Compare commits
No commits in common. "a5c3239ab7cddeb482ac0bbf9767bab94ea05af7" and "7a28cd79b3ae4a014c1debf740a942da5506ef34" have entirely different histories.
a5c3239ab7
...
7a28cd79b3
|
@ -1 +0,0 @@
|
|||
*.swp
|
|
@ -1,13 +1,15 @@
|
|||
# Linux
|
||||
|
||||
## Absolute Path vs Relative Path in Linux/Unix
|
||||
One of this blog follower asked us that whatâs the difference between absolute and relative path?
|
||||
|
||||
To understand this we have to know what is a path in Linux.
|
||||
### What is a path?
|
||||
|
||||
A path is a unique location to a file or a folder in a file system of an OS. A path to a file is a combination of / and alpha-numeric characters.
|
||||
### What is an absolute path?
|
||||
What is an absolute path?
|
||||
|
||||
An absolute path is defined as the specifying the location of a file or directory from the root directory(/). In other words we can say absolute path is a complete path from start of actual filesystem from / directory.
|
||||
|
||||
### Some examples of absolute path:
|
||||
```bash
|
||||
/var/ftp/pub
|
||||
|
@ -15,146 +17,117 @@ An absolute path is defined as the specifying the location of a file or director
|
|||
/boot/grub/grub.conf
|
||||
```
|
||||
If you see all these paths started from / directory which is a root directory for every Linux/Unix machines.
|
||||
|
||||
### What is the relative path?
|
||||
|
||||
Relative path is defined as path related to the present working directory(pwd). Suppose I am located in /var/log and I want to change directory to /var/log/kernel. I can use relative path concept to change directory to kernel
|
||||
|
||||
changing directory to /var/log/kernel by using relative path concept.
|
||||
```bash
|
||||
$ pwd/var/logcd kernel
|
||||
```
|
||||
|
||||
> $ pwd/var/logcd kernel
|
||||
|
||||
Note: If you observe there is no / before kernel which indicates itâs a relative directory to present working directory.
|
||||
|
||||
Changing directory to /var/log/kernel using absolute path concept.
|
||||
```bash
|
||||
$ cd /var/log/kernel
|
||||
```
|
||||
|
||||
> $ cd /var/log/kernel
|
||||
|
||||
Note: We can use an absolute path from any location where as if you want to use relative path we should be present in a directory where we are going to specify relative to that present working directory.
|
||||
|
||||
Examples of relative path and absolute path for the same operation.
|
||||
|
||||
# Basic Linux Command
|
||||
|
||||
## help
|
||||
|
||||
### Man: an interface to the on-line reference manuals
|
||||
```bash
|
||||
$ man ls
|
||||
```
|
||||
- Man: an interface to the on-line reference manuals
|
||||
> $ man ls
|
||||
|
||||
## Wildcard
|
||||
### \* show all picture (multiple char)
|
||||
```bash
|
||||
$ ls pic*
|
||||
```
|
||||
### **?** show only picture between 50 and 59 (only one char)
|
||||
```bash
|
||||
$ ls pic5?.jpg
|
||||
```
|
||||
### [] show only if char in [p-P]
|
||||
```bash
|
||||
$ ls [pP]ic*
|
||||
```
|
||||
* Show all picture (multiple char)
|
||||
> $ ls pic*
|
||||
|
||||
? show only picture between 50 and 59 (only one char)
|
||||
|
||||
> $ ls pic5?.jpg
|
||||
|
||||
[] show only if char in [p-P]
|
||||
|
||||
> $ ls [pP]ic*
|
||||
|
||||
## Files and directory
|
||||
|
||||
### ls: list directory contents
|
||||
```bash
|
||||
$ ls
|
||||
$args = -l -a -r -t -h --help
|
||||
```
|
||||
- ls: list directory contents
|
||||
> $ ls
|
||||
|
||||
> args = -l -a -r -t -h --help
|
||||
|
||||
|
||||
- Pwd: output the current working directory
|
||||
> $ pwd
|
||||
|
||||
- Cd: Change directory
|
||||
> $ cd
|
||||
|
||||
### Pwd: output the current working directory
|
||||
```bash
|
||||
$ pwd
|
||||
```
|
||||
### Cd: Change directory
|
||||
```bash
|
||||
$ cd
|
||||
```
|
||||
back to previous folder
|
||||
```bash
|
||||
$ cd -
|
||||
```
|
||||
> $ cd -
|
||||
|
||||
|
||||
- Mkdir: Make directory
|
||||
> $ mkdir test1 test2 test3
|
||||
|
||||
> $ mkdir -p lol/lol/lol
|
||||
|
||||
### Mkdir: Make directory
|
||||
```bash
|
||||
$ mkdir test1 test2 test3
|
||||
$ mkdir -p lol/lol/lol
|
||||
```
|
||||
-p to create parent directory if needed
|
||||
|
||||
### Rmdir: Remove directory
|
||||
```bash
|
||||
$ rmdir filename
|
||||
$ rm -rf filename
|
||||
```
|
||||
- Rmdir: Remove directory
|
||||
|
||||
> rmdir filename
|
||||
|
||||
> rm -rf filename
|
||||
|
||||
Delete all of the files in the diectory including all subdirectories and tier contents
|
||||
```bash
|
||||
$ rm -r \* .\*
|
||||
```
|
||||
> $ rm -r \* .\*
|
||||
|
||||
Remove all files with the .doc extension recursively in the current working directory.
|
||||
```bash
|
||||
$ rm \*\*/\*.doc
|
||||
```
|
||||
> $ rm \*\*/\*.doc
|
||||
|
||||
### Mv: Move directory (can be used to rename a file)
|
||||
```bash
|
||||
$ mv file /opt/movedfile
|
||||
```
|
||||
|
||||
### Cp: Copy file or directory
|
||||
```bash
|
||||
$ cp file /opt/newcopiedfile
|
||||
```
|
||||
- Mv: Move directory (can be used to rename a file)
|
||||
> mv file /opt/movedfile
|
||||
|
||||
### Touch: change file timestamps but it can also create files
|
||||
```bash
|
||||
$ touch nomdefichier.md
|
||||
$ touch pic{00..99}.jpeg # does not work
|
||||
```
|
||||
- Cp: Copy file or directory
|
||||
> $ cp file /opt/newcopiedfile
|
||||
|
||||
- Touch: change file timestamps but it can also create files
|
||||
> $ touch nomdefichier.md
|
||||
|
||||
> $ touch pic{00..99}.jpeg # does not work
|
||||
|
||||
- Which: Searching the PATH for executable files matching the names of the arguments
|
||||
> $ which ls
|
||||
|
||||
- File: file — determine file type
|
||||
> $ file myfile
|
||||
|
||||
### Which: Searching the PATH for executable files matching the names of the arguments
|
||||
```bash
|
||||
$ which ls
|
||||
```
|
||||
### File: file — determine file type
|
||||
```bash
|
||||
$ file myfile
|
||||
```
|
||||
## file viewer
|
||||
- More: file perusal filter for crt viewing
|
||||
|
||||
### More: file perusal filter for crt viewing
|
||||
```bash
|
||||
$ more filename
|
||||
```
|
||||
### Less: opposite of more but Less is more ;)
|
||||
```bash
|
||||
$ less filename
|
||||
```
|
||||
### Cat: concatenate files and print on the standard output
|
||||
```bash
|
||||
$ cat filename
|
||||
```
|
||||
### tail : output the last part of files
|
||||
> $ more filename
|
||||
|
||||
```bash
|
||||
$ tail -n 5 Workspace/SysAdminTraining/LinuxSysAdminsDoc/Linux/basic_cmd.md
|
||||
- dhclient > get ip
|
||||
- gnome networkmanager
|
||||
- wpa_supplicant > encryption @ wifi
|
||||
- Less: opposite of more but Less is more ;)
|
||||
|
||||
![htop](./img/htop.png)
|
||||
```
|
||||
> $ less filename
|
||||
|
||||
- Cat: concatenate files and print on the standard output
|
||||
|
||||
> $ cat filename
|
||||
|
||||
Args -n define the number of line needed
|
||||
## Users
|
||||
|
||||
### adduser, addgroup - add a user or group to the system
|
||||
adduser, addgroup - add a user or group to the system
|
||||
> sudo adduser steve
|
||||
|
||||
```bash
|
||||
$ sudo adduser steve
|
||||
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser steve
|
||||
[sudo] password for r4v3n:
|
||||
Sorry, try again.
