Category: Linux

  • ErpNext restore backup

    To restore ErpNext backup, run

    bench --site erp.serverok.in restore --with-public-files /backup/20201112_140222-erp_sevrerok_in-files.tar --with-private-files /backup/20201112_140222-erp_sevrerok_in-private-files.tar /backup/20201112_140505-erp_sevrerok_in-database.sql
    

    To see how to take backup check ErpNext backup a site.

    MySQL backup is is taken in .gz format, you need to gunzip to get the .sql file for restoring. If you specify the .gz file, restore will not work.

    See ErpNext

  • SSH Too many authentication failures

    When i ssh into a server, i get following error

    root@lab:~# ssh [email protected] -p 3333
    Received disconnect from 14.18.58.78: 2: Too many authentication failures
    root@lab:~#
    

    I checked server log (/var/log/auth.log) and found following

    Nov 13 19:06:42 lab sshd[32030]: error: maximum authentication attempts exceeded for root from 188.40.131.92 port 52956 ssh2 [preauth]
    Nov 13 19:06:42 lab sshd[32030]: Disconnecting: Too many authentication failures [preauth]
    

    This error happens when you have several SSH keys. When you try to connect to remote server, ssh client try to autenticate to remote server using SSH keys present on your computer. If you have several keys, ssh client make that much login attempts if the keys are valid for remote server you are trying to login.

    ssh server deamon have a settings MaxAuthTries. Default value for this settings is 6. If number of invalid login attempt exceeds the value of MaxAuthTries, you will get above error.

    You can see all SSH keys on your computer with

    ssh-add -l
    

    If you have many keys, consider removing some of the keys from agent using ssh-add command.

    To fix this error edit file

    vi /etc/ssh/sshd_config
    

    Check if the file have entry for MaxAuthTries, if yes, increase its value. If no entry present in the server add it.

    MaxAuthTries 8
    

    Restart sshd service.

    systemctl restart sshd
    

    You can see how many login attemts you make using ssh -v option (verbose).

    root@server12:~# ssh -v [email protected] -p 3333
    OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
    debug1: Reading configuration data /root/.ssh/config
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to 174.138.58.78 [174.138.58.78] port 3333.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/identity-cert type -1
    debug1: identity file /root/.ssh/id_rsa type 1
    debug1: identity file /root/.ssh/id_rsa-cert type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: identity file /root/.ssh/id_dsa-cert type -1
    debug1: identity file /root/.ssh/id_ecdsa type -1
    debug1: identity file /root/.ssh/id_ecdsa-cert type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
    debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-sha1 none
    debug1: kex: client->server aes128-ctr hmac-sha1 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host '[174.138.58.78]:3333' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:139
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/boby/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: boby@hon-pc-01
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: redbridgefinance-mumbai
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: aws-eb
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: aws-austin-boby
    debug1: Authentications that can continue: publickey,password
    debug1: Trying private key: /root/.ssh/identity
    debug1: Offering public key: /root/.ssh/id_rsa
    Received disconnect from 174.138.58.78: 2: Too many authentication failures
    root@server12:~# 
    

    See SSH

  • Copying file using scp

    scp is secure copy. That is you can copy file between servers over ssh connection.

    scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
             [-l limit] [-o ssh_option] [-P port] [-S program]
             [[user@]host1:]file1 [...] [[user@]host2:]file2
    

    Example

    scp file.extn user@remote-server-ip:/path/
    

    For server with ssh on non default port, for eg: 3333

    scp -P 3333 iberiaca_vshare.sql [email protected]:/root/
    

    See rsync, Linux Commands

  • install fantastico on Cpanel Server

    For installing fantastico, run following command on ssh

    cd /usr/local/cpanel/whostmgr/docroot/cgi 
    wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
    tar -xzpf fantastico_whm_admin.tgz 
    rm -rf fantastico_whm_admin.tgz
    

    Now Login to WHM

    WHM -> Plugins -> Fantastico De Luxe WHM Admin (scroll down the left menu).

    After installing Fantastico De Luxe WHM Admin will auto-update your existing installation. All files will moved or created to /var/netenberg.

    See Cpanel Server

  • SSH Tunnel

    If you have a server with SSH access, you can use it as sock 5 proxy or for port forwarding with just ssh access.

