Category: Linux

SSH logins and keypairs

Secure Shell (SSH) is a UNIX-based command interface and protocol for securely getting access to a remote computer. SSH is actually a suite of three utilities – slogin, ssh, and scp – that are secure versions of the earlier UNIX utilities, rlogin, rsh, and rcp. SSH commands are encrypted and secure in several ways. Both ends of the client/server connection are authenticated using a digital certificate, and passwords are protected by being encrypted.SSH allows you to connect to your server securely and perform Linux command-line operations.
There are multiple reasons why SSH fails. Here’s a list with most of the common cases:

  • The server might not be configured to accept public key authentication. Make sure /etc/ssh/sshd_config on the server contains line PubkeyAuthentication yes. Remember to restart the sshd process on the server. Use service sshd restart or systemctl restart network
  • If trying to login as root, the server might not be configured to allow root logins. Make sure /etc/sshd_config includes PermitRootLogin yes, PermitRootLogin prohibit-password, or without-password. If it is set to forced-commands-only, the key must be manually configured to use a forced command (see command= option in ~/.ssh/authorized_keys.
  • Make sure the client allows public key authentication. Check that /etc/ssh/config includes PubkeyAuthentication yes.
  • Try adding -v option to the ssh command used for the test. Read the output to see what it says about whether the key is tried and what authentication methods the server is willing to accept.
  • OpenSSH only allows a maximum of five keys to be tried authomatically. If you have more keys, you must specify which key to use using the -i option to ssh.
  • in messages log information about bad ownership of authorized_keys. Changed permissions for my /home/USERNAME/.ssh/authorized_keys to 0600 and that should fix it.
  • opened authorized_keys in vi and remove all of the line breaks – that could also help
    Finally restart service: /etc/init.d/ssh restart or service sshd restart or systemctl restart network
  • At the end The whole purpose of authenticating via key file is to avoid password authentication, so actually you should reverse PasswordAuthentication to no
  • NOTE: You copy the key out of the PuTTYGen window instead of saving the file, but after copying, the way you paste may have significant impact on whether your key will work or not. Some editors will alter the text as you paste, or do something with newlines or something that makes the authorized_keys file invalid.
    It’s strongly advisable to use Notepad++ for such sensitive cases
  • Also the right type of key for Putty is using ppk file instead of pem. If public key is created with PuttyGen it creates a bloated key with unnecessary lines. Please strip it down to a single line ssh-rsa AAAAB…

From

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20121022"
AAAAB3NzaC1yc2EAAAABJQAAA
a6N1nFpBklz1+dsIMg4rcTLc
tr7mmimiTjkoSCrJh1kqalPS
---- END SSH2 PUBLIC KEY ----

To:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAhGF6GIuMY8FJ1+CNApnSY1N2YSlkYz72Yvwua6N1nFpBklz1+dsIMg4rcTLcF34M/tW5Yz+NUDAw2AEbxQ32FPgw7sAOIXktkYOHtr7mmimiTjkoSCrJh1kqalPSpi8rglT/Bp67Ql2SZwvUFfMzHISryR0EZC4rXP/uvObrJe8= rsa-key-20190901

Ways to import Keys into server

ssh-copy-id installs an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.
The ssh-copy-id tool is part of OpenSSH.
An SSH key is created using ssh-keygen. In the simplest form, just run ssh-keygen and answer the questions. The following example illustates this

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa): mykey
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is:
SHA256:GKW7yzA1J1qkr1Cr9MhUwAbHbF2NrIPEgZXeOUOz3Us root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|.*++ o.o.        |
|.+B + o.        |
| +++ *+.         |
| .o.Oo.+E        |
|    ++B.S.       |
| o * =.          |
|  + = o          |
| + = =   .       |
|  + o o          |
+----[SHA256]-----+
#

When you have an SSH key you need the public key to setup SSH passwordless login with SSH-key. But if you have lost the public key part but still have the private key, there is a way to regenerate the key.
With the public key missing, the following command will show you that there is no public key for this SSH key.

$ ssh-keygen -l -f ~/.ssh/id_rsa
test is not a public key file.

The -l option instructs to show the fingerprint in the public key while the -f option specifies the file of the key to list the fingerprint for.
To generate the missing public key again from the private key, the following command will generate the public key of the private key provided with the -f option.

$ ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
 Enter passphrase:

The -y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension. If the key has a password set, the password will be required to generate the public key.
To check the details of the generated public key execute the following command as shown above.

