Re^6: [OT] A New Everything ?

in reply to Re^5: [OT] A New Everything ?
in thread [OT] A New Everything ?

Do check that your new provider is actively serving the DNS

$ host -t soa www.merrillpjensen.com
www.merrillpjensen.com has SOA record ns1.digitalocean.com. hostmaster
+.www.merrillpjensen.com. 1600641995 10800 3600 604800 1800
$
[download]

$ ssh root@206.189.67.44
root@206.189.67.44's password: 
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-45-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon Sep 21 19:28:21 UTC 2020

  System load:           0.02
  Usage of /:            7.0% of 24.06GB
  Memory usage:          25%
  Swap usage:            0%
  Processes:             106
  Users logged in:       0
  IPv4 address for eth0: 206.189.67.44
  IPv4 address for eth0: 10.46.0.6
  IPv6 address for eth0: 2604:a880:2:d0::21c5:9001
  IPv4 address for eth1: 10.120.0.2

25 updates can be installed immediately.
0 of these updates are security updates.
To see these additional updates run: apt list --upgradable


*** System restart required ***
Last login: Mon Sep 21 00:18:51 2020 from 75.164.47.252
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:~# pwd
/root
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:~# cd ..
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# ls
bin   dev  home  lib32  libx32      media  opt   root  sbin  srv  tmp 
+ var
boot  etc  lib   lib64  lost+found  mnt    proc  run   snap  sys  usr
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# uname -r
5.4.0-45-generic
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# hostnamectl
   Static hostname: ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 9ad82a334ffc4f5a93859909d4e33b84
           Boot ID: 8b0de2dfd5864eb89bfd87db74b1f79e
    Virtualization: kvm
  Operating System: Ubuntu 20.04.1 LTS
            Kernel: Linux 5.4.0-45-generic
      Architecture: x86-64
root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/#
[download]

Q1) How do I integrate the above domain into this filesystem?

Q2) (No question too stupid, right) If I'm loggged in as root, do I use sudo on my commands?

Q3) How do I keep tally and track of robots that want to knock on my door?

I always like the random art that comes with

$ ssh-keygen

+---[RSA 2048]----+
|+  .o.o          |
|.E.. = =         |
|. *...*.=        |
|.= o.oo*o.       |
|+ * . ooSo + .   |
|.+ +    . * o .  |
|o o .    o + =   |
| o   . .  . = .  |
|      . ....     |
+----[SHA256]-----+
[download]

Thanks again for comments. Again, I'm trying to get to the The Topic more squarely....

