uuupah/11ty_neocities
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add home server core

Browse Source
This commit is contained in:
jonathan
2023-11-06 18:36:23 +10:30
parent 4cb849c424
commit 553773cca6
16 changed files with 1024 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
src/misc/auto_mount_drive_in_ubuntu_server_22_04_at_startup.md Normal file
View File

@@ -0,0 +1,103 @@
---
title: backup of "auto mount drive in ubuntu server 22.04"
date: 2023-11-06
---
backup of "auto mount drive in ubuntu server 22.04" by vineet choudhary. original post is [here](https://developerinsider.co/auto-mount-drive-in-ubuntu-server-22-04-at-startup/)
---
When we connect an external drive, by default, Linux OS (or Ubuntu Server) doesn't automount the external drive at startup. We can mount it very easily using the `mount` command but we want to enable automount feature on startup. So, we don't need to mount the drive again after restarting or logging into Linux OS. Here are steps to auto mount drive at startup -
## 1. Create the Mount Point
First, we need to create a directory which will be our mount point for a drive
```
sudo mkdir /media/USB1
```
## 2. Get Drive UUID and Type
Now, we need to get the drive UUID and File System Type. This information we need in the next step. So, to find the drive's UUID and File System Type, run the following command -
```
lsblk -o NAME,FSTYPE,UUID,MOUNTPOINTS
```
This will return something like what we have below. Here you can see, sd2 is type exfat and doesn't have any mount point. So, we need to mount this sda2 on `/media/USB1`. There UUID for this is `632D-7154` and File System Type is `exfat`. So, Copy the UUID and File System Type from the disk.
```
NAME FSTYPE UUID MOUNTPOINTS
sda
├─sda1 vfat 67E3-17ED
└─sda2 exfat 632D-7154
sdb
├─sdb1 vfat D7E2-9D99 /boot/firmware
└─sdb2 ext4 b09bb4c8-de4d-4ce6-a93f-30c4c9241a58 /
```
## 3. Edit fstab
To edit the fstab file run the following command (note I'm using nano here but use whatever editor you prefer)
```
sudo nano /etc/fstab
```
You'll see something like this -
```
LABEL=writable / ext4 discard,errors=remount-ro 0 1
LABEL=system-boot /boot/firmware vfat defaults 0 1
```
Here we need to add one more entry for our drive. The format for adding a new entry is something like this -
```
<file system> <mount point> <type> <options> <dump> <pass>
UUID=<UUID> <PATH_TO_MOUNT> <DRIVE_TYPE> defaults 0 0
```
So, here is the entry for our drive
```
# USB1
UUID=632D-7154 /media/USB1 exfat defaults 0 0
```
## 4. Test fstab
Now we'll test the `fstab` before rebooting because an invalid `fstab` can render a disk unbootable. So, for the test, run the following command and check if there is any error or warnings. Do not reboot your Ubuntu Server / Linux OS without resolving those errors or warnings (if any).
```
sudo findmnt --verify
```
## 5. Restart Ubuntu Server / Linux OS
If the last step doesn't show any error or warnings then restart Ubuntu Server / Linux OS using the following command -
```
sudo reboot
```
## 6. Test the Mount Point
Run the same command which we run in Step 2 to check if our drive is mounted to its mount point.
```
lsblk -o NAME,FSTYPE,UUID,MOUNTPOINTS
```
```
NAME FSTYPE UUID MOUNTPOINTS
sda
├─sda1 vfat 67E3-17ED
└─sda2 exfat 632D-7154 /media/USB1
sdb
├─sdb1 vfat D7E2-9D99 /boot/firmware
└─sdb2 ext4 b09bb4c8-de4d-4ce6-a93f-30c4c9241a58 /
```
Here you can see, `sda2` is now mounted to `/media/USB1`.

195
src/misc/complete_guide_to_configuring_ssh_in_ubuntu.md Normal file
View File

@@ -0,0 +1,195 @@
---
title: backup of "complete guide to configuring ssh in ubuntu"
date: 2023-11-06
---
backup of "complete guide to configuring ssh in ubuntu" by chris patrick carias stas. original post is [here](https://itsfoss.com/set-up-ssh-ubuntu/)
---
SSH has become the default method of accessing a remote Linux server these days.
