Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re^6: [OT] A New Everything ?

by Aldebaran (Deacon)
on Sep 21, 2020 at 20:09 UTC ( #11122031=note: print w/replies, xml ) Need Help??


in reply to Re^5: [OT] A New Everything ?
in thread [OT] A New Everything ?

Do check that your new provider is actively serving the DNS
$ host -t soa www.merrillpjensen.com www.merrillpjensen.com has SOA record ns1.digitalocean.com. hostmaster +.www.merrillpjensen.com. 1600641995 10800 3600 604800 1800 $
$ ssh root@206.189.67.44 root@206.189.67.44's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-45-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as of Mon Sep 21 19:28:21 UTC 2020 System load: 0.02 Usage of /: 7.0% of 24.06GB Memory usage: 25% Swap usage: 0% Processes: 106 Users logged in: 0 IPv4 address for eth0: 206.189.67.44 IPv4 address for eth0: 10.46.0.6 IPv6 address for eth0: 2604:a880:2:d0::21c5:9001 IPv4 address for eth1: 10.120.0.2 25 updates can be installed immediately. 0 of these updates are security updates. To see these additional updates run: apt list --upgradable *** System restart required *** Last login: Mon Sep 21 00:18:51 2020 from 75.164.47.252 root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:~# pwd /root root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:~# cd .. root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# ls bin dev home lib32 libx32 media opt root sbin srv tmp + var boot etc lib lib64 lost+found mnt proc run snap sys usr root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# uname -r 5.4.0-45-generic root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/# hostnamectl Static hostname: ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet Icon name: computer-vm Chassis: vm Machine ID: 9ad82a334ffc4f5a93859909d4e33b84 Boot ID: 8b0de2dfd5864eb89bfd87db74b1f79e Virtualization: kvm Operating System: Ubuntu 20.04.1 LTS Kernel: Linux 5.4.0-45-generic Architecture: x86-64 root@ubuntu-s-1vcpu-1gb-sfo2-01-first-droplet:/#

Q1) How do I integrate the above domain into this filesystem?

Q2) (No question too stupid, right) If I'm loggged in as root, do I use sudo on my commands?

Q3) How do I keep tally and track of robots that want to knock on my door?

I always like the random art that comes with

$ ssh-keygen
+---[RSA 2048]----+ |+ .o.o | |.E.. = = | |. *...*.= | |.= o.oo*o. | |+ * . ooSo + . | |.+ + . * o . | |o o . o + = | | o . . . = . | | . .... | +----[SHA256]-----+

Thanks again for comments. Again, I'm trying to get to the The Topic more squarely....

Replies are listed 'Best First'.
Re^7: [OT] A New Everything ?
by afoken (Canon) on Sep 21, 2020 at 20:36 UTC
    $ ssh root@206.189.67.44 root@206.189.67.44's password: Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-45-generic x86_64)

    That should not work. Really, disable root login, or at least setup public key authentication. You really, really, really don't want a password-based root login on anything reachable from the internet, not even when you use SSH. Generally, create an unprivileged user, make sure that user can use sudo (member of sudo or wheel group, depending on Linux distribution), and disable root login via ssh.

    In /etc/ssh/sshd_config, set PasswordAuthentication no to completely disable login with passwords, and set PermitRootLogin no.

    See also Greetings and salutations | sudo.

    Q2) (No question too stupid, right) If I'm loggged in as root, do I use sudo on my commands?

    Generally, you should not work as root, but instead use sudo. If you work as root, sudo is redundant, it just wastes CPU cycles.

    Oh, and by the way: sudo su is still around in far too many HOWTOs. You do not need su at all, uninstall it. Use sudo -i if you insist on getting an interactive root shell. Use sudo -e somefile to edit a file as root.

    Q3) How do I keep tally and track of robots that want to knock on my door?

    Depends on your provider. The easiest way is to ignore them and let your provider deal with them.

    Another quite easy way is to use fail2ban. It works especially well if your home (or office) uses a fixed IP address that is permanently whitelisted, that allows a very aggressive blacklisting of any system trying to access your server.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

      I've been through this a couple times now, and I've managed to lock myself out twice. So, now I'm trying to follow instructions carefully.

      create an unprivileged user
      root@third:~# useradd fred root@third:~# passwd fred New password: Retype new password: passwd: password updated successfully root@third:~# usermod -aG sudo fred root@third:~# groups fred

      I thought the point here was that I was to log out as root and back in as fred. I get nothing that way:

      root@third:~# exit logout Connection to 143.110.153.42 closed. $ ssh fred@143.110.153.42 fred@143.110.153.42: Permission denied (publickey). $

      After the useradd, I go in, and there's nothing in home. That doesn't make sense to me.

      Oh, and by the way: sudo su is still around in far too many HOWTOs. You do not need su at all, uninstall it. Use sudo -i if you insist on getting an interactive root shell. Use sudo -e somefile to edit a file as root.

      Okay, copy that.

      root@third:/# which su /usr/bin/su

      Is that as easy as

      rm /usr/bin/su

      Thanks for your explanations and advice.

        That isn't how you are supposed to use useradd (deprecated in favor of adduser, see man useradd), you didn't pass the appropriate flags. Don't delete sudo or su, maintain the sudoers to allow/deny programs.

        I thought the point here was that I was to log out as root and back in as fred. I get nothing that way:

        root@third:~# exit logout Connection to 143.110.153.42 closed. $ ssh fred@143.110.153.42 fred@143.110.153.42: Permission denied (publickey). $

        It seems fred lacks his public key in the file ~fred/.ssh/authorized_keys. You need to upload that before blocking password logins, e.g. using ssh-copy-id, add add it to the autorhized_keys file. Once that is set up, you should be able to log in using the public key.

        Is that as easy as

        rm /usr/bin/su

        Yes and no. It does remove su, but you are supposed to uninstall the entire package, e.g. using apt-get remove package-name on Debian-based distributions. The package name depends on the distribution. On Ubuntu, it's in util-linux, and you really don't want to uninstall that package. Just leave su as is. It won't hurt for now.

        After the useradd, I go in, and there's nothing in home. That doesn't make sense to me.

        Home is supposed to be empty, or a copy of /etc/skel/. How should the operating system know what you want to put there?

        Alexander

        --
        Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
        It might be a good idea to read the Debian Administrator's Handbook by RaphaŽl Hertzog and Roland Mas, available as the debian-handbook package or on its own website. I know you are using Ubuntu, but as a Debian derivative it should be comparable for the purposes of system administration.
Re^7: [OT] A New Everything ?
by marto (Cardinal) on Sep 21, 2020 at 20:33 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11122031]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (3)
As of 2020-11-27 03:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?