Category: Linux

  • SSH Too many authentication failures

    When i ssh into a server, i get following error

    root@lab:~# ssh [email protected] -p 3333
Received disconnect from 14.18.58.78: 2: Too many authentication failures
root@lab:~#

    I checked server log (/var/log/auth.log) and found following

    Nov 13 19:06:42 lab sshd[32030]: error: maximum authentication attempts exceeded for root from 188.40.131.92 port 52956 ssh2 [preauth]
Nov 13 19:06:42 lab sshd[32030]: Disconnecting: Too many authentication failures [preauth]

    This error happens when you have several SSH keys. When you try to connect to remote server, ssh client try to autenticate to remote server using SSH keys present on your computer. If you have several keys, ssh client make that much login attempts if the keys are valid for remote server you are trying to login.

    ssh server deamon have a settings MaxAuthTries. Default value for this settings is 6. If number of invalid login attempt exceeds the value of MaxAuthTries, you will get above error.

    You can see all SSH keys on your computer with

    ssh-add -l

    If you have many keys, consider removing some of the keys from agent using ssh-add command.

    To fix this error edit file

    vi /etc/ssh/sshd_config

    Check if the file have entry for MaxAuthTries, if yes, increase its value. If no entry present in the server add it.

    MaxAuthTries 8

    Restart sshd service.

    systemctl restart sshd

    You can see how many login attemts you make using ssh -v option (verbose).

    root@server12:~# ssh -v [email protected] -p 3333
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 174.138.58.78 [174.138.58.78] port 3333.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/identity-cert type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.8 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '[174.138.58.78]:3333' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:139
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/boby/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: boby@hon-pc-01
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: redbridgefinance-mumbai
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: aws-eb
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: aws-austin-boby
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /root/.ssh/identity
debug1: Offering public key: /root/.ssh/id_rsa
Received disconnect from 174.138.58.78: 2: Too many authentication failures
root@server12:~#

    See SSH

  • Copying file using scp

    scp is secure copy. That is you can copy file between servers over ssh connection.

    scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
         [-l limit] [-o ssh_option] [-P port] [-S program]
         [[user@]host1:]file1 [...] [[user@]host2:]file2

    Example

    scp file.extn user@remote-server-ip:/path/

    For server with ssh on non default port, for eg: 3333

    scp -P 3333 iberiaca_vshare.sql [email protected]:/root/

    See rsync, Linux Commands

  • install fantastico on Cpanel Server

    For installing fantastico, run following command on ssh

    cd /usr/local/cpanel/whostmgr/docroot/cgi 
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz 
rm -rf fantastico_whm_admin.tgz

    Now Login to WHM

    WHM -> Plugins -> Fantastico De Luxe WHM Admin (scroll down the left menu).

    After installing Fantastico De Luxe WHM Admin will auto-update your existing installation. All files will moved or created to /var/netenberg.

    See Cpanel Server

  • SSH Tunnel

    If you have a server with SSH access, you can use it as sock 5 proxy or for port forwarding with just ssh access.

    Socks5 Proxy

    SSH tunnel can be used for browsing security. It act like a socks5 proxy.

    ssh root@SERVER_IP -D 7373

    OR

    ssh -f -N root@REMOTE_SERVER_IP -D 7373

    SERVER_IP is IP of the remote server, that you will be using as sock 5 server.

    You can configure your browser to use sock5 proxy with IP address 127.0.0.1 and port 7373. You can change port by changing port in above commands.

    -N = Do not execute a remote command. This is useful for just forwarding ports.
    -f = go into background mode.

    Forwarding Remote Port to local

    You have a remote server that run a service on some port, that is not accessable to public. This is useful for services like MySQL, redis that is bind to 127.0.0.1 by default for security reason.

    ssh -L 9999:127.0.0.1:3306 root@REMOTE_SERVER_IP

    Example

    ssh -L 9999:127.0.0.1:3306 [email protected]

    MYSQL running on remote server will be available on port 9999 on local computer.

    You can add -f -N option in cause you need above ssh command run in background.

