forked from livialima/linuxupskillchallenge-oldfork
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
71 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,106 +1,133 @@ | ||
| # Day 1 - Get to know your server | ||
|
|
||
| * [Complementary video](https://youtu.be/xaDAB0vbIr4) | ||
| * A [short vid on using ssh](https://www.youtube.com/watch?v=lMMOUSRPfJc) in a work environment. | ||
| * [Lesson video](https://youtu.be/xaDAB0vbIr4) | ||
|
|
||
| ## INTRO | ||
|
|
||
| You should now have a remote server setup running the latest Ubuntu Server LTS (Long Term Support) version. You alone will be administering it. To become a fully-rounded Linux server admin you should become comfortable working with different versions of Linux, but for now Ubuntu is a good choice. | ||
|
|
||
| Once you have reached a level of comfort at the command-line then you'll find your skills transfer not only to all the standard Linux variants, but also to Android, Apple's OSX, OpenBSD, Solaris and IBM AIX. Throughout the course you'll be working on Linux - but in fact most of what is covered is applicable to any system in the "UNIX family" - and the major differences between them are with their graphic user interfaces such as Gnome, Unity, KDE etc - none of which you’ll be using! | ||
| Once you have reached a level of comfort at the command-line then you'll find your skills transfer not only to all the standard Linux variants, but also to Android, Apple's OSX, OpenBSD, Solaris and IBM AIX. Throughout the course you'll be working on Linux - but in fact most of what is covered is applicable to any system derived from the [UNIX Operating System](https://youtu.be/tc4ROCJYbm0) - and the major differences between them are with their graphic user interfaces such as Gnome, Unity, KDE etc - none of which you’ll be using! | ||
|
|
||
| Although there is a "root" user, you will be logging in and working from the user account that you setup. Because this is a member of the group "sudo" it is able to run commands "as root" by preceding them with "sudo". | ||
| ## YOUR TASKS TODAY | ||
|
|
||
| ## YOUR TASKS TODAY: | ||
| * Connect and login to your server, preferably using a SSH client | ||
| * Run a few simple commands to check the status of your server - like [this demo](https://asciinema.org/a/619479) | ||
|
|
||
| * Connect and login remotely to your server | ||
| * Run a few simple commands to check the status of your server | ||
| * Change your password | ||
| ## USING A SSH CLIENT | ||
|
|
||
| ## INSTRUCTIONS | ||
| Remote access used to be done by the simple *telnet* protocol, but now the much more secure SSH (Secure SHell) protocol is always used. **If your server is a local VM or WSL, you could skip this section by simply using the server console/terminal if you want.** We will explore SSH more in detail at the server side on [Day 3](https://linuxupskillchallenge.org/03/) but knowing how to use a [ssh client](https://www.ssh.com/academy/ssh/client) is a basic sysadmin skill, so you might as well do it now. | ||
|
|
||
| Remote access used to be done by the simple *telnet* protocol, but now the much more secure SSH (“Secure SHell) protocol is always used. | ||
| ### In MacOS and Linux | ||
|
|
||
| If you're using any Linux or Unix system, including Apple's MacOS, then you can simply open up a "terminal" session and use your command-line *ssh* client like this: | ||
| On an MacOS machine you'll normally access the command line via **Terminal.app** - it's in the Utilities sub-folder of Applications. | ||
|
|
||
| On Linux distributions with a menu you'll typically find the terminal under "Applications menu -> Accessories -> Terminal", "Applications menu -> System -> Terminal" or "Menu -> System -> Terminal Program (Konsole)"- or you can simply search for your terminal application. In many cases `Ctrl+Alt+T` will also bring up a terminal windows. | ||
|
|
||
| Once you open up a "terminal" session, you can use your command-line **ssh** client like this: | ||
|
|
||
| `ssh user@<ip address>` | ||
|
|
||
| For example: | ||
|
|
||
| `ssh [email protected]` | ||
|
|
||
| On Linux distributions with a menu you'll typically find the terminal under "Applications menu -> Accessories -> Terminal", "Applications menu -> System -> Terminal" or "Menu -> System -> Terminal Program (Konsole)"- or you can simply search for your terminal application. In many cases Ctrl+Alt+T will also bring up a terminal windows. | ||
|
|
||
| If you have configured the remote server with your SSH public key (see "Password-less SSH login" in the EXTENSION section of this post), then you'll need to point to the location of the private part as proof of identity with the "_-i_" switch, typically like this: | ||
