4n:~$ ssh student@172.30.6.99
student@172.30.6.99's password:
Linux debianserver 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Apr 8 11:15:57 2021 from 172.30.6.84
```
ECDSA key finger print is used to validate the server identity for future connection.
## Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
```bash
$ sudo apt-get update
```
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
```bash
$ sudo apt-get install openssh-server
```
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
```bash
$ sudo systemctl status sshd
user@w3b-73rv3r:~$ sudo systemctl status sshd
[sudo] password for user:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-04-08 05:35:36 EDT; 10min ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 490 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 499 (sshd)
Tasks: 1 (limit: 4689)
Memory: 3.8M
CGroup: /system.slice/ssh.service
└─499 /usr/sbin/sshd -D
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Starting OpenBSD Secure Shell server...
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on 0.0.0.0 port 22.
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on :: port 22.
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Started OpenBSD Secure Shell server.
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: Accepted password for user from 172.30.6.99 port 55748 ssh2
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: pam_unix(sshd:session): session opened for user user by (uid=0)
r4v3n@w3b-73rv3r:~$
```
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
BasicsLinux System Administration
How To Install and Enable SSH Server on Debian 10
written by schkn
How To Install and Enable SSH Server on Debian 10
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
Table of Contents
Prerequisites
Installing OpenSSH Server on Debian 10
Enabling SSH traffic on your firewall settings
Enable SSH server on system boot
Configuring your SSH server on Debian
Changing SSH default port
Disabling Root Login on your SSH server
Configuring key-based SSH authentication
Restarting your SSH server to apply changes
Connecting to your SSH server
Exiting your SSH server
Disabling your SSH server
Troubleshooting
Debian : SSH connection refused
Debian : SSH access denied
SSH password access denied
SSH key access denied
Debian : Unable to locate package openssh-server
Conclusion
Prerequisites
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
To check whether you have sudo privileges or not, run the following command
$ sudo -l
If you are seeing the following entries on your terminal, it means that you have elevated privileges
Checking sudo privileges on Debian 10
By default, the ssh utility should be installed on your host, even on minimal configurations.
In order to check the version of your SSH utility, you can run the following command
$ ssh -V
Checking SSH version on Debian 10
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
Installing OpenSSH Server on Debian 10
First of all, make sure that your packages are up to date by running an update command
$ sudo apt-get update
Updating apt packages on Debian 10
In order to install a SSH server on Debian 10, run the following command
$ sudo apt-get install openssh-server
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
If the installation was successful, you should now have a sshd service installed on your host.
To check your newly installed service, run the following command
$ sudo systemctl status sshd
Checking ssh server status on Debian 10
By default, your SSH server is going to run on port 22.
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
$ netstat -tulpn | grep 22
Great! Your SSH server is now up and running on your Debian 10 host.
Enabling SSH traffic on your firewall settings
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
To enable SSH connections on your host, run the following command
$ sudo ufw allow ssh
Enabling SSH connections with UFW on Debian 10
Enable SSH server on system boot
As you probably saw, your SSH server is now running as a service on your host.
It is also very likely that it is instructed to start at boot time.
To check whether your service is enable or not, you can run the following command
$ sudo systemctl list-unit-files | grep enabled | grep ssh
If no results are shown on your terminal, enable the service and run the command again
$ sudo systemctl enable ssh
Enabling the SSH server on boot on Debian 10
Configuring your SSH server on Debian
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
By default, your SSH configuration files are located at /etc/ssh/
Listing SSH configuration files in etc
In this directory, you are going to find many different configuration files, but the most important ones are :
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
Changing SSH default port
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
Edit your sshd_config configuration file and look for the following line.
#Port 22
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
Changing the default SSH port
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
Please refer to the Connecting to your SSH server section for further information.
Disabling Root Login on your SSH server
By default, root login is available on your SSH server.