    Socks5 Proxy

    SSH tunnel can be used for browsing security. It act like a socks5 proxy.

    ssh root@SERVER_IP -D 7373

    OR

    ssh -f -N root@REMOTE_SERVER_IP -D 7373

    SERVER_IP is IP of the remote server, that you will be using as sock 5 server.

    You can configure your browser to use sock5 proxy with IP address 127.0.0.1 and port 7373. You can change port by changing port in above commands.

    -N = Do not execute a remote command. This is useful for just forwarding ports.
    -f = go into background mode.

    Forwarding Remote Port to local

    You have a remote server that run a service on some port, that is not accessable to public. This is useful for services like MySQL, redis that is bind to 127.0.0.1 by default for security reason.

    ssh -L 9999:127.0.0.1:3306 root@REMOTE_SERVER_IP

    Example

    ssh -L 9999:127.0.0.1:3306 [email protected]

    MYSQL running on remote server will be available on port 9999 on local computer.

    You can add -f -N option in cause you need above ssh command run in background.

    Forwarding local port to remote server

    Lets say you have a local web site running on your computer, you need to show this to your customer. You can’t make the web site from your computer as you are behind NAT network and your router don’t support port forwarding.

    To forward local port to remote server, run

    ssh -R REMOTE_PORT:localhost:LOCAL_PORT root@REMOTE_SERVER_IP

    Example

    ssh -R 8080:localhost:80 [email protected]

    Service running on port 80 on local computer will be available on remote server on port 8080. Your customer can view the web site using url REMOTE_SERVER_IP:8080

    See SSH, SSH Port Forwarding

  • bash: man: command not found

    When running man command on a debian server, i get error

    root@lab:~# man sftp
    -bash: man: command not found
    root@lab:~#
    

    This is because man-db package not installed on the server. To fix, install man-db package with

    apt install man-db
    

    See Errors

  • Find Reverse-DNS/PTR using dig, nslookup, host

    Reverse-DNS/PTR is used by mail servers. It is used to map an IP address to FQDN or hostname.

    To find Reverse DNS record for an IP address, run

    nslookup IP_ADDR_HERE
    

    nslookup find PTR record

    In this example IP 51.38.246.115 have a Reverse DNS record ok.serverok.in

    Using dig

    You can also use dig command to find PTR record for an IP address.

    dig -x IP_ADDR_HERE
    dig +short -x IP_ADDR_HERE
    

    dig ptr record

    Using host

    host IP_ADDR_HERE
    

    host command to find ptr record

    See DNS

  • Percona Monitoring and Management

    Percona Monitoring and Management is an Open Source monitoring software for MySQL, PostgreSQL and MongoDB.

    https://www.percona.com/software/database-tools/percona-monitoring-and-management

    It is based on grafana and node_exporter. You can see source code at

    https://github.com/percona/pmm

    Install instructions for Percona Monitoring and Management available at

    https://www.percona.com/software/pmm/quickstart

    See MySQL

  • Enable FTP for EasyEngine Website

    To Enable FTP for EasyEngine web sites, we need to install pure-ftpd. On Ubuntu/Debian, run

    apt install -y pure-ftpd
    

    Enable virtial FTP users

    ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
    touch /etc/pure-ftpd/pureftpd.pdb
    

    In EasyEngine, we sites files are owned by www-data user, this user have a UID of 33. By default pure-ftpd won’t allow this. To enable users with UD 33 to login, run

    echo 1 > /etc/pure-ftpd/conf/MinUID
    

    Now lets create FTP user for a web site running in EasyEngine.

    pure-pw useradd  FTP_USER_HERE -u www-data -g www-data -d /opt/easyengine/sites/DOMAIN_NAME_HERE/app/
    

    In above command replace

    FTP_USER_HERE = FTP user for the web site, this can be any name, no space

    DOMAIN_NAME_HERE = the domain name of the web site that is hosted in EasyEngine, that you need FTP access.

    When you run above command, you will be asked to select password for the FTP user, this can be used to login to FTP server.

    Before you can login to FTP server with newly created virtual FTP user, you need to run

    pure-pw mkdb
    systemctl restart pure-ftpd
    

    Change FTP Password

    If you want to change FTP user for a user, you can run

    pure-pw passwd FTP_USER_HERE
    pure-pw mkdb
    systemctl restart pure-ftpd
    

    Passive FTP Configuration

    Many cloud hosting providers like AWS, Google Cloud, Oracle Cloud, AliCloud servers use NAT networking. That is your VM have private IP and your public IP is routed to your VM. In such case, you need to enable Passive FTP, for this run

    echo "30000 50000" > /etc/pure-ftpd/conf/PassivePortRange
    echo "YOUR_PUBLIC_IP" > /etc/pure-ftpd/conf/ForcePassiveIP
    

    YOUR_PUBLIC_IP = replace this with your public IP address.