SSH stands for Secure Shell and its a powerful, efficient, and popular network protocol used to establish communication between two computers in a remote fashion. And lets not forget the secure part of its name; SSH encrypts all traffic to prevent attacks like hijacking and eavesdropping while offering different authentication methods and a myriad of configuration options.
In this beginners guide, youll learn:
- The basic concept of SSH
- Setting up SSH server (on the system you want to access remotely)
- Connecting to remote server via SSH from the client machine (your personal computer)
### The absolute basics of SSH
Before you see any configuration process, it will be better to go through the absolute basic concept of SSH.
The SSH protocol is based on server-client architecture. The “server” allows the “client” to be connected over a communication channel. This channel is encrypted and the exchange is governed by the use of public and private SSH keys.
![](/_assets/img/unlisted/complete_guide_ssh/ssh.jpg)
Image credit: [SSH](https://www.ssh.com/academy/ssh?ref=itsfoss.com)
[OpenSSH](https://www.openssh.com/?ref=itsfoss.com) is one of the most popular open source tools that provides the SSH functionality on Linux, BSD and Windows.
For a successful SSH set up, you need to:
- Have SSH server components on the machine that acts as the server. This is provided by **openssh-server** package.
- Have SSH client component on the machine from where you want to connect to the remote server machine. This is provided by **openssh-client** package and most Linux and BSD distributions come preinstalled with it.
It is important to keep a distinction between the server and client. You might not want your personal computer to act as SSH server unless you have good reasons where you want others to connect to your system via SSH.
Generally, you have a dedicated system working as the server. For example, a [Raspberry Pi running Ubuntu server](https://itsfoss.com/install-ubuntu-server-raspberry-pi/). You [enable SSH on the Raspberry Pi](https://itsfoss.com/ssh-into-raspberry/) so that you could control and manage the device from your main personal computer using SSH in a terminal.
With that information, lets see how you can set up a SSH server on Ubuntu.
# Configuring SSH Server on Ubuntu
Setting up SSH is not complicated and just needs a few steps to do it.
### Prerequisites
- A user with sudo privileges on the server machine
- Internet connection to download the required packages
- At least another system in your network. It can be another computer on your LAN, a remote server via Internet, or a virtual machine hosted in your computer.
> *Again, the SSH server installation should be done on the system that you want to act as a server and to which you want to connect remotely via SSH.*
### Step 1: Install required packages
Lets start by opening a terminal window to enter the necessary commands.
Remember to [update your Ubuntu system](https://itsfoss.com/update-ubuntu/) before installing new packages or software with to make sure that you are running the latest versions.
```sh
sudo apt update && sudo apt upgrade
```
The package you need to run SSH Server is provided by openssh-server component from OpenSSH:
```sh
sudo apt install openssh-server
```
![](/_assets/img/unlisted/complete_guide_ssh/installing.jpg)
### Step 2: Checking the status of the server
Once the downloading and installation of the package is done the SSH service should be already running, but to be sure we will check it with:
```sh
service ssh status
```
You may also use the systemd commands:
```sh
sudo systemctl status ssh
```
You should see something like this, with the word Active highlighted. Hit `q` to return to the command prompt.
![](/_assets/img/unlisted/complete_guide_ssh/checking.jpg)
If in your case the service is not running you will have to activate like this:
```sh
sudo systemctl enable --now ssh
```
### Step 3: Allowing SSH through the firewall
Ubuntu comes with a firewall utility called [UFW](https://itsfoss.com/set-up-firewall-gufw/) (UncomplicatedFirewall) which is an interface for iptables that in turn manages the networks rules. If the firewall is active, it may prevent the connection to your SSH Server.
To [configure UFW](https://itsfoss.com/ufw-ubuntu/) so that it allows the wanted access, you need to run the following command:
```sh
sudo ufw allow ssh
```
The status of UFW can be checked running `sudo ufw status``.
At this time our SSH Server is up and running, just waiting for a connection from a client.
### Connecting to the remote system from your local machine
Your local Linux system should already have an SSH client installed. If not, you may always install it using the following command on Ubuntu:
```sh
sudo apt install openssh-client
```
To connect to your Ubuntu system you need to know the IP address of the computer and use the ssh command, like this:
```sh
ssh username@address
```
Change *username* to your actual user in the system and *address* to the IP address of your Ubuntu machine.