Comment on Re^6: [OT] A New Everything ? Select or Download Code

Replies are listed 'Best First'.
Re^7: [OT] A New Everything ? by afoken (Chancellor) on Sep 21, 2020 at 20:36 UTC
`$ ssh root@206.189.67.44 root@206.189.67.44's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-45-generic x86_64)` [download] That should not work. Really, disable root login, or at least setup public key authentication. You really, really, really don't want a password-based root login on anything reachable from the internet, not even when you use SSH. Generally, create an unprivileged user, make sure that user can use sudo (member of sudo or wheel group, depending on Linux distribution), and disable root login via ssh. In /etc/ssh/sshd_config, set `PasswordAuthentication no` to completely disable login with passwords, and set `PermitRootLogin no`. See also Greetings and salutations \| sudo. Q2) (No question too stupid, right) If I'm loggged in as root, do I use sudo on my commands? Generally, you should not work as root, but instead use sudo. If you work as root, sudo is redundant, it just wastes CPU cycles. Oh, and by the way: `sudo su` is still around in far too many HOWTOs. You do not need su at all, uninstall it. Use `sudo -i` if you insist on getting an interactive root shell. Use `sudo -e somefile` to edit a file as root. Q3) How do I keep tally and track of robots that want to knock on my door? Depends on your provider. The easiest way is to ignore them and let your provider deal with them. Another quite easy way is to use fail2ban. It works especially well if your home (or office) uses a fixed IP address that is permanently whitelisted, that allows a very aggressive blacklisting of any system trying to access your server. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]
Re^8: [OT] A New Everything ? by marto (Cardinal) on Sep 21, 2020 at 20:58 UTC
"That should not work. https://www.digitalocean.com/docs/droplets/how-to/connect-with-ssh/ shows that it should, personal I don't feel that their warning against this is strong enough. Update: fixed typo, fat thumbs, auto correct...	[reply]
Re^8: [OT] A New Everything ? by Aldebaran (Curate) on Sep 22, 2020 at 06:24 UTC
I've been through this a couple times now, and I've managed to lock myself out twice. So, now I'm trying to follow instructions carefully. create an unprivileged user `root@third:~# useradd fred root@third:~# passwd fred New password: Retype new password: passwd: password updated successfully root@third:~# usermod -aG sudo fred root@third:~# groups fred` [download] I thought the point here was that I was to log out as root and back in as fred. I get nothing that way: `root@third:~# exit logout Connection to 143.110.153.42 closed. $ ssh fred@143.110.153.42 fred@143.110.153.42: Permission denied (publickey). $` [download] After the useradd, I go in, and there's nothing in home. That doesn't make sense to me. Oh, and by the way: sudo su is still around in far too many HOWTOs. You do not need su at all, uninstall it. Use sudo -i if you insist on getting an interactive root shell. Use sudo -e somefile to edit a file as root. Okay, copy that. `root@third:/# which su /usr/bin/su` [download] Is that as easy as `rm /usr/bin/su` Thanks for your explanations and advice.	[reply] [d/l] [select]
Re^9: [OT] A New Everything ? by marto (Cardinal) on Sep 22, 2020 at 06:45 UTC
That isn't how you are supposed to use `useradd` (deprecated in favor of `adduser`, see `man useradd`), you didn't pass the appropriate flags. Don't delete `sudo` or `su`, maintain the `sudoers` to allow/deny programs.	[reply] [d/l] [select]
Re^9: [OT] A New Everything ? by afoken (Chancellor) on Sep 22, 2020 at 19:07 UTC
I thought the point here was that I was to log out as root and back in as fred. I get nothing that way: `root@third:~# exit logout Connection to 143.110.153.42 closed. $ ssh fred@143.110.153.42 fred@143.110.153.42: Permission denied (publickey). $` [download] It seems fred lacks his public key in the file ~fred/.ssh/authorized_keys. You need to upload that before blocking password logins, e.g. using ssh-copy-id, add add it to the autorhized_keys file. Once that is set up, you should be able to log in using the public key. Is that as easy as `rm /usr/bin/su` [download] Yes and no. It does remove su, but you are supposed to uninstall the entire package, e.g. using `apt-get remove package-name` on Debian-based distributions. The package name depends on the distribution. On Ubuntu, it's in util-linux, and you really don't want to uninstall that package. Just leave su as is. It won't hurt for now. After the useradd, I go in, and there's nothing in home. That doesn't make sense to me. Home is supposed to be empty, or a copy of /etc/skel/. How should the operating system know what you want to put there? Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]
Re^10: [OT] A New Everything ? by marto (Cardinal) on Sep 23, 2020 at 10:11 UTC
Re^11: [OT] A New Everything ? by afoken (Chancellor) on Sep 25, 2020 at 06:30 UTC
Some notes below your chosen depth have not been shown here
Re^9: [OT] A New Everything ? by Anonymous Monk on Sep 23, 2020 at 09:58 UTC
It might be a good idea to read the Debian Administrator's Handbook by Rapha�l Hertzog and Roland Mas, available as the `debian-handbook` package or on its own website. I know you are using Ubuntu, but as a Debian derivative it should be comparable for the purposes of system administration.	[reply] [d/l]
Re^7: [OT] A New Everything ? by marto (Cardinal) on Sep 21, 2020 at 20:33 UTC
https://www.digitalocean.com/community/tutorials has you covered on all aspects here. See also fail2ban. Setup ssh for keys only login, on a different port. They have tutorials on server hardening, hosting, you name it.	[reply]

In Section Seekers of Perl Wisdom