|
||||
[sudo] password for r4v3n:
|
||||
|
@ -177,22 +150,22 @@ Is the information correct? [Y/n] y
|
|||
|
||||
```
|
||||
|
||||
### user skeleton: skeleton files used for new user configuration
|
||||
user skeleton: skeleton files used for new user configuration
|
||||
> $ ls /etc/skel/
|
||||
|
||||
```bash
|
||||
$ ls /etc/skel/
|
||||
$ ls -a 0 (0.002s) < 05:21:24
|
||||
─r4v3n at d3bi4n in /etc/skel
|
||||
╰─» ls -a 0 (0.002s) < 05:21:24
|
||||
./ ../ .bash_logout .bashrc .profile
|
||||
|
||||
```
|
||||
|
||||
### Change user
|
||||
```bash
|
||||
$ su - marie
|
||||
```
|
||||
- Change user
|
||||
> $ su - marie
|
||||
|
||||
## Permissions
|
||||
|
||||
### Chmod: change file mode bits
|
||||
- Chmod: change file mode bits
|
||||
|
||||
A combination of the letters **ugoa** controls which users' access to the file will be changed:
|
||||
- the user who owns it (u),
|
||||
|
@ -208,7 +181,7 @@ If none of these are given, the effect is as if (a) were given, but bits that ar
|
|||
marie@d3bi4n:~$ ls -l
|
||||
total 4
|
||||
-rw-r--r-- 1 marie marie 12 Apr 7 05:44 test
|
||||
|
||||
```
|
||||
|
||||
> $ chmod o-r mysecret
|
||||
|
||||
|
@ -218,9 +191,8 @@ total 4
|
|||
|
||||
> -rw-r--**rw**- 1 marie marie 12 Apr 7 05:44 test
|
||||
|
||||
```
|
||||
|
||||
## Using chmod in absolute mode
|
||||
##Using chmod in absolute mode
|
||||
|
||||
In the absolute mode, permissions are represented in numeric form (octal system to be precise). In this system, each file permission is represented by a number.
|
||||
|
||||
|
@ -242,40 +214,40 @@ With these numeric values, you can combine them and thus one number can be used
|
|||
| 6 (i.e. 4+2) | rw- |
|
||||
| 7 (i.e. 4+2+1) | rwx |
|
||||
|
||||
### most commonly used: 755 644 600 640
|
||||
most commonly used:
|
||||
755 644 600 640
|
||||
|
||||
Can you guess the file permission in numbers on agatha.txt file in our example so far? That’s right, it’s 764.
|
||||
|
||||
Now that you know what number represents which permission, let’s see how to change file permission using this knowledge.
|
||||
|
||||
Suppose you want to change the file permission on agatha.txt so that everyone can read and write but no one can execute it? In that case, you can use the chmod command like this:
|
||||
```bash
|
||||
$ chmod 666 agatha.txt
|
||||
```
|
||||
|
||||
> $ chmod 666 agatha.txt
|
||||
|
||||
## Danger : if a folder has not the X (executable) right => you cannot open it.
|
||||
|
||||
-R for recursive on folder
|
||||
|
||||
If you list agatha.txt now, you’ll see that the permission has been changed.
|
||||
```bash
|
||||
|
||||
> -rw-rw-rw- 1 abhishek abhishek 457 Aug 10 11:55 agatha.txt
|
||||
```
|
||||
|
||||
### Chown: change file owner and group
|
||||
```bash
|
||||
$ sudo chown marie:marie agatha.txt
|
||||
- Chown: change file owner and group
|
||||
> $ sudo chown marie:marie agatha.txt
|
||||
|
||||
-rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt
|
||||
```
|
||||
> -rw-rw-rw- 1 marie marie 457 Aug 10 11:56 agatha.txt
|
||||
|
||||
### Groups: print the groups a user is in
|
||||
```bash
|
||||
$ groups
|
||||
```
|
||||
### Groups
|
||||
|
||||
Groups: print the groups a user is in
|
||||
> $ groups
|
||||
|
||||
Adds user marie into steve group
|
||||
> $ adduser marie steve
|
||||
|
||||
```bash
|
||||
$ sudo adduser marie steve
|
||||
r4v3n@d3bi4n:~/Workspace/test$ sudo adduser marie steve
|
||||
Adding user `marie' to group `steve' ...
|
||||
Adding user marie to group steve
|
||||
Done.
|
||||
|
@ -286,203 +258,103 @@ marie steve
|
|||
|
||||
## Sysadmin tools
|
||||
|
||||
### Who:
|
||||
```bash
|
||||
student@debianserver:/var/log$ who
|
||||
waldek tty1 2021-04-08 11:06
|
||||
student pts/0 2021-04-08 11:13 (172.30.6.87)
|
||||
student pts/1 2021-04-08 11:14 (172.30.6.90)
|
||||
student pts/2 2021-04-08 11:14 (172.30.6.98)
|
||||
student pts/3 2021-04-08 11:21 (172.30.6.97)
|
||||
student pts/4 2021-04-08 11:15 (172.30.6.83)
|
||||
student pts/5 2021-04-08 11:15 (172.30.6.96)
|
||||
student pts/6 2021-04-08 11:23 (172.30.6.92)
|
||||
student pts/8 2021-04-08 11:15 (172.30.6.82)
|
||||
student pts/9 2021-04-08 11:17 (172.30.6.84)
|
||||
student pts/10 2021-04-08 11:16 (172.30.6.85)
|
||||
student pts/11 2021-04-08 11:17 (172.30.6.86)
|
||||
student tty2 2021-04-08 11:24
|
||||
|
||||
```
|
||||
pts pseudo terminal remote
|
||||
tty1 user loger localy on the machine
|
||||
|
||||
### Wall: write a message to all users
|
||||
```bash
|
||||
student@debianserver:/var/log$ wall 110101101101010
|
||||
|
||||
Broadcast message from student@debianserver (pts/10) (Thu Apr 8 11:29:42 2021)
|
||||
|
||||
110101101101010
|
||||
|
||||
```
|
||||
|
||||
### & vs &&
|
||||
```bash
|
||||
$ apt update && upgrade
|
||||
# && launch both instance one after the other
|
||||
$ sleep 10 & htop
|
||||
& launch in background the sleep 10 process and open htop
|
||||
```
|
||||
### exit status
|
||||
```bash
|
||||
$ ls thisnotexist
|
||||
ls: cannot access 'thisnotexist': No such file or directory
|
||||
$ echo $?
|
||||
2
|
||||
$ ls
|
||||
Desktop Documents Downloads Music Pictures Public Templates Videos Workspace
|
||||
$ echo $?
|
||||
0
|
||||
r4v3n@d3bi4n:~$
|
||||
|
||||
```
|
||||
### Display Environement variables
|
||||
```bash
|
||||
$ env
|
||||
SHELL=/bin/bash
|
||||
XDG_CURRENT_DESKTOP=GNOME
|
||||
...
|
||||
```
|
||||
### Get users password hases:
|
||||
```bash
|
||||
$ cat /etc/shadow | grep bash
|
||||
# get hashes
|
||||
$ sudo cat /etc/shadow | cut -d ":" -f2
|
||||
# get name
|
||||
$ sudo cat /etc/shadow | cut -d ":" -f1
|
||||
```
|
||||
### How to create a symbolic link in Linux
|
||||
- How to create a symbolic link in Linux
|
||||
To create a symbolic link to target file from link name,
|
||||
you can use the ln command with -s option like this:
|
||||
|
||||
```bash
|
||||
$ ln -s target_file link_name
|
||||
```
|
||||
|
||||
### alias:
|
||||
```bash
|
||||
$ alias ll="ls -l"
|
||||
```
|
||||
> ln -s target_file link_name
|
||||
|
||||
The -s option is important here. It determines that the link is soft link. If you don’t use it, it will create a hard link. I’ll explain the difference between soft links and hard links in a different article.
|
||||
|
||||
### Htop: Interactive processes viewer
|
||||
```bash
|
||||
$ htop
|
||||
```
|
||||
### Changer default shell
|
||||
```bash
|
||||
$ vim /etc/passwd
|
||||
- Htop: Interactive processes viewer
|
||||
> $ htop
|
||||
|
||||
- Changer default shell
|
||||
> $ vim /etc/passwd
|
||||
```bash
|
||||
steve:x:1002:1002:,,,:/home/steve:/bin/bash
|
||||
steve:x:1002:1002:,,,:/home/steve:/bin/fish
|
||||
|
||||
```
|
||||
|
||||
## how to navigate in a web page source code
|
||||
### Pipe | : pipe send result of the first command to the second
|
||||
```bash
|
||||
$ cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1
|
||||
```
|
||||
### Grep: print lines that match patterns
|
||||
- |: pipe send result of the first command to the second
|
||||
> cat /etc/passwd **|** **grep** bash |**cut** -d ":" -f1
|
||||
|
||||
- Grep: print lines that match patterns
|
||||
> $
|
||||
|
||||
Search for specific text with grep command
|
||||
```bash
|
||||
$ grep -l example document1.txt document2.txt
|
||||
$ grep -l example \*.txt
|
||||
```
|
||||
> $ grep -l example document1.txt document2.txt
|
||||
|
||||
> $ grep -l example \*.txt
|
||||
|
||||
grep as long as you include the -r (recursive) option in the command.
|
||||
```bash
|
||||
$ grep -lr example /path/to/directory1/\*.txt /path/to/directory2
|
||||
```
|
||||
|
||||
> $ grep -lr example /path/to/directory1/\*.txt /path/to/directory2
|
||||
|
||||
Or, to search the current directory and all subdirectories, omit the path at the end of the command.