$ ssh-keygen -l -f ~/.ssh/id_rsa
 4096 d6:7b:c7:7a:4f:3c:4d:29:54:62:5f:2c:58:b2:cb:86 ~/.ssh/id_rsa (RSA)

The output of this command shows the key size as the first column, the fingerprint as the second column and after the file name, the type is shown in brackets. In the example above, a 4096 bit RSA key.

The key files are usually stored in the ~/.ssh directory. You should never save the file with its contents starting with —–BEGIN RSA PRIVATE KEY—– on the server, that is your private key. Instead, you must put the public key into the ~/.ssh/authorized_keys file. This public key has the .pub extension when generated using ssh-keygen and its contents begin with ssh-rsa AAAAB3…
The permissions of~/.ssh on the server should be 700. The file ~/.ssh/authorized_keys (on the server) is supposed to have a mode of 600. The permissions of the (private) key on the client-side should be 600.
If the private key is not deleted you can generate the public key from the private key at any time. You can do this simply with the following command: 

ssh-keygen -y -f key.pem > key.pub

Once the key has been copied, it is best to test it: ssh -i ~/.ssh/mykey user@host

Best practices for SSH keys

  • SSH keys are very useful, but can lead to problems if they are not properly managed. They are access credentials just like user names and passwords. If they are not properly removed when people leave or systems are decommissioned, no-one may any longer know who really has access to which systems and data. Many large organizations have ended up having millions of SSH keys.

    Use a passphrase when possible
  • It is recommended that keys used for single sign-on have a passphrase to prevent use of the key if it is stolen or inadvertatly leaked. The ssh-agent and ssh-add programs can be used to avoid having to enter the passphrase every time the key is used. Generally all keys used for interactive access should have a passphrase. Keys without a passphrase are useful for fully automated processes. They allow shell scripts, programs, and management tools to log into servers unattended. This is often used for backups and data transfers between information systems.

    Add a command restriction when possible
  • The copy-id tool does not automatically add command restrictions to keys. Using command restrictions is highly recommended when the key is used for automating operations, such as running a report for fetching some files. A command restriction is basically a command=”” option added to the beginning of the line in the server’s authorized_keys file.

    Managing SSH keys
  • Anyone having more than a few dozen servers is strongly recommended to manage SSH keys. Not managing the keys exposes the organization to substantial risks, including loss of confidentiality, insertion of fraudulent transactions, and outright destruction of systems.


Nano command editor

Nano is a text editor suited to working in a UNIX-based command line enviro­nment. It is not as powerful as PC window­-based editors, as it does not rely on the mouse, but still has many useful features.
Most nano commands are invoked by holding down the Ctrl key (that is, the control key), and pressing one of the other keys. In this text, the control key is referred to using ^. For example, ^X means “hold down the CTRL key and press the x key”. Most of the important commands are listed at the bottom of your screen when nano is running.

File Control in nano

nano index.php Open or create the file “index.php” with nano on command line.
Ctrl-o Y Enter Save changes.
Ctrl-r Alt-f Open a new file with a new buffer within nano.
Alt-> Switch to the next file buffer in nano.
Alt-< Switch to the previous file buffer in nano.
Ctrl-x Quit nano.

Navigating through file contents in nano

Ctrl-a Move to the beginning of the current line.
Ctrl-e Move to the end of the current line.
Ctrl-v Move down one page.
Ctrl-y Move up one page.
Alt-\ Go to the beginning of the file.
Alt-/ Go to the end of the file.
Alt-g Go to a target line number.
Alt-] Jump to matching open/close symbol.
Alt-a Alt-} Select a block and indent the block.
Alt-a Alt-{ Select a block and outden the block.

Copy and Paste in nano

Alt-a To select a block for copy or cut operation, do Alt-a again to unselect.
Alt-a Alt-^ Copy a highlighted block to the clipboard.
Alt-a Ctrl-k Cut a highlighted block to the clipboard.
Ctrl-k Cut from the current cursor position to the end of the current line.
Ctrl-u Paste the contents from the clipboard at the current cursor position.

Search and Replace in nano

Ctrl-w Search for a target string.
Alt-w Repeat the last search.
Alt-r Search and replace.

