.vimrc file in user's home directory.vim .vimrc
syntax on
colorscheme desert
export PS1='$(whoami)@$(hostname):$(pwd)'
export PS1='$(whoami)@ $(pwd) @ '
export PS1="$(whoami)@ $(pwd) @ "
ps -e
ps -ef
ps -eF
ps -ely
ps -e -orss=,args= | sort -b -k1,1n | pr -TW$COLUMNS
ps -e -o pcpu,nice,state,cputime,args --sort -pcpu | head -10
sudo passwd
# Number of Processors
grep ^processor /proc/cpuinfo
# Processor and memory details
cat /proc/cpuinfo
free -m
# to see information about unused and used memory and swap space
free -h
# RAM installed on
sudo dmidecode -t 17
# number of processors
nproc
# details about the CPUs installed
lscpu
# OS details
cat /proc/version
cat /etc/os-release
cat /etc/debian_version
cat /etc/issue
uname -a
find / -name "start-thriftserver.sh*" -type f
find . -type f -name '*' -printf '%P\n'
# Recursively search for a string
grep -r "hive\.metastore\.warehouse\.dir" *
grep -r "engine" *
# Search for a String recursively
# Exclude the directories "proc" and "sys"
grep -rnw --exclude-dir={proc,sys} -e "ryandam_9" *
#-r or -R is recursive,
#-n is line number, and
#-w stands for match the whole word.
#-l (lower-case L) can be added to just give the file name of matching files.
#This will only search through those files which have .c or .h extensions:
grep --include=\*.{c,h} -rnw '/path/to/somewhere/' -e "pattern"
#This will exclude searching all the files ending with .o extension:
grep --exclude=*.o -rnw '/path/to/somewhere/' -e "pattern"
netstat -tulpn | grep LISTEN
# Another Utility to investgate Sockets.
ss -lptn | grep 4040
sed 's/\r$//' ratings.csv > ratings_fmt.csv
# This will delete all the '\r' even if not followed by '\n'
tr -d '\r' ratings.csv > ratings_fmt.csv
ryandam_9@my-spark-m:~/ml-20m$ head ratings.csv | od -c
0000000 u s e r I d , m o v i e I d , r
0000020 a t i n g , t i m e s t a m p \r
0000040 \n 1 , 2 , 3 . 5 , 1 1 1 2 4 8 6
0000060 0 2 7 \r \n 1 , 2 9 , 3 . 5 , 1 1
0000100 1 2 4 8 4 6 7 6 \r \n 1 , 3 2 , 3
0000120 . 5 , 1 1 1 2 4 8 4 8 1 9 \r \n 1
0000140 , 4 7 , 3 . 5 , 1 1 1 2 4 8 4 7
0000160 2 7 \r \n 1 , 5 0 , 3 . 5 , 1 1 1
0000200 2 4 8 4 5 8 0 \r \n 1 , 1 1 2 , 3
0000220 . 5 , 1 0 9 4 7 8 5 7 4 0 \r \n 1
0000240 , 1 5 1 , 4 . 0 , 1 0 9 4 7 8 5
0000260 7 3 4 \r \n 1 , 2 2 3 , 4 . 0 , 1
0000300 1 1 2 4 8 5 5 7 3 \r \n 1 , 2 5 3
0000320 , 4 . 0 , 1 1 1 2 4 8 4 9 4 0 \r
0000340 \n
ryandam_9@my-spark-m:~/ml-20m$ od -c ratings_fmt.csv | head
0000000 u s e r I d , m o v i e I d , r
0000020 a t i n g , t i m e s t a m p \n
0000040 1 , 2 , 3 . 5 , 1 1 1 2 4 8 6 0
0000060 2 7 \n 1 , 2 9 , 3 . 5 , 1 1 1 2
0000100 4 8 4 6 7 6 \n 1 , 3 2 , 3 . 5 ,
0000120 1 1 1 2 4 8 4 8 1 9 \n 1 , 4 7 ,
0000140 3 . 5 , 1 1 1 2 4 8 4 7 2 7 \n 1
0000160 , 5 0 , 3 . 5 , 1 1 1 2 4 8 4 5
0000200 8 0 \n 1 , 1 1 2 , 3 . 5 , 1 0 9
0000220 4 7 8 5 7 4 0 \n 1 , 1 5 1 , 4 .