|
||||
```bash
|
||||
$ grep -lr example
|
||||
```
|
||||
|
||||
### Cut: remove sections from each line of files
|
||||
```bash
|
||||
> $ grep -lr example
|
||||
|
||||
|
||||
- Cut: remove sections from each line of files
|
||||
> $
|
||||
```
|
||||
### Wc: print newline, word, and byte counts for each file
|
||||
```bash
|
||||
$ wc -l
|
||||
```
|
||||
|
||||
### Realpath
|
||||
- Wc: print newline, word, and byte counts for each file
|
||||
> $ wc -l
|
||||
|
||||
```bash
|
||||
$ realpath example.txt
|
||||
/home/username/example.txt
|
||||
```
|
||||
|
||||
### Wget: The non-interactive network downloader
|
||||
|
||||
```bash
|
||||
$ wget www.tandemlaw.be
|
||||
```
|
||||
search url inside index.html
|
||||
[Bashoneliners.com](bashoneliners.com)
|
||||
|
||||
```bash
|
||||
$ cat index.html | grep -o "https.*" |cut -d "\"" -f1 |sort | uniq
|
||||
```
|
||||
|
||||
## text editor
|
||||
### Nano: Nano's ANOther editor, an enhanced free Pico clone
|
||||
- Nano: Nano's ANOther editor, an enhanced free Pico clone
|
||||
(simple text editor for noobies)
|
||||
|
||||
```bash
|
||||
$ nano
|
||||
$ nano filename
|
||||
```
|
||||
### VIM: vim - Vi IMproved, a programmer's text editor (PGM)
|
||||
``` bash
|
||||
$ vim
|
||||
$ vim filename
|
||||
```
|
||||
> $ nano
|
||||
|
||||
> $ nano filename
|
||||
|
||||
- VIM: vim - Vi IMproved, a programmer's text editor (PGM)
|
||||
|
||||
> $ vim
|
||||
|
||||
> $ vim filename
|
||||
|
||||
# APT
|
||||
```bash
|
||||
$ apt install
|
||||
$ apt remove
|
||||
$ apt autoremove
|
||||
$ apt update
|
||||
```
|
||||
> $ apt install
|
||||
> $ apt remove
|
||||
> $ apt autoremove
|
||||
> $ apt update
|
||||
|
||||
|
||||
## Display & Destop Manager
|
||||
|
||||
### Architecture:
|
||||
```bash
|
||||
BIOS -> GRUB -> Display Manager -> Desktop Environement
|
||||
```
|
||||
### Install Desktop Environement (GUI)
|
||||
```bash
|
||||
$ tasksel
|
||||
$ apt install gnome
|
||||
$ apt remove gnome
|
||||
```
|
||||
* Architecture:
|
||||
> BIOS -> GRUB -> Display Manager -> Desktop Environement
|
||||
|
||||
### Reconfigurer le display manager
|
||||
```bash
|
||||
$ sudo dpkg-reconfigure gdm3
|
||||
```
|
||||
* Install Desktop Environement (GUI)
|
||||
|
||||
### Installer le display manager
|
||||
> $ tasksel
|
||||
> $ apt install gnome
|
||||
> $ apt remove gnome
|
||||
|
||||
```bash
|
||||
$ sudo apt install lightdm
|
||||
* Reconfigurer le display manager
|
||||
> $ sudo dpkg-reconfigure gdm3
|
||||
|
||||
* Installer le display manager
|
||||
|
||||
> $ sudo apt install lightdm
|
||||
|
||||
> $ sudo apt install gdm3
|
||||
|
||||
* remove Desktop environement
|
||||
|
||||
> $ sudo apt remove lightdm
|
||||
|
||||
$ sudo apt install gdm3
|
||||
```
|
||||
### remove Desktop environement
|
||||
```bash
|
||||
$ sudo apt remove lightdm
|
||||
```
|
||||
# Services
|
||||
- HTOP
|
||||
- dhclient > get ip
|
||||
- gnome networkmanager
|
||||
- wpa_supplicant > encryption @ wifi
|
||||
|
||||
![htop](./img/htop.png)
|
||||
|
|
|
@ -1,74 +0,0 @@
|
|||
| **Command** | **Description** |
|
||||
| --------------|-------------------|
|
||||
| `man <tool>` | Opens man pages for the specified tool. |
|
||||
| `<tool> -h` | Prints the help page of the tool. |
|
||||
| `apropos <keyword>` | Searches through man pages' descriptions for instances of a given keyword. |
|
||||
| `cat` | Concatenate and print files. |
|
||||
| `whoami` | Displays current username. |
|
||||
| `id` | Returns users identity. |
|
||||
| `hostname` | Sets or prints the name of the current host system. |
|
||||
| `uname` | Prints operating system name. |
|
||||
| `pwd` | Returns working directory name. |
|
||||
| `ifconfig` | The `ifconfig` utility is used to assign or view an address to a network interface and/or configure network interface parameters. |
|
||||
| `ip` | Ip is a utility to show or manipulate routing, network devices, interfaces, and tunnels. |
|
||||
| `netstat` | Shows network status. |
|
||||
| `ss` | Another utility to investigate sockets. |
|
||||
| `ps` | Shows process status. |
|
||||
| `who` | Displays who is logged in. |
|
||||
| `env` | Prints environment or sets and executes a command. |
|
||||
| `lsblk` | Lists block devices. |
|
||||
| `lsusb` | Lists USB devices. |
|
||||
| `lsof` | Lists opened files. |
|
||||
| `lspci` | Lists PCI devices. |
|
||||
| `sudo` | Execute command as a different user. |
|
||||
| `su` | The `su` utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is then executed. |
|
||||
| `useradd` | Creates a new user or update default new user information. |
|
||||
| `userdel` | Deletes a user account and related files. |
|
||||
| `usermod` | Modifies a user account. |
|
||||
| `addgroup` | Adds a group to the system. |
|
||||
| `delgroup` | Removes a group from the system. |
|
||||
| `passwd` | Changes user password. |
|
||||
| `dpkg` | Install, remove and configure Debian-based packages. |
|
||||
| `apt` | High-level package management command-line utility. |
|
||||
| `aptitude` | Alternative to `apt`. |
|
||||
| `snap` | Install, remove and configure snap packages. |
|
||||
| `gem` | Standard package manager for Ruby. |
|
||||
| `pip` | Standard package manager for Python. |
|
||||
| `git` | Revision control system command-line utility. |
|
||||
| `systemctl` | Command-line based service and systemd control manager. |
|
||||
| `ps` | Prints a snapshot of the current processes. |
|
||||
| `journalctl` | Query the systemd journal. |
|
||||
| `kill` | Sends a signal to a process. |
|
||||
| `bg` | Puts a process into background. |
|
||||
| `jobs` | Lists all processes that are running in the background. |
|
||||
| `fg` | Puts a process into the foreground. |
|
||||
| `curl` | Command-line utility to transfer data from or to a server. |
|
||||
| `wget` | An alternative to `curl` that downloads files from FTP or HTTP(s) server. |
|
||||
| `python3 -m http.server` | Starts a Python3 web server on TCP port 8000. |
|
||||
| `ls` | Lists directory contents. |
|
||||
| `cd` | Changes the directory. |
|
||||
| `clear` | Clears the terminal. |
|
||||
| `touch` | Creates an empty file. |
|
||||
| `mkdir` | Creates a directory. |
|
||||
| `tree` | Lists the contents of a directory recursively. |
|
||||
| `mv` | Move or rename files or directories. |
|
||||
| `cp` | Copy files or directories. |
|
||||
| `nano` | Terminal based text editor. |
|
||||
| `which` | Returns the path to a file or link. |
|
||||
| `find` | Searches for files in a directory hierarchy. |
|
||||
| `updatedb` | Updates the locale database for existing contents on the system. |
|
||||
| `locate` | Uses the locale database to find contents on the system. |
|
||||
| `more` | Pager that is used to read STDOUT or files. |
|
||||
| `less` | An alternative to `more` with more features. |
|
||||
| `head` | Prints the first ten lines of STDOUT or a file. |
|
||||
| `tail` | Prints the last ten lines of STDOUT or a file. |
|
||||
| `sort` | Sorts the contents of STDOUT or a file. |
|
||||
| `grep` | Searches for specific results that contain given patterns. |
|
||||
| `cut` | Removes sections from each line of files. |
|
||||
| `tr` | Replaces certain characters. |
|
||||
| `column` | Command-line based utility that formats its input into multiple columns. |
|
||||
| `awk` | Pattern scanning and processing language. |
|
||||
| `sed` | A stream editor for filtering and transforming text. |
|
||||
| `wc` | Prints newline, word, and byte counts for a given input. |
|
||||
| `chmod` | Changes permission of a file or directory. |
|
||||
| `chown` | Changes the owner and group of a file or directory. |
|
Binary file not shown.