If you dont [know the IP address of your computer](https://itsfoss.com/check-ip-address-ubuntu/) you can type `ip a` in the terminal of the server and check the output. You should have something like this:
![](/_assets/img/unlisted/complete_guide_ssh/find_ip.jpg)
Using “ip a” to find the IP address
As can be seen here my IP address is *192.168.1.111*. Lets try connecting using the *username@address* format.
```sh
ssh team@192.168.1.111
```
The first time you connect to a SSH server, it will ask for permission to add the host. Type `yes` and hit Enter to continue.
![](/_assets/img/unlisted/complete_guide_ssh/connecting.jpg)
First time connecting to the server
Immediately SSH tells you that the host was permanently added and then asks for the password assigned to the username. Type in the password and hit Enter one more time.
![](/_assets/img/unlisted/complete_guide_ssh/password.jpg)
Host added, now type in the password
And voila! You will be logged into your Ubuntu system remotely!
![](/_assets/img/unlisted/complete_guide_ssh/connected.jpg)
Connected!
Now you can work in your remote systems terminal as normal.
### Closing the SSH connection
To close the connection you just need to type exit and it will close it at once, without asking for confirmation.
![](/_assets/img/unlisted/complete_guide_ssh/exit.jpg)
Closing the connection with “exit”
### Stopping and Disabling SSH in Ubuntu
If you want to stop SSH service you will need this command:
```sh
sudo systemctl stop ssh
```
This will stop the service until you restart it or until the system is rebooted. To restart it, type:
```sh
sudo systemctl start ssh
```
Now, if you want to disable it from starting during system boot, use this:
```sh
sudo systemctl disable ssh
```
This wont stop the service from running during the current session, just from loading during startup. If you want to let it start again during system boot, type:
sudo systemctl enable ssh
### Other SSH clients
The tool ssh is included in most *nix systems, from Linux to macOS, but those are not the only options in existence, here are a couple of clients that can be used from other operating systems:
- [PuTTY](https://www.putty.org/?ref=itsfoss.com) is a free and open source SSH client which is hugely popular among Windows users. You can also [install PuTTY on Ubuntu](https://itsfoss.com/putty-linux/). Its full of features and very easy to use. If you are connecting to your Ubuntu machine from a Windows station, PuTTY is a great option.
- [JuiceSSH](https://juicessh.com/?ref=itsfoss.com) is an amazing tool for Android users. If you are on the go and need a mobile client to connect to your Ubuntu system, I amply recommend giving JuiceSSH a go. Its been around for almost 10 years and its free to use.
- And finally, [Termius](https://termius.com/?ref=itsfoss.com) is available for Linux, Windows, macOS, iOS, and Android. It has a free tier version and also several premium options. If you are running a lot of servers and working with teams sharing connections then Termius is a good option for you.
### Wrapping Up
With these instructions, you can set up SSH as a server service in our Ubuntu systems to be able to connect remotely and securely to your computer in order to work with the command line and perform any required task.
Our other website, Linux Handbook, has various informational articles on SSH. From here, I recommend reading the following:
- [Getting started with SSH on Linux](https://linuxhandbook.com/ssh-basics/?ref=itsfoss.com)
- [Using SSH Config file to manage multiple SSH connections](https://linuxhandbook.com/ssh-config-file/?ref=itsfoss.com)
- [Adding public key to SSH server for password less authentication](https://linuxhandbook.com/add-ssh-public-key-to-server/?ref=itsfoss.com)
- [SSH hardening tips](https://linuxhandbook.com/ssh-hardening-tips/?ref=itsfoss.com) to secure your SSH server
If you find it overwhelming, Linux [Handbook has a premium video course that explains SSH for beginners](https://linuxhandbook.com/sshcourse/?ref=itsfoss.com) along with hands-on labs to follow. This will give you a more streamlined knowledge of the topic.
Happy remote working!

271
src/misc/how_to_partition_and_format_storage_devices_in_linux.md Normal file
View File

@@ -0,0 +1,271 @@
---
title: backup of "how to partition and format storage devices in linux"
date: 2023-11-06
---
backup of "how to partition and format storage devices in linux" by justin ellingwood, published 5 july 2016. original post is [here](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux)
---
### [Introduction](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#introduction)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#introduction)
Preparing a new disk for use on a Linux system is a straightforward process. There are many tools, filesystem formats, and partitioning schemes that may change the process if you have specialized needs, but the fundamentals remain the same.
This guide will cover the following process:
- Identifying the new disk on the system.