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
To disable root login on your SSH server, modify the following line
#PermitRootLogin
PermitRootLogin no
Disabling root login for SSH on Debian
Configuring key-based SSH authentication
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
Restarting your SSH server to apply changes
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
$ sudo systemctl restart sshd
$ sudo systemctl status sshd
SSH server status from systemd
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
$ netstat -tulpn | grep 2222
Checking SSH port on Linux using netstat
Connecting to your SSH server
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
$ ssh -p <port> <username>@<ip_address>
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
$ sudo ifconfig
Checking local IP using ifconfig
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
$ ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
Connecting to SSH server on Debian 10 Buster
Exiting your SSH server
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type logout and your connection will be terminated.
Logout from the SSH server
Disabling your SSH server
In order to disable your SSH server on Debian 10, run the following command
$ sudo systemctl stop sshd
$ sudo systemctl status sshd
From there, your SSH server wont be accessible anymore.
Connection refused from the SSH server
Troubleshooting
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
Here is the list of the common errors you might get during the setup.
Debian : SSH connection refused
Usually, you are getting this error because your firewall is not properly configured on Debian.
To solve “SSH connection refused” you have to double check your UFW firewall settings.
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
If the rule is not set for SSH, you can set by running the iptables command again.
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
Debian : SSH access denied
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
To solve this issue, it depends on the authentication method you are using.
SSH password access denied
If you are using the password method, double check your password and make sure you are entering it correctly.
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
#PermitRootLogin
PermitRootLogin yes
SSH key access denied
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
Debian : Unable to locate package openssh-server
For this one, you have to make sure that you have set correctly your APT repositories.
Add the following entry to your sources.list file and update your packages.
$ sudo nano /etc/apt/sources.list
deb http://ftp.us.debian.org/debian wheezy main
$ sudo apt-get update
Conclusion
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

245
Linux/ssh/ssh_key.md Normal file
View File

@ -0,0 +1,245 @@
# How To Set Up SSH Keys on Debian 10 Buster
The Secure Shell (or SSH) is a cryptographic protocol enabling secure communication between clients and servers.
SSH is widely used to connect to remote Linux systems in a secure way. It is also used in the Windows ecosystem to connect to remote Windows machines via OpenSSH.
SSH has two ways of authenticating users on a machine : either via a password or via a public key authentication system. Using a key-pair authentication, you wont need to type a password to login, everything is going to be automatic.
In this tutorial, we are going describe how to set up SSH keys on a Debian 10 Buster instance.
Table of Contents
1 Create SSH Key Pair on Debian
2 Copy the SSH public key to your client host
a Copy SSH keys using ssh-copy-id
b Copy SSH keys using ssh without ssh-copy-id
c Copy SSH key manually to the client
3 Connect to your remote host with SSH
4 Disable the SSH password authentication
5 Allow/Deny certain users and groups to have SSH access
6 Conclusion
1 Create SSH Key Pair on Debian
Before starting, make sure that you dont have any pre-existing SSH keys into your ssh directory.
Run a simple ls command into your .ssh directory.
$ cd /home/user/.ssh
$ ls -al
SSH directory on Linux
In order to generate a SSH key on Debian, you are going to need the ssh-keygen tool.
By default, ssh-keygen is already installed on Debian 10.
To create a SSH key pair, use the following command.
$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
This ssh-keygen will take care of creating your key.
The -t flag specifies the type of encryption used (in this case RSA).
The -b determines the number of bytes used to create your key. In general, you want to use at least 2048 bytes for a key, but we are going to use 4096 in our case.
Finally, the -C flag provides a comment for the key pair, in this case the e-mail used.
When creating your SSH keys, you will be asked a number of questions.
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
You can leave this one as default, except if you want to store it in a custom key file.
Enter passphrase (empty for no passphrase)
Choose a strong passphrase for your key. In case somebody steals your key, the passphrase will be required as a second security option.
If you want to automatically connect to your server without being prompted any password, leave the passphrase blank.