Before Width: | Height: | Size: 243 KiB |
|
@ -1,13 +0,0 @@
|
|||
# Linux
|
||||
## overview
|
||||
- Linux basics
|
||||
- Files and Directory
|
||||
- Users & Groups
|
||||
- Privileges
|
||||
- Linux tools
|
||||
- SSH
|
||||
- SSH client
|
||||
- SSH server
|
||||
- SH key
|
||||
- Vim - [Beginer's guide](https://www.linux.com/training-tutorials/vim-101-beginners-guide-vim/ )
|
||||
|
|
@ -1,283 +0,0 @@
|
|||
#How To Install and Enable SSH Server on Debian 10
|
||||
[reference](https://devconnected.com/how-to-install-and-enable-ssh-server-on-debian-10/)
|
||||
|
||||
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
|
||||
|
||||
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
|
||||
|
||||
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
|
||||
|
||||
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
|
||||
|
||||
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
|
||||
|
||||
Table of Contents
|
||||
|
||||
Prerequisites
|
||||
Installing OpenSSH Server on Debian 10
|
||||
Enabling SSH traffic on your firewall settings
|
||||
Enable SSH server on system boot
|
||||
Configuring your SSH server on Debian
|
||||
Changing SSH default port
|
||||
Disabling Root Login on your SSH server
|
||||
Configuring key-based SSH authentication
|
||||
Restarting your SSH server to apply changes
|
||||
Connecting to your SSH server
|
||||
Exiting your SSH server
|
||||
Disabling your SSH server
|
||||
Troubleshooting
|
||||
Debian : SSH connection refused
|
||||
Debian : SSH access denied
|
||||
SSH password access denied
|
||||
SSH key access denied
|
||||
Debian : Unable to locate package openssh-server
|
||||
Conclusion
|
||||
|
||||
Prerequisites
|
||||
|
||||
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
|
||||
|
||||
To check whether you have sudo privileges or not, run the following command
|
||||
|
||||
$ sudo -l
|
||||
|
||||
If you are seeing the following entries on your terminal, it means that you have elevated privileges
|
||||
Checking sudo privileges on Debian 10
|
||||
|
||||
By default, the ssh utility should be installed on your host, even on minimal configurations.
|
||||
|
||||
In order to check the version of your SSH utility, you can run the following command
|
||||
|
||||
$ ssh -V
|
||||
|
||||
Checking SSH version on Debian 10
|
||||
|
||||
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
|
||||
|
||||
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
|
||||
|
||||
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
|
||||
Installing OpenSSH Server on Debian 10
|
||||
|
||||
First of all, make sure that your packages are up to date by running an update command
|
||||
|
||||
$ sudo apt-get update
|
||||
|
||||
Updating apt packages on Debian 10
|
||||
|
||||
In order to install a SSH server on Debian 10, run the following command
|
||||
|
||||
$ sudo apt-get install openssh-server
|
||||
|
||||
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
|
||||
|
||||
If the installation was successful, you should now have a sshd service installed on your host.
|
||||
|
||||
To check your newly installed service, run the following command
|
||||
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
Checking ssh server status on Debian 10
|
||||
|
||||
By default, your SSH server is going to run on port 22.
|
||||
|
||||
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
|
||||
|
||||
$ netstat -tulpn | grep 22
|
||||
|
||||
Great! Your SSH server is now up and running on your Debian 10 host.
|
||||
Enabling SSH traffic on your firewall settings
|
||||
|
||||
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
|
||||
|
||||
To enable SSH connections on your host, run the following command
|
||||
|
||||
$ sudo ufw allow ssh
|
||||
|
||||
Enabling SSH connections with UFW on Debian 10
|
||||
Enable SSH server on system boot
|
||||
|
||||
As you probably saw, your SSH server is now running as a service on your host.
|
||||
|
||||
It is also very likely that it is instructed to start at boot time.
|
||||
|
||||
To check whether your service is enable or not, you can run the following command
|
||||
|
||||
$ sudo systemctl list-unit-files | grep enabled | grep ssh
|
||||
|
||||
If no results are shown on your terminal, enable the service and run the command again
|
||||
|
||||
$ sudo systemctl enable ssh
|
||||
|
||||
Enabling the SSH server on boot on Debian 10
|
||||
Configuring your SSH server on Debian
|
||||
|
||||
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
|
||||
|
||||
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
|
||||
|
||||
By default, your SSH configuration files are located at /etc/ssh/
|
||||
Listing SSH configuration files in etc
|
||||
|
||||
In this directory, you are going to find many different configuration files, but the most important ones are :
|
||||
|
||||
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
|
||||
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
|
||||
|
||||
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
|
||||
Changing SSH default port
|
||||
|
||||
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
|
||||
|
||||
Edit your sshd_config configuration file and look for the following line.
|
||||
|
||||
#Port 22
|
||||
|
||||
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
|
||||
Changing the default SSH port
|
||||
|
||||
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
|
||||
|
||||
Please refer to the ‘Connecting to your SSH server’ section for further information.
|
||||
Disabling Root Login on your SSH server
|
||||
|
||||
By default, root login is available on your SSH server.
|
||||
|
||||
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
|
||||
|
||||
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
|
||||
|
||||
To disable root login on your SSH server, modify the following line
|
||||
|
||||
#PermitRootLogin
|
||||
|
||||
PermitRootLogin no
|
||||
|
||||
Disabling root login for SSH on Debian
|
||||
Configuring key-based SSH authentication
|
||||
|
||||
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
|
||||
|
||||
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
|
||||
Restarting your SSH server to apply changes
|
||||
|
||||
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
|
||||
|
||||
$ sudo systemctl restart sshd
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
SSH server status from systemd
|
||||
|
||||
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
|
||||
|
||||
$ netstat -tulpn | grep 2222
|
||||
|
||||
Checking SSH port on Linux using netstat
|
||||
Connecting to your SSH server
|
||||
|
||||
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
|
||||
|
||||
$ ssh -p <port> <username>@<ip_address>
|
||||
|
||||
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
|
||||
|
||||
$ sudo ifconfig
|
||||
|
||||
Checking local IP using ifconfig
|
||||
|
||||
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
|
||||
|
||||
$ ssh -p 2222 <user>@127.0.0.1
|
||||
|
||||
You will be asked to provide your password and to certify that the authenticity of the server is correct.
|
||||
Connecting to SSH server on Debian 10 Buster
|
||||
Exiting your SSH server
|
||||
|
||||
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.
|
||||
Logout from the SSH server
|
||||
Disabling your SSH server
|
||||
|
||||
In order to disable your SSH server on Debian 10, run the following command
|
||||
|
||||
$ sudo systemctl stop sshd
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
Stopping SSH server on Debian 10
|
||||
|
||||
From there, your SSH server won’t be accessible anymore.
|
||||
Connection refused from the SSH server
|
||||
Troubleshooting
|
||||
|
||||
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
|
||||
|
||||
Here is the list of the common errors you might get during the setup.
|
||||
Debian : SSH connection refused
|
||||
|
||||
Usually, you are getting this error because your firewall is not properly configured on Debian.
|
||||
|
||||
To solve “SSH connection refused” you have to double check your UFW firewall settings.
|
||||
|
||||
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
|
||||
|
||||
$ sudo ufw status
|
||||
|
||||
Status: active
|
||||
|
||||
To Action From
|
||||
-- ------ ----
|
||||
22/tcp ALLOW Anywhere
|
||||
|
||||
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
|
||||
|
||||
$ sudo iptables -L -n
|
||||
|
||||
Chain INPUT (policy ACCEPT)
|
||||
target prot opt source destination
|
||||
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
|
||||
|
||||
If the rule is not set for SSH, you can set by running the iptables command again.
|
||||
|
||||
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
|
||||
Debian : SSH access denied
|
||||
|
||||
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
|
||||
|
||||
To solve this issue, it depends on the authentication method you are using.
|
||||
SSH password access denied
|
||||
|
||||
If you are using the password method, double check your password and make sure you are entering it correctly.
|
||||
|
||||
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
|
||||
|
||||
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
|
||||
|
||||
#PermitRootLogin
|
||||
|
||||
PermitRootLogin yes
|
||||
|
||||
SSH key access denied
|
||||
|
||||
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
|
||||
|
||||
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
|
||||
Debian : Unable to locate package openssh-server
|
||||
|
||||
For this one, you have to make sure that you have set correctly your APT repositories.
|
||||
|
||||
Add the following entry to your sources.list file and update your packages.
|
||||
|
||||
$ sudo nano /etc/apt/sources.list
|
||||
|
||||
deb http://ftp.us.debian.org/debian wheezy main
|
||||
|
||||
$ sudo apt-get update
|
||||
|
||||
Conclusion
|
||||
|
||||
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
|
||||
|
||||
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
|
||||
|
||||
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.