- Creating a single partition that spans the entire drive (most operating systems expect a partition layout, even if only one filesystem is present)
- Formatting the partition with the Ext4 filesystem (the default in most modern Linux distributions)
- Mounting and setting up Auto-mounting of the filesystem at boot
## [Step 1 — Install Parted](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-1-install-parted)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-1-install-parted)
To partition the drive, youll use the `parted` utility. Most of the commands necessary for interacting with a low-level filesystem are available by default on Linux. `parted`, which creates partitions, is one of the only occasional exceptions.
If you are on an Ubuntu or Debian server and do not have `parted` installed, you can install it by typing:
```
sudo apt update
sudo apt install parted
```
If you are on an RHEL, Rocky Linux, or Fedora server, you can install it by typing:
```
sudo dnf install parted
```
Every other command used in this tutorial should be preinstalled, so you can move on to the next step.
## [Step 2 — Identify the New Disk on the System](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-2-identify-the-new-disk-on-the-system)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-2-identify-the-new-disk-on-the-system)
Before you set up the drive, you need to be able to properly identify it on the server.
If this is a completely new drive, One way to identify it on your server is to look for the absence of a partitioning scheme. If you ask `parted` to list the partition layout of your disks, it will produce an error for any disks that dont have a valid partition scheme. This can be used to help identify the new disk:
```
sudo parted -l | grep Error
```
You should see an `unrecognized disk label` error for the new, unpartitioned disk:
```
OutputError: /dev/sda: unrecognized disk label
```
You can also use the `lsblk` command and look for a disk of the correct size that has no associated partitions:
```
lsblk
```
```
OutputNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
vda 253:0 0 20G 0 disk
└─vda1 253:1 0 20G 0 part /
```
> **Note:** Remember to check `lsblk` every time you reconnect to your server before making changes. The `/dev/sd*` and `/dev/hd*` disk identifiers will not necessarily be consistent between boots, which means there is some danger of partitioning or formatting the wrong disk if you do not verify the disk identifier correctly.
Consider using more persistent disk identifiers like `/dev/disk/by-uuid`, `/dev/disk/by-label`, or `/dev/disk/by-id`. See our [introduction to storage concepts and terminology in Linux](https://www.digitalocean.com/community/tutorials/an-introduction-to-storage-terminology-in-linux) article for more information.
When you know the name that the kernel has assigned your disk, you can partition your drive.
## [Step 3 — Partition the New Drive](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-3-partition-the-new-drive)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-3-partition-the-new-drive)
As mentioned in the introduction, youll create a single partition spanning the entire disk in this guide.
### [Choose a Partitioning Standard](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#choose-a-partitioning-standard)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#choose-a-partitioning-standard)
To do this, you first need to specify the partitioning standard to use. There are two options: GPT and MBR. GPT is a more modern standard, while MBR is more widely supported among older operating systems. For a typical cloud server, GPT is a better option.
To choose the GPT standard, pass the disk you identified to `parted` with `mklabel gpt`:
```
sudo parted /dev/sda mklabel gpt
```
To use the MBR format, use `mklabel msdos`:
```
sudo parted /dev/sda mklabel msdos
```
### [Create the New Partition](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#create-the-new-partition)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#create-the-new-partition)
Once the format is selected, you can create a partition spanning the entire drive by using `parted -a`:
```
sudo parted -a opt /dev/sda mkpart primary ext4 0% 100%
```
You can break down this command as follows:
- `parted -a opt` runs parted, setting the default **opt**imal alignment type.
- `/dev/sda` is the disk that youre partitioning.
- `mkpart primary ext4` makes a standalone (i.e. bootable, not extended from another) partition, using the ext4 filesystem.
- `0% 100%` means that this partition should span from the start to the finish of the disk.
For more information, refer to the [manual page](https://linux.die.net/man/8/parted) of Parted.
If you check `lsblk`, you should see the new partition available:
```
lsblk
```
```
OutputNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
└─sda1 8:1 0 100G 0 part
vda 253:0 0 20G 0 disk
└─vda1 253:1 0 20G 0 part /
```
You now have a new partition created, but it has not yet been initialized as a filesystem. The difference between these two steps is somewhat arbitrary, and unique to the way Linux filesystems work, but they are still two steps in practice.