    Forwarding local port to remote server

    Lets say you have a local web site running on your computer, you need to show this to your customer. You can’t make the web site from your computer as you are behind NAT network and your router don’t support port forwarding.

    To forward local port to remote server, run

    ssh -R REMOTE_PORT:localhost:LOCAL_PORT root@REMOTE_SERVER_IP

    Example

    ssh -R 8080:localhost:80 [email protected]

    Service running on port 80 on local computer will be available on remote server on port 8080. Your customer can view the web site using url REMOTE_SERVER_IP:8080

    See SSH, SSH Port Forwarding

  • bash: man: command not found

    When running man command on a debian server, i get error

    root@lab:~# man sftp
-bash: man: command not found
root@lab:~#

    This is because man-db package not installed on the server. To fix, install man-db package with

    apt install man-db

    See Errors

  • host

    Find Reverse-DNS/PTR using dig, nslookup, host

  • Find Reverse-DNS/PTR using dig, nslookup, host

    Reverse-DNS/PTR is used by mail servers. It is used to map an IP address to FQDN or hostname.

    To find Reverse DNS record for an IP address, run

    nslookup IP_ADDR_HERE

    nslookup find PTR record

    In this example IP 51.38.246.115 have a Reverse DNS record ok.serverok.in

    Using dig

    You can also use dig command to find PTR record for an IP address.

    dig -x IP_ADDR_HERE
dig +short -x IP_ADDR_HERE

    dig ptr record

    Using host

    host IP_ADDR_HERE

    host command to find ptr record

    See DNS

  • Percona Monitoring and Management

    Percona Monitoring and Management is an Open Source monitoring software for MySQL, PostgreSQL and MongoDB.

    https://www.percona.com/software/database-tools/percona-monitoring-and-management

    It is based on grafana and node_exporter. You can see source code at

    https://github.com/percona/pmm

    Install instructions for Percona Monitoring and Management available at

    https://www.percona.com/software/pmm/quickstart

    See MySQL

  • Enable FTP for EasyEngine Website

    To Enable FTP for EasyEngine web sites, we need to install pure-ftpd. On Ubuntu/Debian, run

    apt install -y pure-ftpd

    Enable virtial FTP users

    ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
touch /etc/pure-ftpd/pureftpd.pdb

    In EasyEngine, we sites files are owned by www-data user, this user have a UID of 33. By default pure-ftpd won’t allow this. To enable users with UD 33 to login, run

    echo 1 > /etc/pure-ftpd/conf/MinUID

    Now lets create FTP user for a web site running in EasyEngine.

    pure-pw useradd  FTP_USER_HERE -u www-data -g www-data -d /opt/easyengine/sites/DOMAIN_NAME_HERE/app/

    In above command replace

    FTP_USER_HERE = FTP user for the web site, this can be any name, no space

    DOMAIN_NAME_HERE = the domain name of the web site that is hosted in EasyEngine, that you need FTP access.

    When you run above command, you will be asked to select password for the FTP user, this can be used to login to FTP server.

    Before you can login to FTP server with newly created virtual FTP user, you need to run

    pure-pw mkdb
systemctl restart pure-ftpd

    Change FTP Password

    If you want to change FTP user for a user, you can run

    pure-pw passwd FTP_USER_HERE
pure-pw mkdb
systemctl restart pure-ftpd

    Passive FTP Configuration

    Many cloud hosting providers like AWS, Google Cloud, Oracle Cloud, AliCloud servers use NAT networking. That is your VM have private IP and your public IP is routed to your VM. In such case, you need to enable Passive FTP, for this run

    echo "30000 50000" > /etc/pure-ftpd/conf/PassivePortRange
echo "YOUR_PUBLIC_IP" > /etc/pure-ftpd/conf/ForcePassiveIP

    YOUR_PUBLIC_IP = replace this with your public IP address.