Password authentication will be disabled in the next chapters, but you will still be prompted with the passphrase if you decided to define one. Passphrases are recommended for production and sensitive environments.
Enter your passphrase again, and your SSH key should be created.
Set up a SSH key on Debian using ssh-keygen
In this example, my file was created in /home/devconnected/.ssh directory.
Private and public key set up on Debian
As a result of your command, two files were created.
id_rsa: this is the PRIVATE key that is going to be used on the server side to identify incoming client requests. It should obviously not be shared with anybody. It is also used by the client to verify the servers identity.
id_rsa.pub: the “pub” extension stands for “public”. This is the PUBLIC key that is going to be used by clients to connect to the server. This is the file that you are allowed to share with clients.
2 Copy the SSH public key to your client host
In order to copy your newly created SSH key, you should not use an unsecure protocol (like TCP for example) as it would expose your SSH keys to hackers.
If your SSH keys are compromised, there are essentially no benefits in using a secure protocol like SSH.
As a consequence, heres how you should copy your SSH keys to remote hosts.
a Copy SSH keys using ssh-copy-id
To run ssh-copy-id, execute the following command.
$ ssh-copy-id remoteuser@remotehost
You may be prompted with the following question.
The authenticity of host '142.93.103.142' can't be established.
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
Are you sure you want to continue connecting (yes/no)? yes
Finally, you will be asked to provide the password the remote user.
remoteuser@remotehost's password:
Type in the password. As a result, you should see the following output.
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'remoteuser@remotehost'" and check to make sure that only the key(s) you wanted were added.
On my client host, in the .ssh directory, lets see the files created.
Public key set up on Debian client
Awesome, my client now has an authorized_keys file, specifying the host it can connect to.
Now on my client host, if I try to connect to my server with SSH, I should be able to do it.
b Copy SSH keys using ssh without ssh-copy-id
In case you dont have ssh-copy-id on your instance, you can also use the SSH command to securely transfer your file to the server.
The command is longer but it is as secure as a regular ssh-copy-id command.
Here is the command to copy your SSH keys to your client host.
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remoteserver "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
By running this command, you are going to be asked for the passphrase on the server.
Unlocking a private SSH key on Debian 10
Enter the correct passphrase and click “Unlock”.
With this command, you are taking the content of your public key and sending it over SSH to your remote host.
The command first asserts that you have the .ssh folder on your remote host. The content is appended to the actual content of the authorized_keys file (if already existing).
Lets take a look at our file on the remote host.
Set up SSH public key on Debian 10
Great! The content was correctly appended to our existing authorized_keys file.
c Copy SSH key manually to the client
Another alternative is to copy the content of your public key directly to the client filesystem.
First, display the content of the public key using the cat command.
$ cd /home/user/.ssh
$ cat id_rsa.pub
Displaying SSH public key on Debian
Go to your remote server, and find the .ssh folder on the client. You will need to append the content of the public key to the authorized_keys file on the server.
As you can see, file permissions on this file are restricted, which means that you are going to need sudo rights to modify this file.
$ cd /home/client/.ssh
$ sudo nano authorized_keys
Append your key by simply copying and pasting the content to the end of your existing authorized_keys file.
Appending a public key to the SSH authorized keys
Save your file and exit your text editor.
Now that everything is ready, and that your SSH keys are set up, it is time for you to connect to your host using your keys.
3 Connect to your remote host with SSH
Now that everything is ready, you need to connect to your server using key-based SSH authentication.
To do it, perform a normal SSH connection, like you used to do in the past.
$ ssh user@server_ip
On the first connection, you should be prompted to validate the identity of your server. This is a paragraph that you already saw when you were trying to copy your SSH keys to your client host.
The authenticity of host '142.93.103.142' can't be established.
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
Are you sure you want to continue connecting (yes/no)? yes
If you defined a passphrase in the previous sections, you will be asked to provide it now.