| If the remote server was configured with a SSH public key (like AWS, Azure and GCP), then you'll need to point to the location of the private key as proof of identity with the `-i` switch, typically like this: | ||
|
|
||
| `ssh -i ~/.ssh/id_rsa [email protected]` | ||
|
|
||
| A very slick connection process can be setup with the _.ssh/config_ feature - see the "SSH client configuration" link in the EXTENSION section below. | ||
| A very slick connection process can be setup with the `.ssh/config` feature - see the "SSH client configuration" link in the EXTENSION section below. | ||
|
|
||
| On an MacOS machine you'll normally access the command line via Terminal.app - it's in the Utilities sub-folder of Applications. | ||
| ### In Windows | ||
|
|
||
| On recent Windows 10 versions, the same command-line client is now available, but must be enabled (via "Settings", "Apps", "Apps & features", "Manage optional features", "Add a feature", "OpenSSH client"). | ||
| On recent Windows 10 versions, the same command-line client is now available, but must be [enabled](https://learn.microsoft.com/en-us/windows/terminal/tutorials/ssh) (via "Settings", "Apps", "Apps & features", "Manage optional features", "Add a feature", "OpenSSH client"). | ||
|
|
||
| There are various SSH clients available for Windows ([PuTTY](https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html), [Solar-PuTTY](https://solarwinds.sjv.io/c/1399142/1703707/17790), [MobaXterm](https://mobaxterm.mobatek.net/), [Termius](https://termius.com/free-ssh-client-for-windows), etc) but if you use Windows versions older than 10, the installation of PuTTY is suggested. | ||
|
|
||
| Alternatively, you can install the [Windows Subsystem for Linux](https://learn.microsoft.com/en-us/windows/wsl/install) which gives you a full local command-line Linux environment, including an SSH client - _ssh_. | ||
|
|
||
| There are also GUI SSH clients for Windows (PuTTY, MobaXterm) and MacOS (Terminal.app, iTerm2). If you use Windows versions older than 10, the installation of PuTTY is suggested. | ||
| Regardless of which client you use, the first time you connect to your server, you may receive a warning that you're connecting to a new server - and be asked if you wish to [cache the host key](https://www.ssh.com/blog/what-are-ssh-host-keys). Yes, you do. Just type/click **Yes**. | ||
|
|
||
| Regardless of which client you use, the first time you connect to your server, you may receive a warning that you're connecting to a new server - and be asked if you wish to "cache the host key". Do this. Now, if you get a warning in future connections it means that either: (a) you are being fooled into connecting to a different machine or (b) someone may be trying a "man in the middle" attack. | ||
| But don't worry too much about securing the SSH session or hardening the server right now; we will be doing this in [Day 3](https://linuxupskillchallenge.org/03/). | ||
|
|
||
| So, now login to your server as your user - and remember that Linux is case-sensitive regarding user names, as well as passwords. | ||
| For now, just login to your server and remember that Linux is case-sensitive regarding user names, as well as passwords. | ||
|
|
||
| Once logged in, notice that the "command prompt" that you receive ends in *$* - this is the convention for an ordinary user, whereas the "root" user with full administrative power has a *#* prompt. | ||
| You'll be spending a lot of time in your SSH client, so it pays to spend some time customizing it. At the very least try "black on white" and "green on black" - and experiment with different monospaced fonts, ("Ubuntu Mono" is free to download, and very nice). | ||
|
|
||
| Try these simple commands: | ||
| It's also very handy to be able to cut and paste text between your remote session and your local desktop, so spend some time getting confident with how to do this in your SSH client and terminal. | ||
|
|
||
| `ls` | ||
| Perhaps you might now try logging in from home and work - even from your smartphone! - using an ssh client app such as [Termux](https://termux.dev/en/), [Termius for Android](https://termius.com/free-ssh-client-for-android) or [Termius for iPhone](https://termius.com/free-ssh-client-for-iphone). As a server admin you'll need to be comfortable logging in from all over. You can also potentially use JavaScript ssh clients like [consolefish](https://www.serfish.com/console/) and [ShellHub](https://www.shellhub.io/), but these options involve putting more trust in third-parties than most sysadmins would be comfortable with when accessing production systems. | ||
|
|
||
| `uptime` | ||
| To log out, simply type `exit` or close the terminal. | ||
|
|
||
| `free` | ||
| ## LOGIN TO YOUR SERVER | ||
|
|
||
| `df -h` | ||
