# Bash # Quick commands ### Change owner of folder ```bash sudo chown -R : ``` ### Manage Linux groups #### Create group ``` groupadd ``` #### Add user to group ```bash usermod -a -G ``` #### List groups ``` sudo groups -la ``` ### Managing tar files #### Preview content of tar file ```bash tar -tzf ``` #### Extract content of tar file ```bash tar -xzf ``` ### Copy files and folders ```bash cp -r ``` ### SCP ```bash scp @: ``` ### Get folder size ```bash du -s ``` ### Get task manager view ``` SAR ``` ``` TOP ``` ### Move foreground job to background CTRL + Z bg -> Move job to background fg -> Move job to foreground ### Generate SSH key ```bash ssh-keygen -t rsa -b 4096 -C "" -f .ssh/ ``` ### Apt remove insecure repositories ```bash sudo apt autoremove ``` ### Replace characters in file ``` sed -i 's///g' ``` ### Sync clock ```bash sudo hwclock -s ``` ## Resolve DNS Server ### Set dns server on specific interface ``` sudo systemd-resolve --set-dns= --interface= ``` # Allow ssh with password ### Change parameter in config file Edit ssh config file: ```bash sudo nano /etc/ssh/sshd_config ``` [![image.png](https://docs.lucanoahcaprez.ch/uploads/images/gallery/2022-12/scaled-1680-/Grkimage.png)](https://docs.lucanoahcaprez.ch/uploads/images/gallery/2022-12/Grkimage.png) ### Restart ssh service ```powershell sudo systemctl restart sshd ``` # Increase diskstorage for Linux VMs To increase the storage drive you first have to increase the storagecapacity in the proxmox admin gui. Then you can use the following commands in this order to increase the size of the volume. ```bash fdisk -l ``` ``` cfdisk ``` Next choose "Resize" and then "Write". ```bash fdisk -l #example path: /dev/sda ``` ```bash parted ``` Next choose "print" -> "Resizepart". Enter number of device. Then choose "quit". ``` pvresize ``` ``` lvextend -l +100%FREE ``` ``` resize2fs ``` ``` df -h ``` Then reboot the machine. # Make script executable In order to make sure that a file ending in .sh can be executed, you have to change its permissions. This is necessary if a script is to be executed by an automation like Ansible or Crontab. ```bash chmod +x /path/to/yourscript.sh ``` Afterwards it can be called by its relative or absolut path. Sometimes you have to specify the interpreter path such as /bin/bash. ```bash /path/to/yourscript.sh ``` ``` ./yourscript.sh ``` ```bash /bin/bash /path/to/yourscript.sh ``` # Backup MongoDB Docker container via Bash script This short script is to backup a MongoDB database inside a docker container. A command is executed inside the Docker container via "docker exec". The command uses the program "mongodump", which is already installed on most container images. There you can specify the path in the Docker container where the backup should be stored. Here it is important that the folder in the Docker container is mapped to the filesystem of the host. ```bash datetmp=$(date '+%Y%m%d') dateprod=${datetmp:2} docker exec /bin/sh -c "mongodump --host="localhost:27017" --port=27017 -o '/data/backups/${dateprod} backup'" ``` This script can be executed regularly by means of a cronjob, so that the backups are available at a regular interval. Instructions for creating a cronjob can be found here: [Quick commands | LNC DOCS (lucanoahcaprez.ch)](https://docs.lucanoahcaprez.ch/books/cron/page/quick-commands) # All you need to know about SSH for Ubuntu A practical guide to setting up, securing, and getting the most out of SSH on Ubuntu. ## Setup Install OpenSSH and open the firewall: ```bash sudo apt update && sudo apt install openssh-server -y sudo systemctl enable --now ssh sudo ufw allow ssh ``` Verify it's running with `sudo systemctl status ssh`, then connect from your client: ```bash ssh user@server-ip ``` ## Key-Based Authentication Always use keys over passwords. Generate one on your client: ```bash ssh-keygen -t ed25519 -C "my-device" ``` Copy it to the server: ```bash ssh-copy-id user@server-ip ``` If you set a passphrase (you should), use the SSH agent so you don't have to re-enter it every time: ```bash eval "$(ssh-agent -s)" ssh-add ~/.ssh/id_ed25519 # macOS: persist in Keychain ssh-add --apple-use-keychain ~/.ssh/id_ed25519 ``` ## Hardening the Server Edit `/etc/ssh/sshd_config` — here are the settings that matter most: ```sshconfig PermitRootLogin no PasswordAuthentication no MaxAuthTries 3 LoginGraceTime 30 AllowUsers alice bob ``` Always test before restarting: ```bash sudo sshd -t && sudo systemctl restart ssh ``` > Keep an existing session open while testing changes. Getting locked out of