|
||||
|
531
Linux/ssh/ssh.md
531
Linux/ssh/ssh.md
|
@ -1,531 +0,0 @@
|
|||
# SSH
|
||||
## OpenSSH SSH client (remote login program)
|
||||
|
||||
- SSH: (SSH client) is a program for logging into a remote machine and for executing commands on a
|
||||
remote machine
|
||||
- SSH Server: server
|
||||
|
||||
## Fist login to remote server
|
||||
```bash
|
||||
$ ssh student@172.30.6.99
|
||||
The authenticity of host '172.30.6.99 (172.30.6.99)' can't be established.
|
||||
ECDSA key fingerprint is SHA256:w2XxVfnfPpYCeCjEBzmI0AeuaqiC0Sx1FBwrGmnYh64.
|
||||
Are you sure you want to continue connecting (yes/no)? yes
|
||||
Warning: Permanently added '172.30.6.99' (ECDSA) to the list of known hosts.
|
||||
student@172.30.6.99's password:
|
||||
Connection closed by 172.30.6.99 port 22
|
||||
```
|
||||
## Login to remote server
|
||||
```bash
|
||||
admin@d3bi4n:~$ ssh student@172.30.6.99
|
||||
student@172.30.6.99's password:
|
||||
Linux debianserver 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64
|
||||
|
||||
The programs included with the Debian GNU/Linux system are free software;
|
||||
the exact distribution terms for each program are described in the
|
||||
individual files in /usr/share/doc/*/copyright.
|
||||
|
||||
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
|
||||
permitted by applicable law.
|
||||
Last login: Thu Apr 8 11:15:57 2021 from 172.30.6.84
|
||||
|
||||
```
|
||||
ECDSA key finger print is used to validate the server identity for future connection.
|
||||
|
||||
## Installing OpenSSH Server on Debian 10
|
||||
|
||||
First of all, make sure that your packages are up to date by running an update command
|
||||
```bash
|
||||
$ sudo apt-get update
|
||||
```
|
||||
Updating apt packages on Debian 10
|
||||
|
||||
In order to install a SSH server on Debian 10, run the following command
|
||||
```bash
|
||||
$ sudo apt-get install openssh-server
|
||||
```
|
||||
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
|
||||
|
||||
If the installation was successful, you should now have a sshd service installed on your host.
|
||||
|
||||
To check your newly installed service, run the following command
|
||||
```bash
|
||||
$ sudo systemctl status sshd
|
||||
user@w3b-73rv3r:~$ sudo systemctl status sshd
|
||||
[sudo] password for user:
|
||||
● ssh.service - OpenBSD Secure Shell server
|
||||
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
|
||||
Active: active (running) since Thu 2021-04-08 05:35:36 EDT; 10min ago
|
||||
Docs: man:sshd(8)
|
||||
man:sshd_config(5)
|
||||
Process: 490 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
|
||||
Main PID: 499 (sshd)
|
||||
Tasks: 1 (limit: 4689)
|
||||
Memory: 3.8M
|
||||
CGroup: /system.slice/ssh.service
|
||||
└─499 /usr/sbin/sshd -D
|
||||
|
||||
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Starting OpenBSD Secure Shell server...
|
||||
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on 0.0.0.0 port 22.
|
||||
Apr 08 05:35:36 w3b-73rv3r sshd[499]: Server listening on :: port 22.
|
||||
Apr 08 05:35:36 w3b-73rv3r systemd[1]: Started OpenBSD Secure Shell server.
|
||||
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: Accepted password for user from 172.30.6.99 port 55748 ssh2
|
||||
Apr 08 05:45:17 w3b-73rv3r sshd[1663]: pam_unix(sshd:session): session opened for user user by (uid=0)
|
||||
r4v3n@w3b-73rv3r:~$
|
||||
|
||||
```
|
||||
|
||||
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
|
||||
|
||||
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
|
||||
|
||||
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
|
||||
|
||||
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
|
||||
|
||||
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
|
||||
|
||||
Table of Contents
|
||||
|
||||
Prerequisites
|
||||
Installing OpenSSH Server on Debian 10
|
||||
Enabling SSH traffic on your firewall settings
|
||||
Enable SSH server on system boot
|
||||
Configuring your SSH server on Debian
|
||||
Changing SSH default port
|
||||
Disabling Root Login on your SSH server
|
||||
Configuring key-based SSH authentication
|
||||
Restarting your SSH server to apply changes
|
||||
Connecting to your SSH server
|
||||
Exiting your SSH server
|
||||
Disabling your SSH server
|
||||
Troubleshooting
|
||||
Debian : SSH connection refused
|
||||
Debian : SSH access denied
|
||||
SSH password access denied
|
||||
SSH key access denied
|
||||
Debian : Unable to locate package openssh-server
|
||||
Conclusion
|
||||
|
||||
Prerequisites
|
||||
|
||||
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
|
||||
|
||||
To check whether you have sudo privileges or not, run the following command
|
||||
|
||||
$ sudo -l
|
||||
|
||||
If you are seeing the following entries on your terminal, it means that you have elevated privileges
|
||||
Checking sudo privileges on Debian 10
|
||||
|
||||
By default, the ssh utility should be installed on your host, even on minimal configurations.
|
||||
|
||||
In order to check the version of your SSH utility, you can run the following command
|
||||
|
||||
$ ssh -V
|
||||
|
||||
Checking SSH version on Debian 10
|
||||
|
||||
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
|
||||
|
||||
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
|
||||
|
||||
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
|
||||
Installing OpenSSH Server on Debian 10
|
||||
|
||||
First of all, make sure that your packages are up to date by running an update command
|
||||
|
||||
$ sudo apt-get update
|
||||
|
||||
Updating apt packages on Debian 10
|
||||
|
||||
In order to install a SSH server on Debian 10, run the following command
|
||||
|
||||
$ sudo apt-get install openssh-server
|
||||
|
||||
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
|
||||
|
||||
If the installation was successful, you should now have a sshd service installed on your host.
|
||||
|
||||
To check your newly installed service, run the following command
|
||||
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
Checking ssh server status on Debian 10
|
||||
|
||||
By default, your SSH server is going to run on port 22.
|
||||
|
||||
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
|
||||
|
||||
$ netstat -tulpn | grep 22
|
||||
|
||||
Great! Your SSH server is now up and running on your Debian 10 host.
|
||||
Enabling SSH traffic on your firewall settings
|
||||
|
||||
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
|
||||
|
||||
To enable SSH connections on your host, run the following command
|
||||
|
||||
$ sudo ufw allow ssh
|
||||
|
||||
Enabling SSH connections with UFW on Debian 10
|
||||
Enable SSH server on system boot
|
||||
|
||||
As you probably saw, your SSH server is now running as a service on your host.
|
||||
|
||||
It is also very likely that it is instructed to start at boot time.
|
||||
|
||||
To check whether your service is enable or not, you can run the following command
|
||||
|
||||
$ sudo systemctl list-unit-files | grep enabled | grep ssh
|
||||
|
||||
If no results are shown on your terminal, enable the service and run the command again
|
||||
|
||||
$ sudo systemctl enable ssh
|
||||
|
||||
Configuring your SSH server on Debian
|
||||
|
||||
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
|
||||
|
||||
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
|
||||
|
||||
By default, your SSH configuration files are located at /etc/ssh/
|
||||
Listing SSH configuration files in etc
|
||||
|
||||
In this directory, you are going to find many different configuration files, but the most important ones are :
|
||||
|
||||
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
|
||||
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
|
||||
|
||||
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
|
||||
|
||||
|
||||
Changing SSH default port
|
||||
|
||||
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
|
||||
|
||||
Edit your sshd_config configuration file and look for the following line.
|
||||
|
||||
#Port 22
|
||||
|
||||
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
|
||||
Changing the default SSH port
|
||||
|
||||
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
|
||||
|
||||
Please refer to the ‘Connecting to your SSH server’ section for further information.
|
||||
Disabling Root Login on your SSH server
|
||||
|
||||
By default, root login is available on your SSH server.
|
||||
|
||||
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
|
||||
|
||||
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
|
||||
|
||||
To disable root login on your SSH server, modify the following line
|
||||
|
||||
|
||||
#PermitRootLogin
|
||||
|
||||
PermitRootLogin no
|
||||
|
||||
Disabling root login for SSH on Debian
|
||||
Configuring key-based SSH authentication
|
||||
|
||||
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
|
||||
|
||||
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
|
||||
Restarting your SSH server to apply changes
|
||||
|
||||
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
|
||||
|
||||
$ sudo systemctl restart sshd
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
SSH server status from systemd
|
||||
|
||||
|
||||
|
||||
BasicsLinux System Administration
|
||||
How To Install and Enable SSH Server on Debian 10
|
||||
written by schkn
|
||||
How To Install and Enable SSH Server on Debian 10
|
||||
|
||||
This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server
|
||||
|
||||
SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.
|
||||
|
||||
As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.
|
||||
|
||||
As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.
|
||||
|
||||
In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.