tar xvzf 20180811082012_DEV1_DEV1_DEPLOY_hadoop-cluster-3_cm-logs_deibd.tar.gz
# If Putty is disconnected frequently, it might be due to ssh. Update `sshd_config` file, TCPKeepAlive flag to `yes`
/etc/ssh/sshd_config
TCPKeepAlive yes
# and then restart ssh service. The following commands are on CentOS.
service sshd restart
service sshd status
top
find -size 0 -type f
echo "apple" | tr [a-z] [A-Z]
ls -lrt | grep '^-' | awk '{print "mv "$9" "$9".new"}' | sh
echo 'This is a line' | rev | cut -f1 -d' ' | rev
echo 'This is a line' | rev
echo 'This is a line' | cut -f3 -d' '
# Ignore first line.
tail -n +2 movies.csv > new_movies.csv
# To see last 10 lines
tail -n 10 movies.csv
if [ -d "$DIRECTORY" ]; then
# Control will enter here if $DIRECTORY exists.
fi
# To check if a directory doesn't exist:
if [ ! -d "$DIRECTORY" ]; then
# Control will enter here if $DIRECTORY doesn't exist.
fi
ext4 file system, it may be possible to identify a file creation time.ls -l
ls -lu
ls -lc
stat can also be used to show these times./var/log directory.A ; B
A and then B, regardless of success of AA && B
B if A succeededA || B
B If A failedA &
A in background# Ensure that JDK is installed on the system.
# Downnload Maven
cd /usr/local
wget http://www-eu.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz
# Extract it.
sudo tar xzf apache-maven-3.5.4-bin.tar.gz
sudo ln -s apache-maven-3.5.4 maven
# Create a file maven.sh and add the environment variables
sudo vi /etc/profile.d/maven.sh
export M2_HOME=/usr/local/maven
export PATH=${M2_HOME}/bin:${PATH}
# Load the environment variables.
source /etc/profile.d/maven.sh
mvn -version
unzip file.zip
sudo apt-get install openjdk-8-jdk
# JDK is installed in /usr/bin/
export JAVA_HOME="/usr/"
yum install java-1.8.0-openjdk-devel
# JDK is installed in /usr/bin/
export JAVA_HOME="/usr/"
which javac
which java
javac -version
java -version
Ctrl + A Go to the beginning of the line you are currently typing on
Ctrl + E Go to the end of the line you are currently typing on
Ctrl + L Clears the Screen, similar to the clear command
Ctrl + U Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + H Same as backspace
Ctrl + R Let's you search through previously used commands
Ctrl + C Kill whatever you are running
Ctrl + D Exit the current shell
Ctrl + Z Puts whatever you are running into a suspended background process. fg restores it.
Ctrl + W Delete the word before the cursor
Ctrl + K Clear the line after the cursor
Ctrl + T Swap the last two characters before the cursor
Esc + T Swap the last two words before the cursor
Alt + F Move cursor forward one word on the current line
Alt + B Move cursor backward one word on the current line
Tab Auto-complete files and folder names
du -hs
du -h --max-depth=1 | sort -hr
sudo yum -y install mysql-server
sudo service mysqld start
# Reset root's password.
sudo mysql_secure_installation
sudo mysql -u root -proot
SHOW processlist;
SELECT User, Host, Password FROM mysql.user;
-- Create User 'sqoop' and create a database and some tables.
# Test connectivity to MySQL from remote machine.
# Change the password to Database server's internal IP.
mysql -u sqoop -h 10.160.0.8 -p
tar xvfz abc.tar.gz
netstat -ano | findstr :8080
taskkill /PID 18248 /F
sudo kill $(sudo lsof -t -i:4040)
# To Change hostname, update this file to something like this:
/etc/sysconfig/network
HOSTNAME=kafka.hadoop.com
/etc/hosts
10.160.0.5 centos-kafka.c.neural-foundry-207310.internal centos-kafka # Added by Google