Enter passphrase for key '/home/user/.ssh/id_rsa'
On success, you are going to be connected to your remote host.
Congratulations! You successfully set up SSH key-based authentication for your servers.
SSH connection shell
4 Disable the SSH password authentication
When you are connecting as a known client (a client that owns a public key for this specific server), you are not going to be asked for a password.
You can be asked for the passphrase if you configured it, but most of the time it is as seamless as connecting directly to your server without any prompt.
However, if you read my article about SSH geolocating, you may remember that hackers may try to brute-force their ways into your server.
SSH bruteforce login trials
Remember all the different combinations tried by hackers to gain access to my servers?
In order to prevent SSH attacks like this from happening, we need to disable password authentication for our server. This way, only users having a key will be able to login on the server.
To disable SSH password authentication, go the /etc/ssh folder, and edit your sshd_config file.
$ sudo nano /etc/ssh/sshd_config
Look for the “PasswordAuthentication” section in this configuration file, and change its value to “No”.
Disabling password authentication for SSH access on Debian
Restart your SSH service, and make sure that everything is working properly.
$ sudo systemctl restart ssh
$ sudo systemctl status ssh
SSH service running on Debian
Awesome!
You have successfully set up SSH keys for your Linux server.
5 Allow/Deny certain users and groups to have SSH access
As an additional security rule, you can allow only certain users to access your server.
Similarly, you can deny specific users from accessing your server, if you want to ban a certain user or group for example.
In order to allow specific users to have SSH access, head over to your SSH configuration file, and add a AllowUsers entry to your file.
Similarly, if you want to whitelist a specific group on your server, add a AllowGroups entry to your SSH configuration file.
$ cd /etc/ssh
$ sudo nano sshd_config
Allowing certain users to access SSH on Debian
To deny certain users from using SSH on your server, add the following entries to your configuration file.
Similarly, if you want to deny certain groups to have SSH access to your server, add a DenyGroups entry to your SSH configuration file.
Denying certain users to access SSH on Debian 10
Restart your SSH service for the modifications to be applied.
$ sudo systemctl restart ssh
$ sudo systemctl status ssh
6 Conclusion
Today, you successfully learned how to set up SSH keys on Debian 10 Buster, but the same steps can be applied to Ubuntu and CentOS machines.
Did you know?
SSH can also be used in order to setup SSH key-based authentication on Git.
Securing your server with SSH keys is a very crucial step if you want to prevent easy yet very effective attacks to be run against your server.
If you have a Debian machine on hosted servers, it is very likely that some bots are trying to access it. SSH Keys set up is one of the steps to make those attacks uneffective.

0
Linux/ssh_server.md → Linux/ssh/ssh_server.md
View File

168
Vim/readme.md
View File

@ -0,0 +1,168 @@
# VIM
## VIM Tutors notes
### Cool stuff
- :set nu => ajoute les numeros de lignes
- :set nonu => unset number
### Text editing
- i => Insert
- A => Append text to the end of the line
- diw => delete inner word
- dw => delete a word
### save and quit
- :wq save and quit
- !:q quit without saving
# Lesson 1 SUMMARY
1. The cursor is moved using either the arrow keys or the hjkl keys.
h (left) j (down) k (up) l (right)
2. To start Vim from the shell prompt type: vim FILENAME <ENTER>
3. To exit Vim type: <ESC> :q! <ENTER> to trash all changes.
OR type: <ESC> :wq <ENTER> to save the changes.
4. To delete the character at the cursor type: x
5. To insert or append text type:
i type inserted text <ESC> insert before the cursor
A type appended text <ESC> append after the line
NOTE: Pressing <ESC> will place you in Normal mode or will cancel
an unwanted and partially completed command.
