Difference between revisions of "SSH"
Rootadminacc (talk | contribs) |
Rootadminacc (talk | contribs) |
||
Line 198: | Line 198: | ||
GSSAPIAuthentication=no<br> | GSSAPIAuthentication=no<br> | ||
UseDNS=no | UseDNS=no | ||
== sshd rootkit on Unix systems == | |||
Feb 22, 2013 - http://kb.parallels.com/en/115589 | |||
'''Important note'''<br> | |||
This issue is not related to Parallels products but all sshd-enabled systems are potentially vulnerable. Security checks are strongly advised. | |||
== SSH/OpenSSH Keys == | == SSH/OpenSSH Keys == |
Revision as of 11:00, 27 February 2013
Changing File Permissions
Logging into SSH
On a Linux PC/Mac
Open Terminal for Mac in Applications/Utilities or on Linux it is in Applications/Accessories and use the following command:
ssh -p22 root@IPaddress . Accept the RSA prompt by either typing or clicking Yes. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email.
Please be aware if the SSH port has been changed from the default of 22, you need to change the number in the -p option above.
Please also replace IPaddress with the one of your server. These are in the format of X.X.X.X/0.0.0.0 e.g. 215.178.46.39
On a Windows PC
Please go to one of these links to download PuTTY: Link 1, Link 2. Once installed and ran, please put your server IP address in the "Host (or IP Address)" field and the Port as 22.
Press open and you will be prompted for a username, so use root as the username. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email. You will not be able to see a password being typed, but you can still backspace/delete.
Alternatively, you can use a program called mRemote.
The next step after logging in
Once in the SSH command line interface, please type cd / (that's cd forward-slash, separated by a space) or cd ..
This puts you inside the top level directory of your server aka "root". When logging in you will see root@ServerIPAddress:~. or root@hostname:~. The tilde symbol indicates you are in a directory called root, aka /./root with . being actual root.
Creating an account
useradd -g users -d /home/path/ -s /bin/bash <username>
chown <username>:users /home/path/ -R
Good OpenSSH practices
hosts.deny
This file, if enabled, will deny people's IP addresses if they fail to log in/authenticate with your server by placing it in a file called hosts.deny. If you are getting denied access from your IP address (it cuts off the connection), connect from another IP address and remove your IP address from the file.
Public and Private keys
The public and private key are similar to a puzzle. They are created together to use during the login/authentication process. The public key resides on the server (the remote location) The private key resides locally on your computer/server. When you attempt to login to a server, the public and private key are compared. If they "match", then you will be allowed to login to the server location.
Note: SSH keys can be used to authenticate to SSH services like SFTP or SSH terminal if these features are enabled for your account.
Run a command remotely
ssh -n user@hostname 'command'
Setting root password
To set your SSH, Virtuozzo and Plesk root user password type passwd or passwd root and then enter the password. Again, you will not be able to see this password being typed and will need to enter it multiple times.
Set up a secure chroot jail
http://www.achawkins.com/tech/how-to-set-up-a-secure-chrooted-jail-with-rssh/
Create a user with read only access over SSH to a limited subtree of folders
Shell Commands
Note: anything with <> around it is where you need to enter your own value and the <> should not be used. Right clicking inside PuTTY will paste any text content in your clipboard to the command line. Alternatively use SHIFT + INSERT to paste.