# Check whether Firewall Daemon is running or not
systemctl status firewalld
# To Disable and stop firewall daemon
systemctl disable firewalld
systemctl stop firewalld
sudo privileges on Debianadduser presto
# A User added to "sudo" group will have Root privileges.
usermod -aG sudo presto
id presto
su - presto
# If the output is "root", the user has Root user privileges.
sudo whoami
su - presto
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
httpd on Amazon Linuxsudo yum -y install httpd
# Verify httpd
yum info httpd
# All the Configuration is located @ /etc/httpd/conf, /etc/httpd/conf.d
# Data for the web server is located @ /var/www
# Config file @ /etc/httpd/conf/httpd.conf
# Update the "listen" parameter to add public IP of the host
# in the Config file /etc/httpd/conf/httpd.conf
cd /var/www/html/
sudo echo "<html><h1>Hello from Amazon EFS</h1></html>" > index.html
# Check the listeners and ports
netstat -tulpn | grep LISTEN
sudo systemctl start httpd
Python 3 is already comes with Ubuntu.
# Update all packages
apt-get update
sudo apt update
sudo apt -y upgrade
sudo apt install python3-pip
pip3 install boto3
# Python is already installed on Amazon Linux machines.
# Verify to prove it
python --version
# Update the packages
sudo yum -y update
# Get pip and install it.
curl -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py --user
pip --version
# Install Boto3
pip install boto3
# Install git
sudo yum install git -y
git --version
Here, I am going to change my host name to READONLY
/etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 READONLY
::1 localhost6 localhost6.localdomain6
/etc/hostnameREADONLY
sudo reboot
echo $HOSTNAME
These commands route the traffic from Port 80 to Port 8080. I have not yet executed and test them !
# Redirect traffic on Port 80 to Port 8080
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
An EBS volume created during an EC2 Instance creation does not have any filesystem, nor is it mounted to the EC2. Following commands are:
The commands need to be executed on the EC2 instance.
# List Block Devices
lsblk
# Check if a Device has file system
# output of "data" means no file system is available.
sudo file -s /dev/xvdb
# Create a file system of type "ext4"
sudo mkfs -t ext4 /dev/xvdb
# Verify - this time "ext4" should be displayed.
sudo file -s /dev/xvdb
# Create a mount point
sudo mkdir /data
sudo mount /dev/xvdb /data
# To ensure that the volume is attached during reboot
sudo cp /etc/fstab /etc/fstab.backup
# Find Device ID (Take the value of UUID in the result)
sudo file -s /dev/xvdb
# Edit /etc/fstab file.
# Add the following entry
UUID=xxx /data ext4 defaults,nofail 0 2
# mount all filesystems mentioned in fstab
sudo mount -a
# Update packages
sudo yum -y update
# Install Python3.6
sudo yum -y install python36
python3 --version
# Download Pip
curl -O https://bootstrap.pypa.io/get-pip.py
# Install pip
python3 get-pip.py --user
# Upgrade pip
sudo pip install --upgrade pip
# Update bash profile
vim .bash_profile
export PATH=/local/bin:$PATH
source ~/.bash_profile
mkdir project
cd project
venv. It creates a directory venvλ virtualenv venv -p python3
Using base prefix 'c:\\users\\ravis\\anaconda3'
No LICENSE.txt / LICENSE found in source
New python executable in C:\Users\ravis\Desktop\project\venv\Scripts\python.exe
Installing setuptools, pip, wheel...
done.
λ venv\Scripts\activate.bat
requests(venv) λ pip install requests
Collecting requests
Using cached requests-2.23.0-py2.py3-none-any.whl (58 kB)
Collecting chardet<4,>=3.0.2
Using cached chardet-3.0.4-py2.py3-none-any.whl (133 kB)
Collecting certifi>=2017.4.17
Using cached certifi-2020.4.5.1-py2.py3-none-any.whl (157 kB)
Collecting idna<3,>=2.5
Using cached idna-2.9-py2.py3-none-any.whl (58 kB)
Collecting urllib3!=1.25.0,!=1.25.1,<1.26,>=1.21.1
Using cached urllib3-1.25.9-py2.py3-none-any.whl (126 kB)
Installing collected packages: chardet, certifi, idna, urllib3, requests
Successfully installed certifi-2020.4.5.1 chardet-3.0.4 idna-2.9 requests-2.23.0 urllib3-1.25.9
ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rk/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rk/.ssh/id_rsa
Your public key has been saved in /home/rk/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:PKxHVYqddOtm5h9SajqqEhAze5/w9cKseu9ZSmGq9nA rk@blue
The key's randomart image is:
+---[RSA 2048]----+
| . o |
| + + = . |
| = . = . |
| o o o.. . |
| o + =S. = . |
| . +=+o.= o |
| ..E.o.. = . |
| o+oo +.o o . |
| .o=o+*... . |
+----[SHA256]-----+
ssh-copy-id user@remove-server
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 4 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rk@192.168.0.2's password:
Number of key(s) added: 4
Now try logging into the machine, with: "ssh 'rk@192.168.0.2'"
and check to make sure that only the key(s) you wanted were added.