| Once logged in, notice that the "command prompt" that you receive ends in `$` - this is the convention for an ordinary user, whereas the "root" user with full administrative power has a `#` prompt (but we will dive into this difference in Day 3 as well). | ||
|
|
||
| `uname -a` | ||
| Here's a [short vid on using ssh](https://www.youtube.com/watch?v=lMMOUSRPfJc) in a work environment. | ||
|
|
||
| If you're using a password to login (rather than public key), then now is a good time to ensure that this is very strong and unique - i.e. At least 10 characters - because your server is fully exposed to bots that will be continuously attempting to break in. Use the *passwd* command to change your password. To do this, think of a new, secure password, then simply type *passwd*, press “Enter” and give your current password when prompted, then the new one you've chosen, confirm it - and then WRITE IT DOWN somewhere. In a production system of course, public keys and/or two factor authentication would be more appropriate. | ||
| ## GENERAL INFORMATION ABOUT THE SERVER | ||
|
|
||
| It's very handy to be able to cut and paste text between your remote session and your local desktop, so spend some time getting confident with how to do this in your setup. | ||
| Use `lsb_release -a` to see which Linux distro and version you're using. [lsb_release](https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-PDA/LSB-PDA/lsbrelease.html) may not be available in your server, as it's not widely adopted, but you will always have the same information available in the system file [os-release](https://www.man7.org/linux/man-pages/man5/os-release.5.html). You can check its content by typing `cat /etc/os-release` | ||
|
|
||
| Log out by typing *exit*. | ||
| `uname -a` will also print the [system information](https://www.man7.org/linux/man-pages/man1/uname.1.html) and it can show some interesting things like kernel version, hardware platform, etc. | ||
|
|
||
| You'll be spending a lot of time in your SSH client, so it pays to spend some time customizing it. At the very least try "black on white" and "green on black" - and experiment with different monospaced fonts, ("Ubuntu Mono" is free to download, and very nice). | ||
| `uptime` will show you [how long the system has been running](https://www.man7.org/linux/man-pages/man1/uptime.1.html). It kinda makes the [weird numbers](https://unix.stackexchange.com/questions/753868/proc-uptime-command-gives-weird-result) you get from `cat /proc/uptime` a lot more readable. | ||
|
|
||
| ## POSTING YOUR PROGRESS | ||
| `whoami` will print the [user name](https://www.man7.org/linux/man-pages/man1/whoami.1.html) you logged on with, `who` will show [who is logged on](https://www.man7.org/linux/man-pages/man1/who.1.html) and `w` will also show [what they are doing](https://www.man7.org/linux/man-pages/man1/w.1.html). | ||
|
|
||
| Regularly posting your progress can be a helpful motivator. Feel free to post to the subreddit a small introduction of yourself, and your Linux background for your "classmates" - and notes on how each day has gone. | ||
| ## HARDWARE INFORMATION | ||
|
|
||
| A [discord server](https://discordapp.com/invite/wd4Zqyk) is also available. | ||
| `lshw` can give some [detailed information on the hardware configuration](https://manpages.ubuntu.com/manpages/trusty/en/man1/lshw.1.html), and there's a bunch of switches we can use to filter the information we want to see, but it's not the only tool we use to check hardware with. Some of the used commands are: | ||
|
|
||
| Of course, also drop in a note if you get stuck or spot errors in these notes. | ||
| * `lscpu` to display information about the [CPU architecture](https://www.man7.org/linux/man-pages/man1/lscpu.1.html) | ||
| * `lsblk` to list [block devices](https://www.man7.org/linux/man-pages/man8/lsblk.8.html) | ||
| * `lspci` to list all [PCI devices](https://www.man7.org/linux/man-pages/man8/lspci.8.html) | ||
| * `lsusb` to list [USB devices](https://www.man7.org/linux/man-pages/man8/lsusb.8.html) | ||
|
|
||
| ## MEASURE MEMORY AND CPU USAGE | ||
|
|
||
| Don't worry! Linux [won't eat your RAM](https://linuxatemyram.com/). But if you want to check the amount of [memory used](https://www.man7.org/linux/man-pages/man1/free.1.html) in the system, use `free -h` . `vmstat` will also give some [memory statistics](https://www.man7.org/linux/man-pages/man8/vmstat.8.html). | ||
|
|
||
| `top` is like a [Task Manager](https://www.man7.org/linux/man-pages/man1/top.1.html) for Linux, it will display the processes and the consumption of resources. `htop` is an [interactive](https://www.man7.org/linux/man-pages/man1/htop.1.html), prettier version. | ||
|
|
||
| ## WRAP | ||
| ## MEASURE DISK USAGE | ||
|
|
||