|
||||
|
||||
Table of Contents
|
||||
|
||||
Prerequisites
|
||||
Installing OpenSSH Server on Debian 10
|
||||
Enabling SSH traffic on your firewall settings
|
||||
Enable SSH server on system boot
|
||||
Configuring your SSH server on Debian
|
||||
Changing SSH default port
|
||||
Disabling Root Login on your SSH server
|
||||
Configuring key-based SSH authentication
|
||||
Restarting your SSH server to apply changes
|
||||
Connecting to your SSH server
|
||||
Exiting your SSH server
|
||||
Disabling your SSH server
|
||||
Troubleshooting
|
||||
Debian : SSH connection refused
|
||||
Debian : SSH access denied
|
||||
SSH password access denied
|
||||
SSH key access denied
|
||||
Debian : Unable to locate package openssh-server
|
||||
Conclusion
|
||||
|
||||
Prerequisites
|
||||
|
||||
In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.
|
||||
|
||||
To check whether you have sudo privileges or not, run the following command
|
||||
|
||||
$ sudo -l
|
||||
|
||||
If you are seeing the following entries on your terminal, it means that you have elevated privileges
|
||||
Checking sudo privileges on Debian 10
|
||||
|
||||
By default, the ssh utility should be installed on your host, even on minimal configurations.
|
||||
|
||||
In order to check the version of your SSH utility, you can run the following command
|
||||
|
||||
$ ssh -V
|
||||
|
||||
Checking SSH version on Debian 10
|
||||
|
||||
As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.
|
||||
|
||||
Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.
|
||||
|
||||
It also mean that specific utilities related the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.
|
||||
Installing OpenSSH Server on Debian 10
|
||||
|
||||
First of all, make sure that your packages are up to date by running an update command
|
||||
|
||||
$ sudo apt-get update
|
||||
|
||||
Updating apt packages on Debian 10
|
||||
|
||||
In order to install a SSH server on Debian 10, run the following command
|
||||
|
||||
$ sudo apt-get install openssh-server
|
||||
|
||||
The command should run a complete installation process and it should set up all the necessary files for your SSH server.
|
||||
|
||||
If the installation was successful, you should now have a sshd service installed on your host.
|
||||
|
||||
To check your newly installed service, run the following command
|
||||
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
Checking ssh server status on Debian 10
|
||||
|
||||
By default, your SSH server is going to run on port 22.
|
||||
|
||||
This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command
|
||||
|
||||
$ netstat -tulpn | grep 22
|
||||
|
||||
Great! Your SSH server is now up and running on your Debian 10 host.
|
||||
Enabling SSH traffic on your firewall settings
|
||||
|
||||
If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.
|
||||
|
||||
To enable SSH connections on your host, run the following command
|
||||
|
||||
$ sudo ufw allow ssh
|
||||
|
||||
Enabling SSH connections with UFW on Debian 10
|
||||
Enable SSH server on system boot
|
||||
|
||||
As you probably saw, your SSH server is now running as a service on your host.
|
||||
|
||||
It is also very likely that it is instructed to start at boot time.
|
||||
|
||||
To check whether your service is enable or not, you can run the following command
|
||||
|
||||
$ sudo systemctl list-unit-files | grep enabled | grep ssh
|
||||
|
||||
If no results are shown on your terminal, enable the service and run the command again
|
||||
|
||||
$ sudo systemctl enable ssh
|
||||
|
||||
Enabling the SSH server on boot on Debian 10
|
||||
Configuring your SSH server on Debian
|
||||
|
||||
Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.
|
||||
|
||||
As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.
|
||||
|
||||
By default, your SSH configuration files are located at /etc/ssh/
|
||||
Listing SSH configuration files in etc
|
||||
|
||||
In this directory, you are going to find many different configuration files, but the most important ones are :
|
||||
|
||||
ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
|
||||
sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
|
||||
|
||||
We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.
|
||||
Changing SSH default port
|
||||
|
||||
The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.
|
||||
|
||||
Edit your sshd_config configuration file and look for the following line.
|
||||
|
||||
#Port 22
|
||||
|
||||
Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.
|
||||
Changing the default SSH port
|
||||
|
||||
When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.
|
||||
|
||||
Please refer to the ‘Connecting to your SSH server’ section for further information.
|
||||
Disabling Root Login on your SSH server
|
||||
|
||||
By default, root login is available on your SSH server.
|
||||
|
||||
It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.
|
||||
|
||||
If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.
|
||||
|
||||
To disable root login on your SSH server, modify the following line
|
||||
|
||||
#PermitRootLogin
|
||||
|
||||
PermitRootLogin no
|
||||
|
||||
Disabling root login for SSH on Debian
|
||||
Configuring key-based SSH authentication
|
||||
|
||||
In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.
|
||||
|
||||
If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.
|
||||
Restarting your SSH server to apply changes
|
||||
|
||||
In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted
|
||||
|
||||
$ sudo systemctl restart sshd
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
SSH server status from systemd
|
||||
|
||||
Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command
|
||||
|
||||
$ netstat -tulpn | grep 2222
|
||||
|
||||
Checking SSH port on Linux using netstat
|
||||
Connecting to your SSH server
|
||||
|
||||
In order to connect to your SSH server, you are going to use the ssh command with the following syntax
|
||||
|
||||
$ ssh -p <port> <username>@<ip_address>
|
||||
|
||||
If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command
|
||||
|
||||
$ sudo ifconfig
|
||||
|
||||
Checking local IP using ifconfig
|
||||
|
||||
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command
|
||||
|
||||
$ ssh -p 2222 <user>@127.0.0.1
|
||||
|
||||
You will be asked to provide your password and to certify that the authenticity of the server is correct.
|
||||
Connecting to SSH server on Debian 10 Buster
|
||||
Exiting your SSH server
|
||||
|
||||
In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.
|
||||
Logout from the SSH server
|
||||
Disabling your SSH server
|
||||
|
||||
In order to disable your SSH server on Debian 10, run the following command
|
||||
|
||||
$ sudo systemctl stop sshd
|
||||
$ sudo systemctl status sshd
|
||||
|
||||
From there, your SSH server won’t be accessible anymore.
|
||||
Connection refused from the SSH server
|
||||
Troubleshooting
|
||||
|
||||
In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.
|
||||
|
||||
Here is the list of the common errors you might get during the setup.
|
||||
Debian : SSH connection refused
|
||||
|
||||
Usually, you are getting this error because your firewall is not properly configured on Debian.
|
||||
|
||||
To solve “SSH connection refused” you have to double check your UFW firewall settings.
|
||||
|
||||
By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.
|
||||
|
||||
$ sudo ufw status
|
||||
|
||||
Status: active
|
||||
|
||||
To Action From
|
||||
-- ------ ----
|
||||
22/tcp ALLOW Anywhere
|
||||
|
||||
If you are using iptables, you can also have a check at your current IP rules with the iptables command.
|
||||
|
||||
$ sudo iptables -L -n
|
||||
|
||||
Chain INPUT (policy ACCEPT)
|
||||
target prot opt source destination
|
||||
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
|
||||
|
||||
If the rule is not set for SSH, you can set by running the iptables command again.
|
||||
|
||||
$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT
|
||||
|
||||
Debian : SSH access denied
|
||||
|
||||
Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.
|
||||
|
||||
To solve this issue, it depends on the authentication method you are using.
|
||||
SSH password access denied
|
||||
|
||||
If you are using the password method, double check your password and make sure you are entering it correctly.
|
||||
|
||||
Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.
|
||||
|
||||
Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.
|
||||
|
||||
#PermitRootLogin
|
||||
|
||||
PermitRootLogin yes
|
||||
|
||||
SSH key access denied
|
||||
|
||||
If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.
|
||||
|
||||
If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.
|
||||
|
||||
Debian : Unable to locate package openssh-server
|
||||
|
||||
For this one, you have to make sure that you have set correctly your APT repositories.
|
||||
|
||||
Add the following entry to your sources.list file and update your packages.
|
||||
|
||||
$ sudo nano /etc/apt/sources.list
|
||||
|
||||
deb http://ftp.us.debian.org/debian wheezy main
|
||||
|
||||
$ sudo apt-get update
|
||||
|
||||
Conclusion
|
||||
|
||||
In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.
|
||||
|
||||
You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.
|
||||
|
||||
If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.
|
|
@ -1,245 +0,0 @@
|
|||
# How To Set Up SSH Keys on Debian 10 Buster
|
||||
|
||||
The Secure Shell (or SSH) is a cryptographic protocol enabling secure communication between clients and servers.
|
||||
|
||||
SSH is widely used to connect to remote Linux systems in a secure way. It is also used in the Windows ecosystem to connect to remote Windows machines via OpenSSH.
|
||||
|
||||
SSH has two ways of authenticating users on a machine : either via a password or via a public key authentication system. Using a key-pair authentication, you won’t need to type a password to login, everything is going to be automatic.
|
||||
|
||||
In this tutorial, we are going describe how to set up SSH keys on a Debian 10 Buster instance.
