Debian Server for a newbie
Somehow I was worried about having my own FTP server. Especially under this case "in the trash" was given a computer that way a decade ago. Since I am a person though Windows, but I started with pure DOS (who remembers about Comrade Figurnov’s books?), I decided to do everything on Linux. In Linux, I was zero full. Also complicated the task - only the console, no lawsuits (as well - this is Linux). Distribution was chosen by Debian. It so happened that the need for a 2TB personal vault disappeared a year later and the computer was given in good hands, and the hard drive was attached to the right place. But a good experience of a 100% newcomer was gained. What stupid mistakes I made at first! And Habr read, by the way, while I dealt with problems. Therefore, I dedicate this debut (first) article on Habré to those who want to do Linux from scratch and this article is designed for smooth input "into the topic", being, in fact, filtering and systematizing everything I found on the Internet. Earlier I already published this material, but, I think, on Habré it will be useful too.
What and how we want to get as a result:
- console installation of OS from the USB stick;
- console management skills;
- create your own repository;
- providing remote access via FTP / SFTP;
- providing remote control via SSH protocol;
- remote inclusion of the server behind the router;
- creating conditions for the web server (ideally, a bunch of nginx + apache).
In the internet a lot of step by step instructions. Sometimes there are annoying bugs, and if there is still a linuksoid and snotty yet, then you can spend a couple of hours just to understand that you don’t need an extra stick or a dot - everything is important in Linux! The following is done for the practical purposes of the tasks set — it is not necessary to take everything as a serious instruction for creating a serious server. Especially in the process of “restoring experience” there can be mistakes in me too ...
')
So, there is an empty computer with connected peripherals. First you need to install the OS itself. There are also images of all the Debian 6.0.0 stable disks. I have long refused laser carriers, i.e. To install, you need to make a bootable USB flash drive. The flash drive was found on 2Gb. After searching, it turned out that it is possible to make, but from the Linux environment itself. I had to install debian from the image of the first disk to a virtual machine (we connect the image to the virtual machine as a virtual CD-ROM and the installation is done “honestly” as if from a laser disk). Set "wholesale" - i.e. and the GUI too (in version 6 there was only GNOME). However, after everything is done, load the deabian, connect the USB flash drive to the virtual machine and open the console.
Execute the command:
# dmesg
We see something like this:
This means that the flash drive is defined in the system.
Download the boot.img.gz file (debian.org) for the required architecture (in my case i386) and copy it to some directory. Next, execute the command from this directory:
# zcat boot.img.gz> / dev / sdc
Now you need to pull out and plug back the USB flash drive so that the new structure / partition table is recognized. This will update the partition table stored by udev. For verification, execute the following commands:
# mkdir / mnt
# mount / dev / sdc / mnt /
# ls / mnt
and see installation files such as syslinux.cfg, setup.exe, and so on. So everything is fine - the flash drive was mounted.
Next, download the ISO image of netinstall (debian.org) with a size of 150-180MB for the corresponding architecture (in my case i386). Netinstall installs the base system, no network needed. Copy this image to some directory and from this directory execute and unmount the USB flash drive:
# cp debian-6.0.1a-i386-netinst / mnt
# umount / dev / sdc
Phew Now with you there is always a flash drive for installation.
If you need to enable such an installer on a flash drive with other OS, then you can contact the grub bootloader. I already have a bootable flash drive with grub4dos. Create a debian folder in the root of the flash drive and drop it there: debian-6.0.1a-i386-netinst.iso, initrd.gz, initrdg.gz, linux - the last 3 files can be pulled from the first Debian 6.0.0 stable installation disk or downloaded (debian .org). And in the menu grub'a (menu.lst) you need to add the following:
Now we stick the flash drive into our improvised server, select the boot from the flash drive through the BIOS and install Debian on a regular basis. When installing anything special, I did not find: select the installation with the graphical interface and then the interactive mode. You can mark up the file system automatically - for the first time come down. After installation and reboot, as well as logging in, we will be happy to see a black screen with a command line prompt - the basic installation is complete!
Next, you need to set up access and control over the SSH protocol. Also, in order not to bathe with the console, you would need to install mc (Midnight Commander) - an analogue of nc (Norton Commander) in DOS or tc (TotalCommander) in Windows. But to install, you need to copy the package from the network and install it. There is no network. At the same time, almost all of the necessary software is available on Debian 6.0.0 stable disks (disks, it seems, 6). But I refused to work with disks. You can set up a network and use the official network repository - there is no easier way. However, this decision is not for us - we need broad autonomy at the first stage. Yes, and since when we go the easy way - acquaintance is still more research in nature. So you need to make your local repository.
1) preparation ...