File Management
Key Action
Ctrl+G Display help text
Ctrl+X Close the current file buffer / Exit from nano
Ctrl+O Write the current file to disk
Ctrl+R Insert another file into the current one
Alt+> Switch to the next file buffer
Alt+< Switch to the previous file buffer
Search and Replace
Key Action
Ctrl+W Search for a string or a regular expression
Ctrl+\ Replace a string or a regular expression
Alt+W Repeat the last search
Navigation
Key Action
Ctrl+_ Go to line and column number
Ctrl+Y Go one screenful up
Ctrl+V Go one screenful down
Alt+\ Go to the first line of the file
Alt+/ Go to the last line of the file
Ctrl+B Go back one character
Ctrl+F Go forward one character
Alt+Space Go back one word
Ctrl+Space Go forward one word
Ctrl+A Go to beginning of current line
Ctrl+E Go to end of current line
Ctrl+P Go to previous line
Ctrl+N Go to next line
Alt+( Go to beginning of paragraph; then of previous paragraph
Alt+) Go just beyond end of paragraph; then of next paragraph
Alt+- Scroll up one line without scrolling the cursor
Alt++ Scroll down one line without scrolling the cursor
Alt+< Switch to the previous file buffer
Alt+> Switch to the next file buffer
Ctrl+C Display the position of the cursor
Alt+] Go to the matching bracket
Editing
Key Action
Alt+U Undo the last operation
Alt+E Redo the last undone operation
Alt+} Indent the current line
Alt+{ Unindent the current line
Alt+^ Copy the current line and store it in the cutbuffer
Ctrl+K Cut the current line and store it in the cutbuffer
Ctrl+U Uncut from the cutbuffer into the current line
Ctrl+J Justify the current paragraph
Ctrl+T Invoke the spell checker, if available
Alt+V Insert the next keystroke verbatim
Ctrl+I Insert a tab at the cursor position
Ctrl+M Insert a newline at the cursor position
Ctrl+D Delete the character under the cursor
Ctrl+H Delete the character to the left of the cursor
Alt+T Cut from the cursor position to the end of the file
Alt+J Justify the entire file
Alt+D Count the number of words, lines, and characters
Ctrl+^ Mark text starting from the cursor position
Settings
Key Action
Alt+X Help mode enable­/di­sable
Alt+C Constant cursor position display enable­/di­sable
Alt+O Use of one more line for editing enable­/di­sable
Alt+S Smooth scrolling enable­/di­sable
Alt+$ Soft wrapping of overlong lines enable­/di­sable
Alt+P Whitespace display enable­/di­sable
Alt+Y Color syntax highli­ghting enable­/di­sable
Alt+H Smart home key enable­/di­sable
Alt+I Auto indent enable­/di­sable
Alt+K Cut to end enable­/di­sable
Alt+L Hard wrapping of overlong lines enable­/di­sable
Alt+Q Conversion of typed tabs to spaces enable­/di­sable
Alt+B Backup files enable­/di­sable
Alt+F Reading file into separate buffer enable­/di­sable

Linux Command Line Cheat Sheet

Bash Commands

uname -a
Show system and kernel
head -n1 /etc/issue
Show distri­bution
mount
Show mounted filesy­stems
date
Show system date
uptime
Show uptime
whoami
Show your username
man command
Show manual for command

Bash Shortcuts

CTRL-c
Stop current command
CTRL-z
Sleep program
CTRL-a
Go to start of line
CTRL-e
Go to end of line
CTRL-u
Cut from start of line
CTRL-k
Cut to end of line
CTRL-r
Search history
!!
Repeat last command
!abc
Run last command starting with abc
!abc:p
Print last command starting with abc
!$
Last argument of previous command
ALT-.
Last argument of previous command
!*
All arguments of previous command
^abc^123
Run previous command, replacing abc with 123

Bash Variables

env
Show enviro­nment variables
echo $NAME
Output value of $NAME variable
export NAME=value
Set $NAME to value
$PATH
Executable search path
$HOME
Home directory
$SHELL
Current shell

IO Redire­ction

cmd < file
Input of cmd from file
cmd1 <(cmd2)
Output of cmd2 as file input to cmd1
cmd > file
Standard output (stdout) of cmd to file
cmd > /dev/null
Discard stdout of cmd
cmd >> file
Append stdout to file
cmd 2> file
Error output (stderr) of cmd to file
cmd 1>&2
stdout to same place as stderr
cmd 2>&1
stderr to same place as stdout
cmd &> file
Every output of cmd to file
cmd refers to a command.