## [Step 4 — Create a Filesystem on the New Partition](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-4-create-a-filesystem-on-the-new-partition)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-4-create-a-filesystem-on-the-new-partition)
Now that you have a partition available, you can initialize it as an Ext4 filesystem. Ext4 is not the only filesystem option available, but it is the most straightforward option for a single, standalone Linux volume. Windows uses filesystems like **NTFS** and **exFAT**, but they have limited support on other platforms (meaning that they will be read-only in some contexts, and cannot be used as a boot drive for other operating systems), and macOS uses **HFS+** and **APFS**, with the same caveats. There are also newer Linux filesystems than Ext4, such as **ZFS** and **BTRFS**, but these impose different requirements and they are generally better-suited to multi-disk arrays.
To initialize an Ext4 filesystem, use the `mkfs.ext4` utility. You can add a partition label with the `-L` flag. Select a name that will help you identify this particular drive:
> **Note:** Make sure you provide the path to the partition and not the entire disk. In Linux, disks have names like `sda`, `sdb`, `hda`, etc. The partitions on these disks have a number appended to the end. So you would want to use something like `sda1`, not `sda`.
```
sudo mkfs.ext4 -L datapartition /dev/sda1
```
If you want to change the partition label later on, you can use the `e2label` command:
```
sudo e2label /dev/sda1 newlabel
```
You can see all of the different ways to identify your partition with `lsblk`. You should find the name, label, and UUID of the partition.
Some versions of `lsblk` will print all of this information with the `--fs` argument:
```
sudo lsblk --fs
```
You can also specify them manually with `lsblk -o` followed by the relevant options:
```
sudo lsblk -o NAME,FSTYPE,LABEL,UUID,MOUNTPOINT
```
You should receive output like this. The highlighted output indicate different methods you can use to refer to the new filesystem:
```
OutputNAME FSTYPE LABEL UUID MOUNTPOINT
sda
└─sda1 ext4 datapartition 4b313333-a7b5-48c1-a957-d77d637e4fda
vda
└─vda1 ext4 DOROOT 050e1e34-39e6-4072-a03e-ae0bf90ba13a /
```
Make a note of this output, as youll use it when mounting the filesystem in the next step.
## [Step 5 — Mount the New Filesystem](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-5-mount-the-new-filesystem)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#step-5-mount-the-new-filesystem)
Now, you can mount the filesystem for use.
The [Filesystem Hierarchy Standard](http://refspecs.linuxfoundation.org/fhs.shtml) recommends using the `/mnt` directory or a subdirectory under it for temporarily mounted filesystems (like removable drives). It makes no recommendations on where to mount more permanent storage, so you can choose whichever scheme youd like. For this tutorial, youll mount the drive under `/mnt/data`.
Create that directory using `mkdir`:
```
sudo mkdir -p /mnt/data
```
### [Mounting the Filesystem Temporarily](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#mounting-the-filesystem-temporarily)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#mounting-the-filesystem-temporarily)
You can mount the filesystem temporarily by typing:
```
sudo mount -o defaults /dev/sda1 /mnt/data
```
### [Mounting the Filesystem Automatically at Boot](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#mounting-the-filesystem-automatically-at-boot)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#mounting-the-filesystem-automatically-at-boot)
In order to mount the filesystem automatically each time the server boots, youll add an entry to the `/etc/fstab` file. This file contains information about all of your systems permanent, or routinely mounted, disks. Open the file using `nano` or your favorite text editor:
```
sudo nano /etc/fstab
```
In the last step, you used the `sudo lsblk --fs` command to display identifiers for your filesystem. You can use any of these in this file. This example uses the partition _label_, but you can see what the lines would look like using the other two identifiers in the commented out lines:
##### /etc/fstab
```
. . .
## Use one of the identifiers you found to reference the correct partition
# /dev/sda1 /mnt/data ext4 defaults 0 2
# UUID=4b313333-a7b5-48c1-a957-d77d637e4fda /mnt/data ext4 defaults 0 2
LABEL=datapartition /mnt/data ext4 defaults 0 2
```
Beyond the `LABEL=datapartition` element, these options work as follows:
- `/mnt/data` is the path where the disk is being mounted.
- `ext4` connotes that this is an Ext4 partition.
- `defaults` means that this volume should be mounted with the default options, such as read-write support.
- `0 2` signifies that the filesystem should be validated by the local machine in case of errors, but as a `2`nd priority, after your root volume.