    Restart pure-ftpd

    systemctl restart pure-ftpd

    Firewall configuration

    For Passive FTP, you need to open following ports in your firewall

    tcp 21
tcp 30000:50000

    On Oracle Cloud server, i edited file

    vi /etc/iptables/rules.v4

    Find

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

    Replace with

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 30000:50000 -j ACCEPT

    Now restore firewall rules with

    iptables-restore < /etc/iptables/rules.v4

    Now FTP will work.

    See EasyEngine

  • Uninstalling Software in Debian Server

    To uninstall a software on Debian server, run

    apt remove PKG_NAME

    Example

    uninstall software on debian server

    To all installed software with specific name, run

    dpkg-query -l PKG_NAME

    Example

    root@lab:~# dpkg-query -l 'nginx*'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version          Architecture Description
+++-==============-================-============-=========================================================
ii  nginx          1.14.2-2+deb10u3 all          small, powerful, scalable web/proxy server
ii  nginx-common   1.14.2-2+deb10u3 all          small, powerful, scalable web/proxy server - common files
un  nginx-doc                        (no description available)
un  nginx-extras                     (no description available)
ii  nginx-full     1.14.2-2+deb10u3 amd64        nginx web/proxy server (standard version)
un  nginx-light                      (no description available)
root@lab:~#

    In above list, packages start with

    ii = installed
    un = currently not installed on the server

    When you uninstall a package, it won’t remove all config files, such packages list as uninsalled (un). To completely delete a package, its config file and data, use

    apt remove --purge PKG_NAME

    Example

    apt remove --purge apache2

    After removing a software package, you may need to run apt autoremove to remove any unused dependency.

    apt autoremove

    See apt

  • EasyEngine Create Site

    To create HTML web site

    ee site create example.com --html

    To create PHP web site

    ee site create example.com --php

    To create PHP/MySQL web site

    ee site create example.com --mysql

    To enable LetsEncrypt SSL, add –letsencrypt 

    ee site create example.com --letsencrypt

    Create WordPress site

    ee site create example.com --wp # install wordpress without any page caching
ee site create example.com --w3tc # install wordpress with w3-total-cache plugin
ee site create example.com --wpsc # install wordpress with whisp-super-cache plugin
ee site create example.com --wpfc # install wordpress + nginx fastcgi_cache
ee site create example.com --wpredis # install wordpress + nginx redis_cache

    Create WordPress site with PHP 7.3 and cache enabled

    ee site create domain.com --type=wp --php=7.3 --cache --ssl=le

    Secify wordpress admin user and email during site creation

    ee site create stunningbeachwear.ee.serverok.in --type=wp --php=7.4 --cache --ssl=le --admin-user=admin [email protected]

    Create WordPress multi site

    ee site create example.com --wpsubdir # install wpmu-subdirectory without any page caching
ee site create example.com --wpsubdir --w3tc # install wpmu-subdirectory with w3-total-cache plugin
ee site create example.com --wpsubdir --wpsc # install wpmu-subdirectory with wp-super-cache plugin
ee site create example.com --wpsubdir --wpfc # install wpmu-subdirectory + nginx fastcgi_cache
ee site create example.com --wpsubdir --wpredis # install wpmu-subdirectory + nginx redis_cache

    WordPress Multisite with subdomain

    ee site create example.com --wpsubdom # install wpmu-subdomain without any page caching
ee site create example.com --wpsubdom --w3tc # install wpmu-subdomain with w3-total-cache plugin
ee site create example.com --wpsubdom --wpsc # install wpmu-subdomain with wp-super-cache plugin
ee site create example.com --wpsubdom --wpfc # install wpmu-subdomain + nginx fastcgi_cache
ee site create example.com --wpsubdom --wpredis # install wpmu-subdomain + nginx redis_cache

    Ref: https://easyengine.io/docs/commands/site/create/

    See EasyEngine

  • Disable SELinux on CentOS/RHEL

    To disable SELinux

    Method 1

    sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0

    Method 2

    edit file

    vi /etc/selinux/config

    Find

    SELINUX=enforcing

    Replace with

    SELINUX=disabled

    Reboot the server with

    reboot

    You can disable selinux for current session by running command

    setenforce 0

    See SELinux