~/.ssh/id_rsa.pub from the local machine to the remote server and places in the ~/.ssh/authorized_hosts file in the user's home directory.We can now log in to the remote host without entering a password.
# Install jsonlint
sudo apt install jsonlint
# Validate
jsonlint-php <json filename>
dpkg -L jsonlint
/.
/usr
/usr/bin
/usr/bin/jsonlint-php
/usr/share
/usr/share/doc
/usr/share/doc/jsonlint
/usr/share/doc/jsonlint/README.md
/usr/share/doc/jsonlint/changelog.Debian.gz
/usr/share/doc/jsonlint/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/jsonlint-php.1.gz
/usr/share/php
/usr/share/php/Seld
/usr/share/php/Seld/JsonLint
/usr/share/php/Seld/JsonLint/DuplicateKeyException.php
/usr/share/php/Seld/JsonLint/JsonParser.php
/usr/share/php/Seld/JsonLint/Lexer.php
/usr/share/php/Seld/JsonLint/ParsingException.php
/usr/share/php/Seld/JsonLint/Undefined.php
/usr/share/php/Seld/JsonLint/autoload.php
╭─
╰─○ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 126
model name : Intel(R) Core(TM) i7-1065G7 CPU @ 1.30GHz
stepping : 5
cpu MHz : 1497.601
cache size : 8192 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 22
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq monitor ssse3 cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single ibrs_enhanced fsgsbase avx2 invpcid rdseed clflushopt md_clear flush_l1d arch_capabilities
bugs : spectre_v1 spectre_v2 spec_store_bypass swapgs itlb_multihit
bogomips : 2995.20
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:
╭─
╰─○ cat /proc/meminfo
MemTotal: 8153056 kB
MemFree: 5327496 kB
MemAvailable: 6474776 kB
Buffers: 69600 kB
Cached: 1403416 kB
SwapCached: 0 kB
Active: 1597908 kB
Inactive: 987428 kB
╭─
╰─○ cat /proc/2596/status
Name: chrome
Umask: 0002
State: S (sleeping)
Tgid: 2596
Ngid: 0
Pid: 2596
PPid: 1738
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
FDSize: 256
Groups: 4 24 27 30 46 120 131 132 1000
watch runs command repeatedly, displaying its output and errors (the first screenful). This allows you to watch the program output change over time. By default, command is run every 2 seconds and watch will run until interrupted.
╭─
╰─○ watch 'cat /proc/2596/status | grep voluntary'
Use this command to execute a command on the remote machine. If the command requires a file as input, provide the file using < without first copying the local file to remote via scp or other means.
ssh user@socket command < /path/to/file/on/local/machine
| Protocol | Port | |
|---|---|---|
http |
80 |
|
https |
443 |
|
ftp |
21 |
|
ssh |
22 |
|
telnet |
23 |
|
SMTP |
25 |
|
DNS |
53 |
UDP Protocol |
setgid bit on a directorysetgid bit is set on a directory, any file created in the directory will have the Directory's group permissions rather the file owner's group permissions.# The directory temp is created
drwxrwxr-x 2 ec2-user ec2-user 6 Oct 30 09:17 temp
# this command sets the setgid bit
chmod g+s temp
# The group's execute permission is now 's'
drwxrwsr-x 2 ec2-user ec2-user 6 Oct 30 09:17 temp
Now, if root creates a file in this folder, the owner of the file is root, but its group is ec2-user (Group of the directory)
-rw-r--r-- 1 root ec2-user 0 Oct 30 09:19 test.txt
If the setgid flag is not set, then if root creates a file, then, its group would be root.