your own server is not fun. --- ## Tips & Tricks This is a non-exhaustive collection of things that make working with SSH much nicer. Most of these go into `~/.ssh/config`. ### Host Aliases Instead of typing `ssh -p 2222 deployer@prod.example.com -i ~/.ssh/id_ed25519_prod` every time, define it once: ```sshconfig Host prod HostName prod.example.com User deployer Port 2222 IdentityFile ~/.ssh/id_ed25519_prod ``` Now just run `ssh prod`. This also works with `scp`, `rsync`, and `git`. You can define as many as you want: ```sshconfig Host staging HostName staging.example.com User deployer Host pi HostName 192.168.1.50 User pi ``` ### Defaults and Wildcards Set sane defaults for all connections: ```sshconfig Host * ServerAliveInterval 60 ServerAliveCountMax 3 AddKeysToAgent yes IdentitiesOnly yes ``` Or scope settings to a domain: ```sshconfig Host *.corp.example.com User admin IdentityFile ~/.ssh/id_ed25519_work ``` ### Port Forwarding (SSH Tunnels) **Local forward** — access a remote service through a local port. Great for databases that only listen on localhost: ```bash ssh -L 5432:localhost:5432 admin@db-server # now connect to localhost:5432 as if you were on the server ``` In config (runs automatically when you connect): ```sshconfig Host db-tunnel HostName db-server.example.com User admin LocalForward 5432 localhost:5432 LocalForward 8080 internal-app:8080 ``` **Remote forward** — expose a local service through the remote server: ```bash ssh -R 8080:localhost:3000 user@vps # vps:8080 now points to your local port 3000 ``` **SOCKS proxy** — route all traffic through the server: ```bash ssh -D 1080 user@ssh-server # configure your browser to use SOCKS5 proxy on localhost:1080 ``` **Background tunnels** — run a tunnel without an interactive shell: ```bash ssh -f -N -L 5432:localhost:5432 admin@db-server ``` For tunnels that should survive disconnects, use `autossh`: ```bash sudo apt install autossh -y autossh -M 0 -f -N -L 5432:localhost:5432 admin@db-server ``` ### Jump Hosts / Bastion Reach a server that's only accessible through an intermediate host: ```sshconfig Host bastion HostName bastion.example.com User jump-user Host internal HostName 10.0.0.5 User admin ProxyJump bastion ``` `ssh internal` now transparently hops through the bastion. Chain multiple hops with `ProxyJump bastion,internal`. ### Connection Multiplexing Reuse an existing connection for instant subsequent logins: ```sshconfig Host * ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h-%p ControlPersist 600 ``` ```bash mkdir -p ~/.ssh/sockets ``` The first connection creates a socket. Every connection after that to the same host is near-instant. ### Multiple Git Identities Use different keys for different GitHub/GitLab accounts: ```sshconfig Host github-personal HostName github.com User git IdentityFile ~/.ssh/id_ed25519_personal Host github-work HostName github.com User git IdentityFile ~/.ssh/id_ed25519_work ``` Then clone with `git clone git@github-work:company/repo.git`. ### Escape Sequences These work inside any SSH session (press Enter first): | Keys | What it does | |------|-------------| | `~.` | Force-disconnect a frozen session | | `~C` | Open command line to add tunnels on the fly | | `~#` | List active forwarded ports | | `~?` | Show all escape sequences | Adding a tunnel mid-session via `~C`: ``` ssh> -L 3306:localhost:3306 Forwarding port. ``` ### Run Commands Remotely ```bash ssh prod "df -h && free -m" ssh prod 'bash -s' < local-script.sh ``` ### Mount Remote Filesystems (SSHFS) ```bash sudo apt install sshfs -y sshfs prod:/var/www ~/mounts/prod # unmount fusermount -u ~/mounts/prod # Linux umount ~/mounts/prod # macOS ``` ### Skip Host Key Checking (Internal Networks Only) ```sshconfig Host 192.168.1.* StrictHostKeyChecking no UserKnownHostsFile /dev/null ``` > Only use this in trusted networks. It disables MITM protection. ### Debugging When something doesn't work, add `-v` flags: ```bash ssh -vvv prod ``` To see exactly which config options apply to a host: ```bash ssh -G prod ``` ## Quick Reference | Action | Command | |--------|---------| | Install SSH server | `sudo apt install openssh-server` | | Generate key | `ssh-keygen -t ed25519` | | Copy key to server | `ssh-copy-id user@host` | | Local port forward | `ssh -L 8080:localhost:80 user@host` | | Remote port forward | `ssh -R 9090:localhost:3000 user@host` | | SOCKS proxy | `ssh -D 1080 user@host` | | Background tunnel | `ssh -f -N -L 8080:localhost:80 user@host` | | Jump host | `ssh -J bastion user@target` | | Debug | `ssh -vvv user@host` |