# Lesson 2 SUMMARY
1. To delete from the cursor up to the next word type: dw
2. To delete from the cursor to the end of a line type: d$
3. To delete a whole line type: dd
4. To repeat a motion prepend it with a number: 2w
5. The format for a change command is:
operator [number] motion
where:
operator - is what to do, such as d for delete
[number] - is an optional count to repeat the motion
motion - moves over the text to operate on, such as w (word),
$ (to the end of line), etc.
A short list of motions:
w - until the start of the next word, EXCLUDING its first character.
e - to the end of the current word, INCLUDING the last character.
$ - to the end of the line, INCLUDING the last character.
6. To move to the start of the line use a zero: 0
7. To undo previous actions, type: u (lowercase u)
To undo all the changes on a line, type: U (capital U)
To undo the undo's, type: CTRL-R
## Lesson 3 SUMMARY
1. To put back text that has just been deleted, type p . This puts the
deleted text AFTER the cursor (if a line was deleted it will go on the
line below the cursor).
2. To replace the character under the cursor, type r and then the
character you want to have there.
3. The change operator allows you to change from the cursor to where the
motion takes you. eg. Type ce to change from the cursor to the end of
the word, c$ to change to the end of a line.
4. The format for change is:
c [number] motion
## Lesson 4 SUMMARY
1. CTRL-G displays your location in the file and the file status.
G moves to the end of the file.
number G moves to that line number.
gg moves to the first line.
2. Typing / followed by a phrase searches FORWARD for the phrase.
Typing ? followed by a phrase searches BACKWARD for the phrase.
After a search type n to find the next occurrence in the same direction
or N to search in the opposite direction.
CTRL-O takes you back to older positions, CTRL-I to newer positions.
3. Typing % while the cursor is on a (,),[,],{, or } goes to its match.
4. To substitute new for the first old in a line type :s/old/new
To substitute new for all 'old's on a line type :s/old/new/g
To substitute phrases between two line #'s type :#,#s/old/new/g
To substitute all occurrences in the file type :%s/old/new/g
To ask for confirmation each time add 'c' :%s/old/new/gc
To change every occurrence of a character string between two lines,
type :#,#s/old/new/g where #,# are the line numbers of the range
of lines where the substitution is to be done.
Type :%s/old/new/g to change every occurrence in the whole file.
Type :%s/old/new/gc to find every occurrence in the whole file,
with a prompt whether to substitute or not.
## Lesson 5 SUMMARY
1. :!command executes an external command.
Some useful examples are:
(Windows) (Unix)
:!dir :!ls - shows a directory listing.
:!del FILENAME :!rm FILENAME - removes file FILENAME.
2. :w FILENAME writes the current Vim file to disk with name FILENAME.
3. v motion :w FILENAME saves the Visually selected lines in file
FILENAME.
4. :r FILENAME retrieves disk file FILENAME and puts it below the
cursor position.
5. :r !dir reads the output of the dir command and puts it below the
cursor position.
## Lesson 6 SUMMARY
1. Type o to open a line BELOW the cursor and start Insert mode.
Type O to open a line ABOVE the cursor.
2. Type a to insert text AFTER the cursor.
Type A to insert text after the end of the line.
3. The e command moves to the end of a word.
4. The y operator yanks (copies) text, p puts (pastes) it.
5. Typing a capital R enters Replace mode until <ESC> is pressed.
6. Typing ":set xxx" sets the option "xxx". Some options are:
'ic' 'ignorecase' ignore upper/lower case when searching
'is' 'incsearch' show partial matches for a search phrase
'hls' 'hlsearch' highlight all matching phrases
You can either use the long or the short option name.
7. Prepend "no" to switch an option off: :set noic
## Lesson 7 SUMMARY
1. Type :help or press <F1> or <HELP> to open a help window.
2. Type :help cmd to find help on cmd .
3. Type CTRL-W CTRL-W to jump to another window.
4. Type :q to close the help window.
5. Create a vimrc startup script to keep your preferred settings.
6. When typing a : command, press CTRL-D to see possible completions.
Press <TAB> to use one completion.