-rw-r--r-- 1 root root 0 Oct 30 09:20 new-test.txt
setuid bit on a directoryI tried to set setuid on a directory.
chmod u+s temp
drwsrwxr-x 2 ec2-user ec2-user 42 Oct 30 09:20 temp
I expected that, now any new file created in the directory will have ec2-user as the owner. However, It seems this bit is ignored on a directory.
setuid bit on an executable➜ ls -l $(which passwd)
-rwsr-xr-x 1 root root 27776 Feb 13 2020 /bin/passwd
The passwd executable's user, group, and others have x access. That means, anyone can execute this.
Since its setuid bit is set, if always runs as if root executed it.
The passwd command can be used by any user to set/change his password. When the passwd command is run, it internally updates the system file /etc/passwd on which only the root user has the 'write' permission. By making the passwd executable SUID enabled, any user can change his password effectively updating /etc/passwd file.
-rw-r--r-- 1 root root 1312 Oct 28 08:43 /etc/passwd
A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user.
# Setting sticky bit on a directory
➜ chmod +t temp
➜ ls -l
drwxr-xrwt 2 root root 51 Oct 29 07:55 temp
The t on the other permission shows that, sticky bit is set on the directory.
sudo works?sudo is a so called "SetUID binary", as you can see in the output of ls -l:
$ ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 159016 Mar 21 20:40 /usr/bin/sudo
The s in the fourth column (where you'd normally find an x on executable files) tells you that the SetUID bit is set. This bit has one significant meaning: When a binary with the SetUID bit set is executed, it does not run with the user ID of the invoking user, but the user ID of the binary's owner (in this case root).
And that's the clue. sudo is always run with superuser privileges (as root). Thus sudo has the ability to do some privileged tasks like calling system functions only allowed for root. One of those system calls (the essential one) are setuid(2) and friends. By calling setuid() a process can change its UID to any UID it wants (thus impersonating another user).
What sudo does is:
/etc/sudoers, look up the invoking user and its permissions,NOPASSWD)setuid() to change to the target user/etc/sudoers can be used to give users elevated privileges.## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
If a user is part of the wheel group, he gets sudo privilege.
➜ id
uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)
Since ec2-user is part of the wheel group, he can execute all commands as root.
To control access to specific commands:
## Allows members of the users group to shutdown this system
%users localhost=/sbin/shutdown -h now
➜ ls -li
468361 -rw-r--r-- 1 root root 0 Oct 30 09:58 another-test.txt
468360 -rw-r--r-- 1 root root 0 Oct 30 09:20 new-test.txt
468357 -rw-r--r-- 1 root ec2-user 0 Oct 30 09:19 test.txt
468362 -rw-r--r-- 1 root ec2-user 0 Oct 30 10:03 x.txt
➜ stat x.txt
File: ‘x.txt’
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: ca01h/51713d Inode: 468362 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 1000/ec2-user)
Access: 2021-10-30 10:03:53.960085764 +0000
Modify: 2021-10-30 10:03:53.960085764 +0000
Change: 2021-10-30 10:03:53.960085764 +0000
Birth: -
stat shows metadata of a file including its inode number.➜ df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 2008308 0 2008308 0% /dev
tmpfs 2018384 0 2018384 0% /dev/shm
tmpfs 2018384 408 2017976 1% /run
tmpfs 2018384 0 2018384 0% /sys/fs/cgroup
/dev/xvda1 20959212 1744960 19214252 9% /
tmpfs 403680 0 403680 0% /run/user/1000
# list inode information instead of block usage
➜ df -i /dev/xvda1
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/xvda1 10484672 52232 10432440 1% /
➜ df -B 512 /dev/xvda1
Filesystem 512B-blocks Used Available Use% Mounted on
/dev/xvda1 41918424 3490368 38428056 9% /
➜ stat -f /dev/xvda1
File: "/dev/xvda1"
ID: 0 Namelen: 255 Type: tmpfs
Block size: 4096 Fundamental block size: 4096
Blocks: Total: 502077 Free: 502077 Available: 502077
Inodes: Total: 502077 Free: 501788
r - List the contents of the directory
w - Create / Delete the contentsx - To cd into the directoryw access on the directory, I cannot delete the file.i node structure of the directory. So to perform these actions, I need to have w access on the directory.rwx access on the directory and the file.# Sticky bit is set on the directory
# "Other" user can read/write/execute
drwxr-xrwt 2 ec2-user ec2-user 6 Oct 31 10:03 temp
# There is a file "test.txt" inside temp
# The "Other" user have rwx
-rw-rw-rwx 1 ec2-user ec2-user 0 Oct 31 10:04 test.txt
When a different user ryandam tries to delete the file, but he cannot - because of the sticky bit.