Command | What it does | Additional Information |
cd | Used to change directory. cd / takes you back to the root directory. cd on it's own goes to your home dir. | cd .. takes you back on directory (use ../.. or more for 2+ directories) , cd - takes you back to last working dir |
cp | Used to copy files but leave the original in place | |
diff | This command shows the difference between two files (or directory trees) | Examples: diff index.php index.backup.php , diff -qr <dir1> <dir2> |
/etc/init.d/<service> | Use this with stop, start, restart, startall or stopall after the service name > | Examples: /etc/init.d/apache2 restart , /etc/init.d/qmail start , /etc/init.d/psa startall , /etc/init.d/ssh (or sshd) restart |
last | Displays logged in users, when and where people last connected from. | whoami and id show the user you are logged in as. w shows logged in users only. |
ls -lah | This lists the current files in the directory you are in and shows the permissions, ownerships, dates, file size, hidden files | Use man ls to find out alternate options. -l uses a long listing format. -a is all. -h makes it human readable |
mkdir <directoryname> | This creates a directory | File Permissions |
mv | Used to permanently move a file from one file directory to another or rename a file | |
pwd | This shows the directory you are currently in. | Stands for Present Working Directory |
rm | Used to delete a file or empty folder | Note: You cannot remove a folder with files/folder in it with -R |
rm -rf <foldername>/*; rmdir <foldername> | This recursively and forcibly removes a folder and anything below it | To Be Filled In |
touch <filename> | This creates a file > | vim filename |
usermod | This allows you to add users to groups, change their username. Do man usermod for more info. | Example: usermod -a -G group username . This can be used to allow one website to access another's Virtual Host content. |
vim <filename> | Enters a file, press insert to edit, escape to stop editing > | Type :q to quit without saving, :wq to quit and save, ! after to force |
wc -l | Wordcount. You can use this to see the amount of entries in a command. | wc -l to see amount of files in a directory, netstat -ant | wc -l to check amount of network connections |
wget | This grabs a file from somewhere. The example in the next column gets a PHP page. | Example: wget linuxcommand.org/lts0070.php |
which | This shows the full path of (shell) commands. | Useful for after installing software. |
- If you want to wget a link that starts with https, do wget http://www.domain.co.uk/page.php --no-check-certificate
- If you get "Argument list too long" when deleting do mv cur cur.old ; mkdir cur . You can then delete cur.old at your leisure. Alternatively if you can remove it without worrying about loss of data, cd /to/directory , find . -type f | xargs rm -Rf
- If you go into the /etc/init.d/ you will see the services that are available to enable/disable.
Using the command locate <file_or_folder> you can find where the files and directories are located. If this command shows "locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old", please type updatedb and wait for it to finish and then try to locate the file again. If it fails, please see updatedb.
- To reboot the server simply type reboot on it's own.
- To monitor running services/processes, CPU usage, RAM usage and other information run the command top. An alternate is called htop which you can run by using:
apt-get update apt-get install htop #or yum update yum install htop htop (press F10 to exit)
- Use sed(1) to edit a file in place. E.g. to replace every 'e' with an 'o', in a file named 'foo', you can do:
sed -i.bak s/e/o/g foo
And you'll get a backup of the original in a file named 'foo.bak', but if you want no backup:
sed -i '' s/e/o/g foo
Chattr
To check if it is protected lsattr file
To protect a file, use chattr +i
To remove this protection do chattr -i
If you get "Operation not permitted" you may need to do this on a folder to remove the protection on a file.
Empty a file
:> filename
Kick user out of SSH
w ps aux | grep ssh
Kill the process ID that has the same "sshd: root@tty", e.g. sshd: root@pts/2
kill processID #e.g. kill 12716
View file
Using less can be very useful. Use capital G and this will go to the bottom of the file. You can use spacebar to page down or B to page up.
Speed up SSH login
vim /etc/ssh/sshd_config
Add these lines:
GSSAPIAuthentication=no
UseDNS=no
sshd rootkit on Unix systems
Feb 22, 2013 - http://kb.parallels.com/en/115589
Important note
This issue is not related to Parallels products but all sshd-enabled systems are potentially vulnerable. Security checks are strongly advised.
SSH/OpenSSH Keys
SSH Port
By default this is 22. This can be defined in /etc/ssh/sshd_config
If you are getting one of the following errors when trying to start the SSH service using /etc/init.d/ssh start or go into it using ssh root@IPaddress :
start: Job failed to start ssh: connect to host port 22: Connection refused
Remove the line that starts with "oom never" in /etc/init/ssh.conf
Wuff -- Wuff!!
vim ~/.bashrc alias screen='TERM=screen screen' source ~/.bashrc
This problem is caused the screen developers stubbornly sticking to the view that backspace should be non-destructive. Thus when your terminal, say xterm, sends a destructive backspace, screen treats it it like a delete. Here is the entry in their FAQ:
Q: The cursor left key deletes the characters instead of just moving the cursor. A redisplay (^Al) brings everything back.
A: Your terminal emulator (probably xterm) treats the backspace as “destructive”. You can probably change this somewhere in the setup. We can’t think of a reason why anybody would want a destructive backspace, but if you really must have it, add the line
termcapinfo xterm ‘bc@:bs@’
to your ~/.screenrc (replace xterm with the terminal type of your emulator, if different).
Add that line to /etc/screenrc and you can fix it system wide.