> **Note:** You can learn about the various fields in the `/etc/fstab` file by checking its [man page](https://linux.die.net/man/5/fstab) For information about the mount options available for a specific filesystem type, check `man [filesystem]` (like `man ext4`).
Save and close the file when you are finished. If you are using `nano`, press `Ctrl+X`, then when prompted to confirm, `Y` and then `Enter`.
If you did not mount the filesystem previously, you can now mount it with `mount -a`:
```
sudo mount -a
```
### [Testing the Mount](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#testing-the-mount)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#testing-the-mount)
After youve mounted the volume, we should check to make sure that the filesystem is accessible.
You can check if the disk is available in the output from the `df` command. Sometimes `df` will include unnecessary information about temporary filesystems called `tmpfs` in `df` output, which you can exclude by appending `-x tmpfs`:
```
df -h -x tmpfs
```
```
OutputFilesystem Size Used Avail Use% Mounted on
/dev/vda1 20G 1.3G 18G 7% /
/dev/sda1 99G 60M 94G 1% /mnt/data
```
You can also check that the disk mounted with read and write capabilities by writing to a test file:
```
echo "success" | sudo tee /mnt/data/test_file
```
Read the file back just to make sure the write executed correctly:
```
cat /mnt/data/test_file
```
```
Outputsuccess
```
You can remove the file after you have verified that the new filesystem is functioning correctly:
```
sudo rm /mnt/data/test_file
```
## [Conclusion](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#conclusion)[](https://www.digitalocean.com/community/tutorials/how-to-partition-and-format-storage-devices-in-linux#conclusion)
Your new drive should now be partitioned, formatted, mounted, and ready for use. This is the general process you can use to turn a raw disk into a filesystem that Linux can use for storage. There are more complex methods of partitioning, formatting, and mounting which may be more appropriate in some cases, but the above is a good starting point for general use.
Next, you may want to learn [how to use SSHFS to mount remote volumes over SSH](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh)

296
src/misc/how_to_set_up_a_firewall_with_ufw_on_ubuntu_20_04.md Normal file
View File

@@ -0,0 +1,296 @@
---
title: backup of "complete guide to configuring ssh in ubuntu"
date: 2023-11-06
---
backup of "how to set up a firewall with ufw on ubuntu 20.04" by brian boucheron, published 5 may 2020. original post is [here](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04)
---
### [Introduction](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#introduction)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#introduction)
UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as `iptables` and `nftables`. If youre looking to get started securing your network, and youre not sure which tool to use, UFW may be the right choice for you.
This tutorial will show you how to set up a firewall with UFW on Ubuntu 20.04.
## [Prerequisites](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#prerequisites)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#prerequisites)
To follow this tutorial, you will need:
- One Ubuntu 20.04 server with a sudo non-root user, which you can set up by following our [Initial Server Setup with Ubuntu 20.04 tutorial](https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04).
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with `sudo apt install ufw`.
## [Step 1 — Using IPv6 with UFW (Optional)](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-1-using-ipv6-with-ufw-optional)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-1-using-ipv6-with-ufw-optional)
This tutorial is written with IPv4 in mind, but will work for IPv6 as well as long as you enable it. If your Ubuntu server has IPv6 enabled, ensure that UFW is configured to support IPv6 so that it will manage firewall rules for IPv6 in addition to IPv4. To do this, open the UFW configuration with `nano` or your favorite editor.
```
sudo nano /etc/default/ufw
```
Then make sure the value of `IPV6` is `yes`. It should look like this:
/etc/default/ufw excerpt
```
IPV6=yes
```
Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Lets start with setting the default policies.
## [Step 2 — Setting Up Default Policies](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-2-setting-up-default-policies)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-2-setting-up-default-policies)
If youre just getting started with your firewall, the first rules to define are your default policies. These rules control how to handle traffic that does not explicitly match any other rules. By default, UFW is set to deny all incoming connections and allow all outgoing connections. This means anyone trying to reach your server would not be able to connect, while any application within the server would be able to reach the outside world.
Lets set your UFW rules back to the defaults so we can be sure that youll be able to follow along with this tutorial. To set the defaults used by UFW, use these commands:
```
sudo ufw default deny incoming
sudo ufw default allow outgoing
```
These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. Well look into that next.