Pipes

cmd1 | cmd2
stdout of cmd1 to cmd2
cmd1 |& cmd2
stderr of cmd1 to cmd2

Command Lists

cmd1 ; cmd2
Run cmd1 then cmd2
cmd1 && cmd2
Run cmd2 if cmd1 is successful
cmd1 || cmd2
Run cmd2 if cmd1 is not successful
cmd &
Run cmd in a subshell

Directory Operations

pwd
Show current directory
mkdir dir
Make directory dir
cd dir
Change directory to dir
cd ..
Go up a directory
ls
List files

ls Options

-a
Show all (including hidden)
-R
Recursive list
-r
Reverse order
-t
Sort by last modified
-S
Sort by file size
-l
Long listing format
-1
One file per line
-m
Comma-­sep­arated output
-Q
Quoted output

Search Files

grep pattern files
Search for pattern in files
grep -i
Case insens­itive search
grep -r
Recursive search
grep -v
Inverted search
grep -o
Show matched part of file only
find /dir/ -name name*
Find files starting with name in dir
find /dir/ -user name
Find files owned by name in dir
find /dir/ -mmin num
Find files modifed less than num minutes ago in dir
whereis command
Find binary / source / manual for command
locate file
Find file (quick search of system index)

File Operations

touch file1
Create file1
cat file1 file2
Concat­enate files and output
less file1
View and paginate file1
file file1
Get type of file1
cp file1 file2
Copy file1 to file2
mv file1file2
Move file1 to file2
rm file1
Delete file1
head file1
Show first 10 lines of file1
tail file1
Show last 10 lines of file1
tail -F file1
Output last lines of file1 as it changes

Watch a Command

watch -n 5 ‘ntpq -p’
Issue the ‘ntpq -p’ command every 5 seconds and display output

Process Management

ps
Show snapshot of processes
top
Show real time processes
kill pid
Kill process with id pid
pkill name
Kill process with name name
killall name
Kill all processes with names beginning name

Nano Shortcuts

Files
Ctrl-R
Read file
Ctrl-O
Save file
Ctrl-X
Close file
Cut and Paste
ALT-A
Start marking text
CTRL-K
Cut marked text or line
CTRL-U
Paste text
Navigate File
ALT-/
End of file
CTRL-A
Beginning of line
CTRL-E
End of line
CTRL-C
Show line number
CTRL-_
Go to line number
Search File
CTRL-W
Find
ALT-W
Find next
CTRL-\
Search and replace
More nano info at:
http:/­/ww­w.n­ano­-ed­ito­r.o­rg/­doc­s.php

Screen Shortcuts

screen
Start a screen session.
screen -r
Resume a screen session.
screen -list
Show your current screen sessions.
CTRL-A
Activate commands for screen.
CTRL-A c
Create a new instance of terminal.
CTRL-A n
Go to the next instance of terminal.
CTRL-A p
Go to the previous instance of terminal.
CTRL-A “
Show current instances of terminals.
CTRL-A A
Rename the current instance.
More screen info at:
http:/­/ww­w.g­nu.o­rg­/so­ftw­are­/sc­reen/

File Permis­sions

chmod 775 file
Change mode of file to 775
chmod -R 600 folder
Recurs­ively chmod folder to 600
chown user:group file
Change file owner to user and group to group

File Permission Numbers

First digit is owner permis­sion, second is group and third is everyone.
Calculate permission digits by adding numbers below.
4
read (r)
2
write (w)
1
execute (x)

Linux Commands

History

How to clear the terminal command history

Clearing typed commands from terminal history: By default, up to the last 500 command lines a user types in the terminal window are saved into a hidden .bash_history file. The previously typed commands can be readily accessed by using the up and down arrow keys. This makes it easy to retrieve and reuse your recently used commands. However, maybe you want to clear the terminal command history list and start fresh? This simple tutorial explains the process of viewing and then optionally clearing the terminal history. Viewing the complete terminal command history: To view the complete history of commands typed in the terminal “for the logged in user”, open the terminal and type history How to clear the terminal command line history:

  1. Login with the user account whose terminal history you plan to clear
  2. Open a terminal window and type
    history -c
  3. Repeat the process if necessary for each user account

How to delete a single command from history on a Linux

  I‘m working in Ubuntu bash terminal application and remotely on a RHEL server in cloud platform. I typed the wrong and dangerous command. I no longer wish to remember dangerous command in the history file. How can I remove or delete a single command from bash history file?   You can use the history command to clear all history or selected command line.

How do I view history with line number?

Simply type the history command:

$ history

Sample outputs:

How to delete a single command number 1013 from history

The syntax is:

## Delete the bash history entry at offset OFFSET ##history -d offset   history -d number history -d 1013

Verify it:

$ history

How do I delete all the history?

The syntax is:
history -c

Tip: Control bash history like a pro

First, you can increase your bash history size by appending the following config option in ~/.bashrc file:


Save and close the file.

Where to find more information about history command?

    You can read bash man page by typing the following command:  
$ man bash  
Or simply type the following command:  
$ help history      

FIND

Find command examples

Let us try out some examples.