[ryandam@ip-172-31-17-59 temp]$ cd /home/ec2-user/temp
[ryandam@ip-172-31-17-59 temp]$ rm test.txt
rm: cannot remove ‘test.txt’: Operation not permitted
rwx for the other user), the other user can delete the file even if there is no permission on the file.rwx on the directory, but, don't have any permissions on the file. Can I rename it?I have the following directory in /root.
drwxr-xrwx 2 root root 23 Oct 31 07:46 temp
Other user have full permissions (rwx) on it.There is a file in it.
-rw-r----- 1 root root 0 Oct 31 07:45 test1.txt
other user there is no permission.other user cannot read/write to the file.id
uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)
ec2-user is the other user as he not part root group.# ec2-user is renaming the file.
# It is successful.
mv /root/temp/test1.txt /root/temp/test.txxt
cat /root/temp/test.txxt
cat: /root/temp/test.txxt: Permission denied
useradd ryandam
cd /home/ryandam
mkdir .ssh
chown ryandam .ssh
chgrp ryandam .ssh
chmod 0700 .ssh
cd ~/ryandam/.ssh
touch authorized_keys
chmod 0600 authorized_keys
chown ryandam authorized_keys
chgrp ryandam authorized_keys
# Generate a pair of keys
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/rk/.ssh/id_rsa): id_rsa_ryandam
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_ryandam
Your public key has been saved in id_rsa_ryandam.pub
The key fingerprint is:
SHA256:Yj1ESvDa15QS0ANcKBzEM9juby+/c5c/dqTBRrnN42Q rk@RKs-Mac-mini.local
The key's randomart image is:
+---[RSA 3072]----+
| *+++*+ |
| . Boooo. . |
| . +o o.o . |
| .o o + o |
| .. + S . o + |
| .. o . =E+|
| . o++.|
| + . . o +..|
| . +++ . o.o |
+----[SHA256]-----+
Copy the Private & public key to .ssh folder.
The key names are id_rsa_ryandam and id_rsa_ryandam.pub
Copy the contents of the public key and paste in /home/ryandam/.ssh/authorized_keys file.
The Private key has -----BEGIN OPENSSH PRIVATE KEY----- in its header. But, we need pem format (Privacy Enhanced Mail). To do that, execute the below command:
# This command converts a openssh key format to pem format.
# It updates the key "in place"
# To avoid any issues, better take a back of the key first.
cd ~/.ssh
ssh-keygen -p -N "" -m pem -f id_rsa_ryandam
# Connect to the remote server
ssh -i ~/.ssh/id_rsa_ryandam ryandam@3.144.202.190
# Adds fred to the group accounting
usermod -a -G accounting fred
# Changes fred's primary group to accounting
usermod -g accounting fred
░▒▓ ~ ▓▒░ ssh ryandam@192.168.0.2 ░▒▓ ✔ 08:00:12 pm ▓▒░
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:ck65UT5Gqi7Q35JrW81kUbfe75as0TWccHxzjx+HQGA.
Please contact your system administrator.
Add correct host key in /Users/rk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/rk/.ssh/known_hosts:9
Host key for 192.168.0.2 has changed and you have requested strict checking.
Host key verification failed.
░▒▓ ~ ▓▒░ ssh-keygen -R 192.168.0.2
# Host 192.168.0.2 found: line 7
# Host 192.168.0.2 found: line 8
# Host 192.168.0.2 found: line 9
/Users/rk/.ssh/known_hosts updated.
Original contents retained as /Users/rk/.ssh/known_hosts.old
sudo apt-get update
sudo apt-get install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo useradd rk
sudo passwd rk
sudo mkdir /home/rk
sudo usermod --shell /bin/bash --home /home/rk rk
sudo chown -R rk:rk /home/rk
sudo cp /etc/skel/.* /home/rk
# Add the user to docker group
sudo usermod -aG docker rk