## [Step 3 — Allowing SSH Connections](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-3-allowing-ssh-connections)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-3-allowing-ssh-connections)
If we enabled our UFW firewall now, it would deny all incoming connections. This means that we will need to create rules that explicitly allow legitimate incoming connections — SSH or HTTP connections, for example — if we want our server to respond to those types of requests. If youre using a cloud server, you will probably want to allow incoming SSH connections so you can connect to and manage your server.
To configure your server to allow incoming SSH connections, you can use this command:
```
sudo ufw allow ssh
```
This will create firewall rules that will allow all connections on port `22`, which is the port that the SSH daemon listens on by default. UFW knows what port `allow ssh` means because its listed as a service in the `/etc/services` file.
However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:
```
sudo ufw allow 22
```
If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port `2222`, you can use this command to allow connections on that port:
```
sudo ufw allow 2222
```
Now that your firewall is configured to allow incoming SSH connections, we can enable it.
## [Step 4 — Enabling UFW](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-4-enabling-ufw)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-4-enabling-ufw)
To enable UFW, use this command:
```
sudo ufw enable
```
You will receive a warning that says the command may disrupt existing SSH connections. We already set up a firewall rule that allows SSH connections, so it should be fine to continue. Respond to the prompt with `y` and hit `ENTER`.
The firewall is now active. Run the `sudo ufw status verbose` command to see the rules that are set. The rest of this tutorial covers how to use UFW in more detail, like allowing or denying different kinds of connections.
## [Step 5 — Allowing Other Connections](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-5-allowing-other-connections)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-5-allowing-other-connections)
At this point, you should allow all of the other connections that your server needs to respond to. The connections that you should allow depends on your specific needs. Luckily, you already know how to write rules that allow connections based on a service name or port; we already did this for SSH on port `22`. You can also do this for:
- HTTP on port 80, which is what unencrypted web servers use, using `sudo ufw allow http` or `sudo ufw allow 80`
- HTTPS on port 443, which is what encrypted web servers use, using `sudo ufw allow https` or `sudo ufw allow 443`
There are several others ways to allow other connections, aside from specifying a port or known service.
### [Specific Port Ranges](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#specific-port-ranges)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#specific-port-ranges)
You can specify port ranges with UFW. Some applications use multiple ports, instead of a single port.
For example, to allow X11 connections, which use ports `6000`-`6007`, use these commands:
```
sudo ufw allow 6000:6007/tcp
sudo ufw allow 6000:6007/udp
```
When specifying port ranges with UFW, you must specify the protocol (`tcp` or `udp`) that the rules should apply to. We havent mentioned this before because not specifying the protocol automatically allows both protocols, which is OK in most cases.
### [Specific IP Addresses](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#specific-ip-addresses)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#specific-ip-addresses)
When working with UFW, you can also specify IP addresses. For example, if you want to allow connections from a specific IP address, such as a work or home IP address of `203.0.113.4`, you need to specify `from`, then the IP address:
```
sudo ufw allow from 203.0.113.4
```
You can also specify a specific port that the IP address is allowed to connect to by adding `to any port` followed by the port number. For example, If you want to allow `203.0.113.4` to connect to port `22` (SSH), use this command:
```
sudo ufw allow from 203.0.113.4 to any port 22
```
### [Subnets](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#subnets)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#subnets)
If you want to allow a subnet of IP addresses, you can do so using CIDR notation to specify a netmask. For example, if you want to allow all of the IP addresses ranging from `203.0.113.1` to `203.0.113.254` you could use this command:
```
sudo ufw allow from 203.0.113.0/24
```
Likewise, you may also specify the destination port that the subnet `203.0.113.0/24` is allowed to connect to. Again, well use port `22` (SSH) as an example:
```
sudo ufw allow from 203.0.113.0/24 to any port 22
```
### [Connections to a Specific Network Interface](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#connections-to-a-specific-network-interface)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#connections-to-a-specific-network-interface)
If you want to create a firewall rule that only applies to a specific network interface, you can do so by specifying “allow in on” followed by the name of the network interface.
You may want to look up your network interfaces before continuing. To do so, use this command:
```
ip addr
```
```
Output Excerpt2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
. . .
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
. . .
```
The highlighted output indicates the network interface names. They are typically named something like `eth0` or `enp3s2`.
So, if your server has a public network interface called `eth0`, you could allow HTTP traffic (port `80`) to it with this command:
```
sudo ufw allow in on eth0 to any port 80
```
Doing so would allow your server to receive HTTP requests from the public internet.
