Difference between revisions of "SSH"

From Server Knowledge Base
Jump to navigationJump to search
 
(11 intermediate revisions by the same user not shown)
Line 7: Line 7:
Open Terminal for Mac in Applications/Utilities or on Linux it is in Applications/Accessories and use the following command:
Open Terminal for Mac in Applications/Utilities or on Linux it is in Applications/Accessories and use the following command:


ssh -p22 root@IPaddress . Accept the RSA prompt by either typing or clicking Yes. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email.
'''ssh -p22 root@IPaddress''' . Accept the RSA prompt by either typing or clicking Yes. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email.
 
'''Please be aware if the SSH port has been changed from the default of 22, you need to change the number in the -p option above.'''
 
'''Please also replace IPaddress with the one of your server. These are in the format of X.X.X.X/0.0.0.0 e.g. 215.178.46.39'''


=== On a Windows PC ===
=== On a Windows PC ===


Please go to this link to download [http://tartarus.org/~simon/putty-snapshots/x86/putty-installer.exe PuTTY]. Once installed and ran, please put your server IP address in the "Host (or IP Address)" field and the Port as 22.  
Please go to one of these links to download PuTTY: [http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.62-installer.exe Link 1], [http://tartarus.org/~simon/putty-snapshots/x86/putty-installer.exe Link 2]. Once installed and ran, please put your server IP address in the "Host (or IP Address)" field and the Port as 22.  


Press open and you will be prompted for a username, so use root as the username. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email. You will not be able to see a password being typed, but you can still backspace/delete.
Press open and you will be prompted for a username, so use root as the username. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email. You will not be able to see a password being typed, but you can still backspace/delete.
Line 25: Line 29:
== Creating an account ==
== Creating an account ==


useradd -g users -d /home/path/ -s /bin/bash <username><br>
<pre>useradd -g users -d /home/path/ -s /bin/bash <username>
chown <username>:users /home/path/ -R
chown <username>:users /home/path/ -R</pre>
 
If this does not work on Debian, do:
 
<pre>useradd -g root -s /bin/bash username -m
usermod -a -G root username
passwd username</pre>


== [http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html Good OpenSSH practices] ==
== [http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html Good OpenSSH practices] ==
Line 41: Line 51:


Note: SSH keys can be used to authenticate to SSH services like SFTP or SSH terminal if these features are enabled for your account.
Note: SSH keys can be used to authenticate to SSH services like SFTP or SSH terminal if these features are enabled for your account.
== Run a command remotely ==
ssh -n user@hostname 'command'


== Setting root password ==
== Setting root password ==
Line 86: Line 100:
|mkdir <directoryname>
|mkdir <directoryname>
|This creates a directory
|This creates a directory
|[[General_Linux#File_Permissions|File Permissions]]
|[[Linux#File_Permissions|File Permissions]]
|-
|-
|mv
|mv
Line 101: Line 115:
|rm -rf <foldername>/*; rmdir <foldername>
|rm -rf <foldername>/*; rmdir <foldername>
|This recursively and forcibly removes a folder and anything below it
|This recursively and forcibly removes a folder and anything below it
|If you get "Argument list too long" when deleting do mv cur cur.old ; mkdir cur . You can then delete cur.old at your leisure.
|To Be Filled In
|-
|-
|touch <filename>
|touch <filename>
Line 129: Line 143:
|}
|}


* If you want to wget a link that starts with https, do wget http://www.domain.co.uk/page.php --no-check-certificate
* If you get "Argument list too long" when deleting do mv cur cur.old ; mkdir cur . You can then delete cur.old at your leisure. Alternatively if you can remove it without worrying about loss of data, cd /to/directory , find . -type f | xargs rm -Rf


* If you go into the /etc/init.d/ you will see the services that are available to enable/disable.
* If you go into the /etc/init.d/ you will see the services that are available to enable/disable.


Using the command locate <file_or_folder> you can find where the files and directories are located. If this command shows "''locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old''", please type updatedb and wait for it to finish and then try to locate the file again. If it fails, please see [[General_Linux#updatedb|updatedb]].  
Using the command locate <file_or_folder> you can find where the files and directories are located. If this command shows "''locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old''", please type updatedb and wait for it to finish and then try to locate the file again. If it fails, please see [[Linux#updatedb_.28locate_command.29|updatedb]].  