| You now have the ability to login remotely to your own server. Perhaps you might now try logging in from home and work - even from your smartphone! - using an ssh client app such as "Termux". As a server admin you'll need to be comfortable logging in from all over. You can also potentially use JavaScript ssh clients (search for "consolefish"), or from a cybercafe - but these options involve putting more trust in third-parties than most sysadmins would be comfortable with when accessing production systems. | ||
| Use `df -h` to see [disk space](https://www.man7.org/linux/man-pages/man1/df.1.html) usage, but go with `du -h` if you want to estimate the [size](https://www.man7.org/linux/man-pages/man1/du.1.html) of your folders. | ||
|
|
||
| ## A NOTE ON "HARDENING" | ||
| ## MEASURE NETWORK USAGE | ||
|
|
||
| Your server is protected by the fact that its security updates are up to date, and that you've set Long Strong Unique passwords - or are using public keys. While exposed to the world, and very likely under continuous attack, it should be perfectly secure. Next week we'll look at how we can view those attacks, but for now it's simply important to state that while it's OK to read up on "SSH hardening", things such as changing the default port and `fail2ban` are unnecessary and unhelpful when we're trying to learn - and you are perfectly safe without them. | ||
| You will have a general idea of your network interfaces and their IP addresses by using `ifconfig` or its modern substitute `ip address`, but it won't show you bandwidth usage. | ||
|
|
||
| For that we have `netstat -i` in a more [static view](https://www.man7.org/linux/man-pages/man8/netstat.8.html) and `ifstat` in a [continuous view](https://www.man7.org/linux/man-pages/man8/ifstat.8.html). To interrupt `ifstat` just use `CTRL+C`. | ||
|
|
||
| But if you want more info on that traffic, `sudo iftop -i eth0` is a [nice display](https://manpages.ubuntu.com/manpages/xenial/man8/iftop.8.html). *Change `eth0` for the interface you wish to capture traffic information.* To exit the monitor view, type `q` to quit. | ||
|
|
||
| ## POSTING YOUR PROGRESS | ||
|
|
||
| Regularly posting your progress can be a helpful motivator. Feel free to post to the [subreddit](https://www.reddit.com/r/linuxupskillchallenge/)/[community](https://programming.dev/c/linuxupskillchallenge) or to the [discord chat](https://discord.gg/linux-upskill-challenge-682046666928685068) a small introduction of yourself, and your Linux background for your "classmates" - and notes on how each day has gone. | ||
|
|
||
| Of course, also drop in a note if you get stuck or spot errors in these notes. | ||
|
|
||
| ## EXTENSION | ||
|
|
||
| If this is all too easy, then spend some time reading up on: | ||
| If this was all too easy, then spend some time reading up on: | ||
|
|
||
| * [SSH Tunneling](https://linuxize.com/post/how-to-setup-ssh-tunneling/) | ||
| * [Password-less SSH login](https://linuxize.com/post/how-to-setup-passwordless-ssh-login/) | ||
| * [SSH client configuration](https://linuxize.com/post/using-the-ssh-config-file/) | ||
| * What is [swap](https://help.ubuntu.com/community/SwapFaq) and [swap space](https://wiki.archlinux.org/title/swap)? | ||
| * How Linux deals with [out-of-memory](https://www.oracle.com/technical-resources/articles/it-infrastructure/dev-oom-killer.html)? | ||
| * [How Do I Find Out Linux CPU Utilization and Usage?](https://www.cyberciti.biz/tips/how-do-i-find-out-linux-cpu-utilization.html) | ||
| * [How do I find out Linux Disk utilization and I/O usage?](https://www.cyberciti.biz/tips/linux-disk-performance-monitoring-howto.html) | ||
| * [20 Best Linux Bandwidth Monitoring Tools for Network Analysis](https://www.tecmint.com/linux-network-bandwidth-monitoring-tools/) | ||
|
|
||
| ## RESOURCES | ||
|
|
||
| * [Comparing CENTOS and Ubuntu for servers](http://serverfault.com/questions/53954/centos-vs-ubuntu) | ||
| * [How to Use PuTTY on Windows](https://www.ssh.com/academy/ssh/putty/windows) | ||
| * [Puttygen command line on Linux - SSH key generator](https://www.ssh.com/academy/ssh/putty/linux/puttygen) | ||
| * [Comparing CENTOS and Ubuntu for servers](http://serverfault.com/questions/53954/centos-vs-ubuntu) | ||
| * [SSH client configuration](https://linuxize.com/post/using-the-ssh-config-file/) | ||
| * [A Beginners Guide to SSH](https://www.youtube.com/watch?v=qWKK_PNHnnA) | ||
| * [Linux command to display your hardware information](https://opensource.com/article/19/9/linux-commands-hardware-information) | ||
| * See if your hardware is Linux-compatible on [Hardware for Linux](https://linux-hardware.org/) and [DistroWatch](https://distrowatch.com/dwres.php?resource=hardware) | ||
| * [What is Load Average in Linux?](https://www.digitalocean.com/community/tutorials/load-average-in-linux) | ||
|
|
||
| Some rights reserved. Check the license terms | ||
| [here](https://github.com/livialima/linuxupskillchallenge/blob/master/LICENSE) |