|
||||
|
||||
Table of Contents
|
||||
|
||||
1 – Create SSH Key Pair on Debian
|
||||
2 – Copy the SSH public key to your client host
|
||||
a – Copy SSH keys using ssh-copy-id
|
||||
b – Copy SSH keys using ssh without ssh-copy-id
|
||||
c – Copy SSH key manually to the client
|
||||
3 – Connect to your remote host with SSH
|
||||
4 – Disable the SSH password authentication
|
||||
5 – Allow/Deny certain users and groups to have SSH access
|
||||
6 – Conclusion
|
||||
|
||||
1 – Create SSH Key Pair on Debian
|
||||
|
||||
Before starting, make sure that you don’t have any pre-existing SSH keys into your ssh directory.
|
||||
|
||||
Run a simple ls command into your .ssh directory.
|
||||
|
||||
$ cd /home/user/.ssh
|
||||
$ ls -al
|
||||
|
||||
SSH directory on Linux
|
||||
|
||||
In order to generate a SSH key on Debian, you are going to need the ssh-keygen tool.
|
||||
|
||||
By default, ssh-keygen is already installed on Debian 10.
|
||||
|
||||
To create a SSH key pair, use the following command.
|
||||
|
||||
$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
|
||||
|
||||
This ssh-keygen will take care of creating your key.
|
||||
|
||||
The -t flag specifies the type of encryption used (in this case RSA).
|
||||
|
||||
The -b determines the number of bytes used to create your key. In general, you want to use at least 2048 bytes for a key, but we are going to use 4096 in our case.
|
||||
|
||||
Finally, the -C flag provides a comment for the key pair, in this case the e-mail used.
|
||||
|
||||
When creating your SSH keys, you will be asked a number of questions.
|
||||
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/home/user/.ssh/id_rsa):
|
||||
|
||||
You can leave this one as default, except if you want to store it in a custom key file.
|
||||
|
||||
Enter passphrase (empty for no passphrase)
|
||||
|
||||
Choose a strong passphrase for your key. In case somebody steals your key, the passphrase will be required as a second security option.
|
||||
|
||||
If you want to automatically connect to your server without being prompted any password, leave the passphrase blank.
|
||||
|
||||
Password authentication will be disabled in the next chapters, but you will still be prompted with the passphrase if you decided to define one. Passphrases are recommended for production and sensitive environments.
|
||||
|
||||
Enter your passphrase again, and your SSH key should be created.
|
||||
Set up a SSH key on Debian using ssh-keygen
|
||||
|
||||
In this example, my file was created in /home/devconnected/.ssh directory.
|
||||
Private and public key set up on Debian
|
||||
|
||||
As a result of your command, two files were created.
|
||||
|
||||
id_rsa: this is the PRIVATE key that is going to be used on the server side to identify incoming client requests. It should obviously not be shared with anybody. It is also used by the client to verify the server’s identity.
|
||||
id_rsa.pub: the “pub” extension stands for “public”. This is the PUBLIC key that is going to be used by clients to connect to the server. This is the file that you are allowed to share with clients.
|
||||
|
||||
2 – Copy the SSH public key to your client host
|
||||
|
||||
In order to copy your newly created SSH key, you should not use an unsecure protocol (like TCP for example) as it would expose your SSH keys to hackers.
|
||||
|
||||
If your SSH keys are compromised, there are essentially no benefits in using a secure protocol like SSH.
|
||||
|
||||
As a consequence, here’s how you should copy your SSH keys to remote hosts.
|
||||
a – Copy SSH keys using ssh-copy-id
|
||||
|
||||
To run ssh-copy-id, execute the following command.
|
||||
|
||||
$ ssh-copy-id remoteuser@remotehost
|
||||
|
||||
You may be prompted with the following question.
|
||||
|
||||
The authenticity of host '142.93.103.142' can't be established.
|
||||
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
|
||||
Are you sure you want to continue connecting (yes/no)? yes
|
||||
|
||||
Finally, you will be asked to provide the password the remote user.
|
||||
|
||||
remoteuser@remotehost's password:
|
||||
|
||||
Type in the password. As a result, you should see the following output.
|
||||
|
||||
Number of key(s) added: 1
|
||||
|
||||
Now try logging into the machine, with: "ssh 'remoteuser@remotehost'" and check to make sure that only the key(s) you wanted were added.
|
||||
|
||||
On my client host, in the .ssh directory, let’s see the files created.
|
||||
Public key set up on Debian client
|
||||
|
||||
Awesome, my client now has an authorized_keys file, specifying the host it can connect to.
|
||||
|
||||
Now on my client host, if I try to connect to my server with SSH, I should be able to do it.
|
||||
b – Copy SSH keys using ssh without ssh-copy-id
|
||||
|
||||
In case you don’t have ssh-copy-id on your instance, you can also use the SSH command to securely transfer your file to the server.
|
||||
|
||||
The command is longer but it is as secure as a regular ssh-copy-id command.
|
||||
|
||||
Here is the command to copy your SSH keys to your client host.
|
||||
|
||||
$ cat ~/.ssh/id_rsa.pub | ssh remoteuser@remoteserver "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
|
||||
|
||||
By running this command, you are going to be asked for the passphrase on the server.
|
||||
Unlocking a private SSH key on Debian 10
|
||||
|
||||
Enter the correct passphrase and click “Unlock”.
|
||||
|
||||
With this command, you are taking the content of your public key and sending it over SSH to your remote host.
|
||||
|
||||
The command first asserts that you have the .ssh folder on your remote host. The content is appended to the actual content of the authorized_keys file (if already existing).
|
||||
|
||||
Let’s take a look at our file on the remote host.
|
||||
Set up SSH public key on Debian 10
|
||||
|
||||
Great! The content was correctly appended to our existing authorized_keys file.
|
||||
c – Copy SSH key manually to the client
|
||||
|
||||
Another alternative is to copy the content of your public key directly to the client filesystem.
|
||||
|
||||
First, display the content of the public key using the cat command.
|
||||
|
||||
$ cd /home/user/.ssh
|
||||
$ cat id_rsa.pub
|
||||
|
||||
Displaying SSH public key on Debian
|
||||
|
||||
Go to your remote server, and find the .ssh folder on the client. You will need to append the content of the public key to the authorized_keys file on the server.
|
||||
|
||||
As you can see, file permissions on this file are restricted, which means that you are going to need sudo rights to modify this file.
|
||||
|
||||
$ cd /home/client/.ssh
|
||||
$ sudo nano authorized_keys
|
||||
|
||||
Append your key by simply copying and pasting the content to the end of your existing authorized_keys file.
|
||||
Appending a public key to the SSH authorized keys
|
||||
|
||||
Save your file and exit your text editor.
|
||||
|
||||
Now that everything is ready, and that your SSH keys are set up, it is time for you to connect to your host using your keys.
|
||||
3 – Connect to your remote host with SSH
|
||||
|
||||
Now that everything is ready, you need to connect to your server using key-based SSH authentication.
|
||||
|
||||
To do it, perform a normal SSH connection, like you used to do in the past.
|
||||
|
||||
$ ssh user@server_ip
|
||||
|
||||
On the first connection, you should be prompted to validate the identity of your server. This is a paragraph that you already saw when you were trying to copy your SSH keys to your client host.
|
||||
|
||||
The authenticity of host '142.93.103.142' can't be established.
|
||||
ECDSA key fingerprint is SHA256:/KdeEfkcNce332KdLPqadkKaPapvcN32.
|
||||
Are you sure you want to continue connecting (yes/no)? yes
|
||||
|
||||
If you defined a passphrase in the previous sections, you will be asked to provide it now.
|
||||
|
||||
Enter passphrase for key '/home/user/.ssh/id_rsa'
|
||||
|
||||
On success, you are going to be connected to your remote host.
|
||||
|
||||
Congratulations! You successfully set up SSH key-based authentication for your servers.
|
||||
SSH connection shell
|
||||
4 – Disable the SSH password authentication
|
||||
|
||||
When you are connecting as a known client (a client that owns a public key for this specific server), you are not going to be asked for a password.
|
||||
|
||||
You can be asked for the passphrase if you configured it, but most of the time it is as seamless as connecting directly to your server without any prompt.
|
||||
|
||||
However, if you read my article about SSH geolocating, you may remember that hackers may try to brute-force their ways into your server.
|
||||
SSH bruteforce login trials
|
||||
|
||||
Remember all the different combinations tried by hackers to gain access to my servers?
|
||||
|
||||
In order to prevent SSH attacks like this from happening, we need to disable password authentication for our server. This way, only users having a key will be able to login on the server.
|
||||
|
||||
To disable SSH password authentication, go the /etc/ssh folder, and edit your sshd_config file.
|
||||
|
||||
$ sudo nano /etc/ssh/sshd_config
|
||||
|
||||
Look for the “PasswordAuthentication” section in this configuration file, and change its value to “No”.
|
||||
Disabling password authentication for SSH access on Debian
|
||||
|
||||
Restart your SSH service, and make sure that everything is working properly.
|
||||
|
||||
$ sudo systemctl restart ssh
|
||||
$ sudo systemctl status ssh
|
||||
|
||||
SSH service running on Debian
|
||||
|
||||
Awesome!