Finding files and printing their full name

You wish to find out all *.c (all c source code) files located under /home directory, enter: $ find /home -name “*.c” You would like to find httpd.conf file location: $ find / -name httpd.conf

Finding all files owned by a user

Find out all files owned by user USER: # find / -user USER Find out all *.sh owned by user USER: # find / -user USER -name “*.sh”

Finding files according to date and time

Files not accessed in a time period – It is useful to find out files that have or have not been accessed within a specified number of days. Following command prints all files not accessed in the last 7 days: # find /home -atime +7

  • -atime +7: All files that were last accessed more than 7 days ago
  • -atime 7: All files that were last accessed exactly 7 days ago
  • -atime -7: All files that were last accessed less than7 days ago

Finding files modified within a specified time – Display list of all files in /home directory that were not last modified less than then days ago. # find /home -mtime -7

Finding newer (more recently) modified files

Use -newer option to find out if file was modified more recently than given file. # find /etc/apache-perl -newer /etc/apache-perl/httpd.conf

Finding the most recent version of file

It is common practice before modifying the file is copied to somewhere in system. For example whenever I modify web server httpd.conf file I first make backup. Now I don’t remember whether I had modified the /backup.conf/httpd.conf or /etc/apache-perl/httpd.conf. You can use the find command as follows (tip you can also use ls -l command): find / -name httpd.conf -newer /etc/apache-perl/httpd.conf

Locate command

The locate command is often the simplest and quickest way to find the locations of files and directories on Linux and other Unix-like operating systems.   For example, the following command uses the star wildcard to display all files on the system that have the .c filename extension: # locate “*.c”    

Rename

Linux Rename File Command

  I‘m a new Linux user. How do I rename a file called resumezzz.pdf to resume.pdf using Linux bash command prompt?   You need to use the mv command. It is used to rename and move files and directories. The general syntax is as follows:  

mv old-file-name new-file-name mv [options] old-file-name new-file-name mv file1 file2

  In this example, the following command would rename a file called resumezzz.pdf to resume.pdf. Open a command-line terminal (select Applications > Accessories > Terminal), and then type:  

mv resumezzz.pdf resume.pdf

  If resumezzz.pdf is located in /home/user/docs/files directory, type:  

cd /home/user/docs/files mv resumezzz.pdf resume.pdf

  OR  

mv /home/user/docs/files/resumezzz.pdf /home/user/docs/files/resume.pdf

  Use the ls command to view files:

ls -l file1 ls -l file1 file2 ls -l /home/user/docs/files/*.pdf ls -l *.pdf   =============== NAMING

Linux rename a file syntax

In short, to rename a file:  

mv file1 file2

  You can get verbose output i.e. mv command can explain what is being done using the following syntax:  

mv -v file1 file2

  Sample outputs: `file1′ -> `file2′   ========   REMOVE

EXECUTABLE:   There are a couple ways. If you just want to do this temporarily, you can remove the execute bit from the file:

$ chmod -x /etc/init.d/varnish

Then re-add it when appropriate:

$ chmod +x /etc/init.d/varnish

The “official” way in Ubuntu (as well as in Debian and other Debian derivatives), though, is to use the update-rc.d command:

$ update-rc.d varnish disable    

Search and Find

SEARCH AND FIND files in locations

find / -xdev -name vip_monitor,sh  953  find / -xdev -name vip_monitor.sh  954  mv /root/vip_monitor.sh /root/vip_monitor.sh_

USE OF SH FILE AND EXTENSIONS

Run .bin file in Linux / UNIX

Change the permission of the file you downloaded to be executable. Type the following command: $ chmod +x file.bin Start the installation process or run .bin file. Type the following command: ./file.bin For example if .bin file name is application.bin. Type the following commands: $ chmod +x application.bin $ ./application.bin   Another example for Java Linux self extracting binary file: $ chmod +x jre-1_5_0-linux-i586.bin $ ./jre-1_5_0-linux-i586.bin

OR $ sh jre-1_5_0-linux-i586.bin    

Correct way to disable init-scripts to start at boottime on Debian

  In several articles and forums I see people telling the way of removing the init-script on a Debian system would be:   update-rc.d -f init-script-name remove   The more appropriate way is to disable the init-script from running at boottime:   update-rc.d init-script-name stop levels   In this way you prevent that in case you upgrade the package a new init-script will be created with the defaults. If the init-script is written with the defaults the init-script might start the process again at boot-up. If you disabled the init-script from running at boottime the init-script would not be recreated or overwritten with the init-script in the update.