* To reboot the server simply type reboot on it's own.
* To reboot the server simply type reboot on it's own.
Line 174: Line 191:
<pre>kill processID
<pre>kill processID
#e.g. kill 12716</pre>
#e.g. kill 12716</pre>
By default, kill use SIGTERM 15 so does a nice exit, so this will write their commands to the .bash_history file.


=== View file ===
=== View file ===
Line 187: Line 206:
GSSAPIAuthentication=no<br>
GSSAPIAuthentication=no<br>
UseDNS=no
UseDNS=no
== sshd rootkit on Unix systems ==
Feb 22, 2013 - http://kb.parallels.com/en/115589
'''Important note'''<br>
This issue is not related to Parallels products but all sshd-enabled systems are potentially vulnerable. Security checks are strongly advised.


== SSH/OpenSSH Keys ==
== SSH/OpenSSH Keys ==

Latest revision as of 13:51, 12 March 2013

Changing File Permissions

Logging into SSH

On a Linux PC/Mac

Open Terminal for Mac in Applications/Utilities or on Linux it is in Applications/Accessories and use the following command:

ssh -p22 root@IPaddress . Accept the RSA prompt by either typing or clicking Yes. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email.

Please be aware if the SSH port has been changed from the default of 22, you need to change the number in the -p option above.

Please also replace IPaddress with the one of your server. These are in the format of X.X.X.X/0.0.0.0 e.g. 215.178.46.39

On a Windows PC

Please go to one of these links to download PuTTY: Link 1, Link 2. Once installed and ran, please put your server IP address in the "Host (or IP Address)" field and the Port as 22.

Press open and you will be prompted for a username, so use root as the username. Enter the root/Virtuozzo password that was provided on the account by default in your service providers welcome email. You will not be able to see a password being typed, but you can still backspace/delete.

Alternatively, you can use a program called mRemote.

The next step after logging in

Once in the SSH command line interface, please type cd / (that's cd forward-slash, separated by a space) or cd ..

This puts you inside the top level directory of your server aka "root". When logging in you will see root@ServerIPAddress:~. or root@hostname:~. The tilde symbol indicates you are in a directory called root, aka /./root with . being actual root.

Creating an account

useradd -g users -d /home/path/ -s /bin/bash <username>
chown <username>:users /home/path/ -R

If this does not work on Debian, do:

useradd -g root -s /bin/bash username -m
usermod -a -G root username
passwd username

Good OpenSSH practices

hosts.deny

This file, if enabled, will deny people's IP addresses if they fail to log in/authenticate with your server by placing it in a file called hosts.deny. If you are getting denied access from your IP address (it cuts off the connection), connect from another IP address and remove your IP address from the file.

Blocking a range of IPs

Public and Private keys

The public and private key are similar to a puzzle. They are created together to use during the login/authentication process. The public key resides on the server (the remote location) The private key resides locally on your computer/server. When you attempt to login to a server, the public and private key are compared. If they "match", then you will be allowed to login to the server location.

Note: SSH keys can be used to authenticate to SSH services like SFTP or SSH terminal if these features are enabled for your account.

Run a command remotely

ssh -n user@hostname 'command'

Setting root password

To set your SSH, Virtuozzo and Plesk root user password type passwd or passwd root and then enter the password. Again, you will not be able to see this password being typed and will need to enter it multiple times.

Set up a secure chroot jail

http://www.achawkins.com/tech/how-to-set-up-a-secure-chrooted-jail-with-rssh/

Create a user with read only access over SSH to a limited subtree of folders

Shell Commands

Note: anything with <> around it is where you need to enter your own value and the <> should not be used. Right clicking inside PuTTY will paste any text content in your clipboard to the command line. Alternatively use SHIFT + INSERT to paste.