Or, if you want your MySQL database server (port `3306`) to listen for connections on the private network interface `eth1`, for example, you could use this command:
```
sudo ufw allow in on eth1 to any port 3306
```
This would allow other servers on your private network to connect to your MySQL database.
## [Step 6 — Denying Connections](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-6-denying-connections)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-6-denying-connections)
If you havent changed the default policy for incoming connections, UFW is configured to deny all incoming connections. Generally, this simplifies the process of creating a secure firewall policy by requiring you to create rules that explicitly allow specific ports and IP addresses through.
However, sometimes you will want to deny specific connections based on the source IP address or subnet, perhaps because you know that your server is being attacked from there. Also, if you want to change your default incoming policy to **allow** (which is not recommended), you would need to create **deny** rules for any services or IP addresses that you dont want to allow connections for.
To write **deny** rules, you can use the commands described above, replacing **allow** with **deny**.
For example, to deny HTTP connections, you could use this command:
```
sudo ufw deny http
```
Or if you want to deny all connections from `203.0.113.4` you could use this command:
```
sudo ufw deny from 203.0.113.4
```
Now lets take a look at how to delete rules.
## [Step 7 — Deleting Rules](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-7-deleting-rules)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-7-deleting-rules)
Knowing how to delete firewall rules is just as important as knowing how to create them. There are two different ways to specify which rules to delete: by rule number or by the actual rule (similar to how the rules were specified when they were created). Well start with the **delete by rule number** method because it is easier.
### [By Rule Number](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#by-rule-number)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#by-rule-number)
If youre using the rule number to delete firewall rules, the first thing youll want to do is get a list of your firewall rules. The UFW status command has an option to display numbers next to each rule, as demonstrated here:
```
sudo ufw status numbered
```
```
Numbered Output:Status: active
To Action From
-- ------ ----
[ 1] 22 ALLOW IN 15.15.15.0/24
[ 2] 80 ALLOW IN Anywhere
```
If we decide that we want to delete rule 2, the one that allows port 80 (HTTP) connections, we can specify it in a UFW delete command like this:
```
sudo ufw delete 2
```
This would show a confirmation prompt then delete rule 2, which allows HTTP connections. Note that if you have IPv6 enabled, you would want to delete the corresponding IPv6 rule as well.
### [By Actual Rule](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#by-actual-rule)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#by-actual-rule)
The alternative to rule numbers is to specify the actual rule to delete. For example, if you want to remove the `allow http` rule, you could write it like this:
```
sudo ufw delete allow http
```
You could also specify the rule by `allow 80`, instead of by service name:
```
sudo ufw delete allow 80
```
This method will delete both IPv4 and IPv6 rules, if they exist.
## [Step 8 — Checking UFW Status and Rules](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-8-checking-ufw-status-and-rules)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-8-checking-ufw-status-and-rules)
At any time, you can check the status of UFW with this command:
```
sudo ufw status verbose
```
If UFW is disabled, which it is by default, youll see something like this:
```
OutputStatus: inactive
```
If UFW is active, which it should be if you followed Step 3, the output will say that its active and it will list any rules that are set. For example, if the firewall is set to allow SSH (port `22`) connections from anywhere, the output might look something like this:
```
OutputStatus: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
```
Use the `status` command if you want to check how UFW has configured the firewall.
## [Step 9 — Disabling or Resetting UFW (optional)](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-9-disabling-or-resetting-ufw-optional)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#step-9-disabling-or-resetting-ufw-optional)
If you decide you dont want to use UFW, you can disable it with this command:
```
sudo ufw disable
```
Any rules that you created with UFW will no longer be active. You can always run `sudo ufw enable` if you need to activate it later.
If you already have UFW rules configured but you decide that you want to start over, you can use the reset command:
```
sudo ufw reset
```
This will disable UFW and delete any rules that were previously defined. Keep in mind that the default policies wont change to their original settings, if you modified them at any point. This should give you a fresh start with UFW.
## [Conclusion](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#conclusion)[](https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04#conclusion)
Your firewall is now configured to allow (at least) SSH connections. Be sure to allow any other incoming connections that your server needs, while limiting any unnecessary connections, so your server will be functional and secure.
To learn about more common UFW configurations, check out the [UFW Essentials: Common Firewall Rules and Commands](https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands) tutorial.