    Restart pure-ftpd

    systemctl restart pure-ftpd
    

    Firewall configuration

    For Passive FTP, you need to open following ports in your firewall

    tcp 21
    tcp 30000:50000
    

    On Oracle Cloud server, i edited file

    vi /etc/iptables/rules.v4
    

    Find

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    

    Replace with

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:50000 -j ACCEPT
    

    Now restore firewall rules with

    iptables-restore < /etc/iptables/rules.v4
    

    Now FTP will work.

    See EasyEngine

  • Uninstalling Software in Debian Server

    To uninstall a software on Debian server, run

    apt remove PKG_NAME
    

    Example

    uninstall software on debian server

    To all installed software with specific name, run

    dpkg-query -l PKG_NAME
    

    Example

    root@lab:~# dpkg-query -l 'nginx*'
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name           Version          Architecture Description
    +++-==============-================-============-=========================================================
    ii  nginx          1.14.2-2+deb10u3 all          small, powerful, scalable web/proxy server
    ii  nginx-common   1.14.2-2+deb10u3 all          small, powerful, scalable web/proxy server - common files
    un  nginx-doc                        (no description available)
    un  nginx-extras                     (no description available)
    ii  nginx-full     1.14.2-2+deb10u3 amd64        nginx web/proxy server (standard version)
    un  nginx-light                      (no description available)
    root@lab:~# 
    

    In above list, packages start with

    ii = installed
    un = currently not installed on the server

    When you uninstall a package, it won’t remove all config files, such packages list as uninsalled (un). To completely delete a package, its config file and data, use

    apt remove --purge PKG_NAME
    

    Example

    apt remove --purge apache2
    

    After removing a software package, you may need to run apt autoremove to remove any unused dependency.

    apt autoremove
    

    See apt

  • EasyEngine Create Site

    To create HTML web site

    ee site create example.com --html
    

    To create PHP web site

    ee site create example.com --php
    

    To create PHP/MySQL web site

    ee site create example.com --mysql
    

    To enable LetsEncrypt SSL, add –letsencrypt

    ee site create example.com --letsencrypt
    

    Create WordPress site

    ee site create example.com --wp # install wordpress without any page caching
    ee site create example.com --w3tc # install wordpress with w3-total-cache plugin
    ee site create example.com --wpsc # install wordpress with whisp-super-cache plugin
    ee site create example.com --wpfc # install wordpress + nginx fastcgi_cache
    ee site create example.com --wpredis # install wordpress + nginx redis_cache
    

    Create WordPress site with PHP 7.3 and cache enabled

    ee site create domain.com --type=wp --php=7.3 --cache --ssl=le
    

    Secify wordpress admin user and email during site creation

    ee site create stunningbeachwear.ee.serverok.in --type=wp --php=7.4 --cache --ssl=le --admin-user=admin [email protected]
    

    Create WordPress multi site

    ee site create example.com --wpsubdir # install wpmu-subdirectory without any page caching
    ee site create example.com --wpsubdir --w3tc # install wpmu-subdirectory with w3-total-cache plugin
    ee site create example.com --wpsubdir --wpsc # install wpmu-subdirectory with wp-super-cache plugin
    ee site create example.com --wpsubdir --wpfc # install wpmu-subdirectory + nginx fastcgi_cache
    ee site create example.com --wpsubdir --wpredis # install wpmu-subdirectory + nginx redis_cache
    

    WordPress Multisite with subdomain

    ee site create example.com --wpsubdom # install wpmu-subdomain without any page caching
    ee site create example.com --wpsubdom --w3tc # install wpmu-subdomain with w3-total-cache plugin
    ee site create example.com --wpsubdom --wpsc # install wpmu-subdomain with wp-super-cache plugin
    ee site create example.com --wpsubdom --wpfc # install wpmu-subdomain + nginx fastcgi_cache
    ee site create example.com --wpsubdom --wpredis # install wpmu-subdomain + nginx redis_cache
    

    Ref: https://easyengine.io/docs/commands/site/create/

    See EasyEngine