Command What it does Additional Information
cd Used to change directory. cd / takes you back to the root directory. cd on it's own goes to your home dir. cd .. takes you back on directory (use ../.. or more for 2+ directories) , cd - takes you back to last working dir
cp Used to copy files but leave the original in place
diff This command shows the difference between two files (or directory trees) Examples: diff index.php index.backup.php , diff -qr <dir1> <dir2>
/etc/init.d/<service> Use this with stop, start, restart, startall or stopall after the service name > Examples: /etc/init.d/apache2 restart , /etc/init.d/qmail start , /etc/init.d/psa startall , /etc/init.d/ssh (or sshd) restart
last Displays logged in users, when and where people last connected from. whoami and id show the user you are logged in as. w shows logged in users only.
ls -lah This lists the current files in the directory you are in and shows the permissions, ownerships, dates, file size, hidden files Use man ls to find out alternate options. -l uses a long listing format. -a is all. -h makes it human readable
mkdir <directoryname> This creates a directory File Permissions
mv Used to permanently move a file from one file directory to another or rename a file
pwd This shows the directory you are currently in. Stands for Present Working Directory
rm Used to delete a file or empty folder Note: You cannot remove a folder with files/folder in it with -R
rm -rf <foldername>/*; rmdir <foldername> This recursively and forcibly removes a folder and anything below it To Be Filled In
touch <filename> This creates a file > vim filename
usermod This allows you to add users to groups, change their username. Do man usermod for more info. Example: usermod -a -G group username . This can be used to allow one website to access another's Virtual Host content.
vim <filename> Enters a file, press insert to edit, escape to stop editing > Type :q to quit without saving, :wq to quit and save, ! after to force
wc -l Wordcount. You can use this to see the amount of entries in a command. wc -l to see amount of files in a directory, netstat -ant | wc -l to check amount of network connections
wget This grabs a file from somewhere. The example in the next column gets a PHP page. Example: wget linuxcommand.org/lts0070.php
which This shows the full path of (shell) commands. Useful for after installing software.
  • If you get "Argument list too long" when deleting do mv cur cur.old ; mkdir cur . You can then delete cur.old at your leisure. Alternatively if you can remove it without worrying about loss of data, cd /to/directory , find . -type f | xargs rm -Rf
  • If you go into the /etc/init.d/ you will see the services that are available to enable/disable.

Using the command locate <file_or_folder> you can find where the files and directories are located. If this command shows "locate: warning: database /var/lib/slocate/slocate.db' is more than 8 days old", please type updatedb and wait for it to finish and then try to locate the file again. If it fails, please see updatedb.

  • To reboot the server simply type reboot on it's own.
  • To monitor running services/processes, CPU usage, RAM usage and other information run the command top. An alternate is called htop which you can run by using:
apt-get update
apt-get install htop
#or
yum update
yum install htop
htop (press F10 to exit)
  • Use sed(1) to edit a file in place. E.g. to replace every 'e' with an 'o', in a file named 'foo', you can do:
sed -i.bak s/e/o/g foo

And you'll get a backup of the original in a file named 'foo.bak', but if you want no backup:

sed -i '' s/e/o/g foo

Chattr

To check if it is protected lsattr file
To protect a file, use chattr +i
To remove this protection do chattr -i

If you get "Operation not permitted" you may need to do this on a folder to remove the protection on a file.

Empty a file

:> filename

Kick user out of SSH

w
ps aux | grep ssh

Kill the process ID that has the same "sshd: root@tty", e.g. sshd: root@pts/2

kill processID
#e.g. kill 12716

By default, kill use SIGTERM 15 so does a nice exit, so this will write their commands to the .bash_history file.

View file

Using less can be very useful. Use capital G and this will go to the bottom of the file. You can use spacebar to page down or B to page up.

Speed up SSH login

vim /etc/ssh/sshd_config

Add these lines:

GSSAPIAuthentication=no
UseDNS=no

sshd rootkit on Unix systems

Feb 22, 2013 - http://kb.parallels.com/en/115589

Important note
This issue is not related to Parallels products but all sshd-enabled systems are potentially vulnerable. Security checks are strongly advised.

SSH/OpenSSH Keys

SSH Port

By default this is 22. This can be defined in /etc/ssh/sshd_config

If you are getting one of the following errors when trying to start the SSH service using /etc/init.d/ssh start or go into it using ssh root@IPaddress :

start: Job failed to start
ssh: connect to host port 22: Connection refused

Remove the line that starts with "oom never" in /etc/init/ssh.conf

Wuff -- Wuff!!

vim ~/.bashrc

alias screen='TERM=screen screen'

source ~/.bashrc

This problem is caused the screen developers stubbornly sticking to the view that backspace should be non-destructive. Thus when your terminal, say xterm, sends a destructive backspace, screen treats it it like a delete. Here is the entry in their FAQ:

Q: The cursor left key deletes the characters instead of just moving the cursor. A redisplay (^Al) brings everything back.
A: Your terminal emulator (probably xterm) treats the backspace as “destructive”. You can probably change this somewhere in the setup. We can’t think of a reason why anybody would want a destructive backspace, but if you really must have it, add the line

termcapinfo xterm ‘bc@:bs@’

to your ~/.screenrc (replace xterm with the terminal type of your emulator, if different).

Add that line to /etc/screenrc and you can fix it system wide.