|
||||
|
||||
You have successfully set up SSH keys for your Linux server.
|
||||
5 – Allow/Deny certain users and groups to have SSH access
|
||||
|
||||
As an additional security rule, you can allow only certain users to access your server.
|
||||
|
||||
Similarly, you can deny specific users from accessing your server, if you want to ban a certain user or group for example.
|
||||
|
||||
In order to allow specific users to have SSH access, head over to your SSH configuration file, and add a AllowUsers entry to your file.
|
||||
|
||||
Similarly, if you want to whitelist a specific group on your server, add a AllowGroups entry to your SSH configuration file.
|
||||
|
||||
$ cd /etc/ssh
|
||||
$ sudo nano sshd_config
|
||||
|
||||
Allowing certain users to access SSH on Debian
|
||||
|
||||
To deny certain users from using SSH on your server, add the following entries to your configuration file.
|
||||
|
||||
Similarly, if you want to deny certain groups to have SSH access to your server, add a DenyGroups entry to your SSH configuration file.
|
||||
Denying certain users to access SSH on Debian 10
|
||||
|
||||
Restart your SSH service for the modifications to be applied.
|
||||
|
||||
$ sudo systemctl restart ssh
|
||||
$ sudo systemctl status ssh
|
||||
|
||||
6 – Conclusion
|
||||
|
||||
Today, you successfully learned how to set up SSH keys on Debian 10 Buster, but the same steps can be applied to Ubuntu and CentOS machines.
|
||||
|
||||
Did you know?
|
||||
|
||||
SSH can also be used in order to setup SSH key-based authentication on Git.
|
||||
|
||||
Securing your server with SSH keys is a very crucial step if you want to prevent easy yet very effective attacks to be run against your server.
|
||||
|
||||
If you have a Debian machine on hosted servers, it is very likely that some bots are trying to access it. SSH Keys set up is one of the steps to make those attacks uneffective.
|
168
Vim/readme.md
168
Vim/readme.md
|
@ -1,168 +0,0 @@
|
|||
# VIM
|
||||
## VIM Tutors notes
|
||||
|
||||
### Cool stuff
|
||||
- :set nu => ajoute les numeros de lignes
|
||||
- :set nonu => unset number
|
||||
### Text editing
|
||||
- i => Insert
|
||||
- A => Append text to the end of the line
|
||||
- diw => delete inner word
|
||||
- dw => delete a word
|
||||
|
||||
### save and quit
|
||||
- :wq save and quit
|
||||
- !:q quit without saving
|
||||
|
||||
# Lesson 1 SUMMARY
|
||||
|
||||
1. The cursor is moved using either the arrow keys or the hjkl keys.
|
||||
h (left) j (down) k (up) l (right)
|
||||
|
||||
2. To start Vim from the shell prompt type: vim FILENAME <ENTER>
|
||||
|
||||
3. To exit Vim type: <ESC> :q! <ENTER> to trash all changes.
|
||||
OR type: <ESC> :wq <ENTER> to save the changes.
|
||||
|
||||
4. To delete the character at the cursor type: x
|
||||
|
||||
5. To insert or append text type:
|
||||
i type inserted text <ESC> insert before the cursor
|
||||
A type appended text <ESC> append after the line
|
||||
|
||||
NOTE: Pressing <ESC> will place you in Normal mode or will cancel
|
||||
an unwanted and partially completed command.
|
||||
|
||||
# Lesson 2 SUMMARY
|
||||
|
||||
1. To delete from the cursor up to the next word type: dw
|
||||
2. To delete from the cursor to the end of a line type: d$
|
||||
3. To delete a whole line type: dd
|
||||
|
||||
4. To repeat a motion prepend it with a number: 2w
|
||||
5. The format for a change command is:
|
||||
operator [number] motion
|
||||
where:
|
||||
operator - is what to do, such as d for delete
|
||||
[number] - is an optional count to repeat the motion
|
||||
motion - moves over the text to operate on, such as w (word),
|
||||
$ (to the end of line), etc.
|
||||
A short list of motions:
|
||||
w - until the start of the next word, EXCLUDING its first character.
|
||||
e - to the end of the current word, INCLUDING the last character.
|
||||
$ - to the end of the line, INCLUDING the last character.
|
||||
|
||||
6. To move to the start of the line use a zero: 0
|
||||
|
||||
7. To undo previous actions, type: u (lowercase u)
|
||||
To undo all the changes on a line, type: U (capital U)
|
||||
To undo the undo's, type: CTRL-R
|
||||
|
||||
## Lesson 3 SUMMARY
|
||||
|
||||
1. To put back text that has just been deleted, type p . This puts the
|
||||
deleted text AFTER the cursor (if a line was deleted it will go on the
|
||||
line below the cursor).
|
||||
|
||||
2. To replace the character under the cursor, type r and then the
|
||||
character you want to have there.
|
||||
|
||||
3. The change operator allows you to change from the cursor to where the
|
||||
motion takes you. eg. Type ce to change from the cursor to the end of
|
||||
the word, c$ to change to the end of a line.
|
||||
|
||||
4. The format for change is:
|
||||
|
||||
c [number] motion
|
||||
|
||||
## Lesson 4 SUMMARY
|
||||
|
||||
1. CTRL-G displays your location in the file and the file status.
|
||||
G moves to the end of the file.
|
||||
number G moves to that line number.
|
||||
gg moves to the first line.
|
||||
|
||||
2. Typing / followed by a phrase searches FORWARD for the phrase.
|
||||
Typing ? followed by a phrase searches BACKWARD for the phrase.
|
||||
After a search type n to find the next occurrence in the same direction
|
||||
or N to search in the opposite direction.
|
||||
CTRL-O takes you back to older positions, CTRL-I to newer positions.
|
||||
|
||||
3. Typing % while the cursor is on a (,),[,],{, or } goes to its match.
|
||||
|
||||
4. To substitute new for the first old in a line type :s/old/new
|
||||
To substitute new for all 'old's on a line type :s/old/new/g
|
||||
To substitute phrases between two line #'s type :#,#s/old/new/g
|
||||
To substitute all occurrences in the file type :%s/old/new/g
|
||||
To ask for confirmation each time add 'c' :%s/old/new/gc
|
||||
|
||||
|
||||
To change every occurrence of a character string between two lines,
|
||||
type :#,#s/old/new/g where #,# are the line numbers of the range
|
||||
of lines where the substitution is to be done.
|
||||
Type :%s/old/new/g to change every occurrence in the whole file.
|
||||
Type :%s/old/new/gc to find every occurrence in the whole file,
|
||||
|
||||
with a prompt whether to substitute or not.
|
||||
|
||||
## Lesson 5 SUMMARY
|
||||
|
||||
|
||||
1. :!command executes an external command.
|
||||
|
||||
Some useful examples are:
|
||||
(Windows) (Unix)
|
||||
:!dir :!ls - shows a directory listing.
|
||||
:!del FILENAME :!rm FILENAME - removes file FILENAME.
|
||||
|
||||
2. :w FILENAME writes the current Vim file to disk with name FILENAME.
|
||||
|
||||
3. v motion :w FILENAME saves the Visually selected lines in file
|
||||
FILENAME.
|
||||
|
||||
4. :r FILENAME retrieves disk file FILENAME and puts it below the
|
||||
cursor position.
|
||||
|
||||
5. :r !dir reads the output of the dir command and puts it below the
|
||||
cursor position.
|
||||
|
||||
## Lesson 6 SUMMARY
|
||||
|
||||
1. Type o to open a line BELOW the cursor and start Insert mode.
|
||||
Type O to open a line ABOVE the cursor.
|
||||
|
||||
2. Type a to insert text AFTER the cursor.
|
||||
Type A to insert text after the end of the line.
|
||||
|
||||
3. The e command moves to the end of a word.
|
||||
|
||||
4. The y operator yanks (copies) text, p puts (pastes) it.
|
||||
|
||||
5. Typing a capital R enters Replace mode until <ESC> is pressed.
|
||||
|
||||
6. Typing ":set xxx" sets the option "xxx". Some options are:
|
||||
'ic' 'ignorecase' ignore upper/lower case when searching
|
||||
'is' 'incsearch' show partial matches for a search phrase
|
||||
'hls' 'hlsearch' highlight all matching phrases
|
||||
You can either use the long or the short option name.
|
||||
|
||||
7. Prepend "no" to switch an option off: :set noic
|
||||
|
||||
|
||||
## Lesson 7 SUMMARY
|
||||
|
||||
|
||||
1. Type :help or press <F1> or <HELP> to open a help window.
|
||||
|
||||
2. Type :help cmd to find help on cmd .
|
||||
|
||||
3. Type CTRL-W CTRL-W to jump to another window.
|
||||
|
||||
4. Type :q to close the help window.
|
||||
|
||||
5. Create a vimrc startup script to keep your preferred settings.
|
||||
|
||||
6. When typing a : command, press CTRL-D to see possible completions.
|
||||
Press <TAB> to use one completion.
|
||||
|
||||
|
Loading…
Reference in New Issue