We'll have to go back to the virtual machine again. We log in to the console as root (on the server, we will configure sudo in the future, so as not to shine for every nonsense). Create directories:
# mkdir debian / pool
# mkdir debian / pool / contrib
# mkdir debian / pool / main
In these directories we copy the contents of the same directories from all disks. It will turn out one daddy with a volume of 30GB. After the contents of all disks are copied, create directories to store information about packages in the repository:
# cd / debian
# mkdir -p debian / dists / stable / contrib / binary-i386
# mkdir -p debian / dists / stable / main / binary-i386
Further, all commands are executed based on the current debian directory - we are not going beyond its borders! We collect lists of packages:
# apt-ftparchive packages pool / main /> dists / stable / main / binary-i386 / Packages
# apt-ftparchive packages pool / contrib /> dists / stable / contrib / binary-i386 / Packages
Compress the lists:
# gzip -c dists / stable / contrib / binary-i386 / Packages> dists / stable / contrib / binary-i386 / Packages.gz
# gzip -c dists / stable / main / binary-i386 / Packages> dists / stable / main / binary-i386 / Packages.gz
Create Release files:
# apt-ftparchive release pool / contrib /> dists / stable / contrib / binary-i386 / Release
# apt-ftparchive release pool / main /> dists / stable / main / binary-i386 / Release
# cd / debian / pool / dists / stable
# apt-ftparchive release. > Release
Now the / debian folder can be copied to the hard disk and, if desired, connect and organize local repositories on other systems. What we are doing - copy the folder to removable USB-hard.
2) connect ... go to the server as root
We connect USB-hard to the server. Next, we understand how to determine the hard:
# dmesg
We mount it and merge everything that we have done before:
# mount / dev / sda1 / mnt /
# mkdir / dpool
# cp -r / mnt / * / dpool
Edit the file /etc/apt/sources.list - comment all repositories and write ours:
deb file: / debian / stable contrib main
Here we must make a brief digression. How to fix file if one console? There is a vi editor for this:
# cd / etc / apt
# sudo vi sources.list
Next, do what you need: move the cursor to the desired position and click "i". This is the input mode. Do what you need. Done and press ESC to return to command mode. Next - all new. After everything is completed, press the sequence “ESC: w! Enter ”is a return command with saving changes. Fearfully? After installing mc, life will be easier ...
Making an update:
# apt-get update
# apt-cache gencaches
Our local storage is done!
Now we’ve finally gotten close to SSH.
1) not all the same life as root to work ...
But first, make life easier for yourself - let's set up sudo. Sudo is a system that allows you to delegate certain privileged resources to users with a protocol of work. Simply put, user will be able to perform actions that were originally intended to be performed only as root.
Go to the server as root and open the file / etc / sudoers. Use again the vi editor:
# cd / etc
# vi sudoers
Looking for the string:
root ALL = (ALL) ALL
And under it we add:
user ALL = (ALL) ALL
We leave with the preservation. Done! Now you can log in as a user, but when performing critical commands, just add “sudo” before the command. For the first time, the system will request the current password for identification. Logout and log in as user. The root password can now be written down on a piece of paper - we will use it very rarely, you can also forget it)
2) tortured the console and vi ...
Put the package:
# sudo apt-get install mc
After installation, enter the command
# mc
Now you can rejoice and forget about the commands mkdir, cp, ls, cd, as well as console control in vi. Edit files can now be on F4. Nostalgia for the 2000s - then on the 386th I only used north and ...
3) finally SSH ...
Put the package:
# sudo apt-get install ssh
After a successful installation, you need to add a line to the end of the / etc / ssh / sshd_config file to restrict access:
AllowUsers root user
We carry out:
# sudo mc
Next, go to the specified path and edit the file. After editing, problems with saving will not be - mc is running as root. After editing, you need to update the ssh service - exit to the console and restart the service:
# sudo /etc/init.d/ssh restart
1) network ...
For the final touch, you only need to configure the network before moving to remote control. My situation is simple: the computer is connected to the router with a wire. Since DHCP is enabled on the router, the Internet will be received from it automatically.
Network interface settings are stored in the file: / etc / network / interfaces
Here is an example of the working contents of the file:
Run mc via sudo and edit this file according to the network settings that are valid for your network.
Setting the server name and hosts are: / etc / hostname, / etc / hosts
If our server is called “debian”, then we check:
In the hostname is only:
debian
And in the first line of the host:
127.0.0.1 localhost debian
10.0.0.10 debian.localhost debian
After all this we extinguish the computer:
# sudo poweroff
2) remote control ...
We disconnect all cables, pull our server to the farthest corner and connect it to the outlet and to the network. In this case, you need to take care in advance that during the BIOS boot phase, you would not wait for the button called “any” to be pressed after it was surprised to find that the keyboard and mouse are not detected. Press the power button and go back to the working computer. I have a Windows on this computer. How now to connect to the server?
There is such a program putty. You can get it on the Internet. After its launch, in the “Session” tab, we register the IP address of our server, leaving 22 as the port (this is the standard port for the Shell). We check that the UTF-8 is set in the “Translation” tab in order to prevent the cracks from displaying the Cyrillic alphabet. We return to “Session” and open the channel: “Open”. After connecting, we will be asked to confirm the creation of connection keys with us - we confirm. Enter username: user. Next, enter the password - the password is not displayed when you enter this is normal. After the connection, we see the server prompt and the native console, but not on the entire monitor, but in a small window, which can also be adjusted with the mouse. This means “Hooray, comrades!”.
In principle, WinSCP can be used to access the file system. This will give the opportunity to copy files between machines. But it will not be very correct, because after SSH authorization, access to the entire system will be opened. Ideally, I would just like to make one network folder on the server and open access to it. And there is a solution for this.
Put the package:
# sudo apt-get install samba
Now edit the file /etc/samba/smb.conf. Here is an example of working content:
As a comment you can see the following:
- it is necessary to indicate the working group in which the screw machines work;
- the security parameter must be set to share;
- in the “user” section, you need to specify the real path and allow guest access - we add this section to the file itself.
After all this business we create the specified directories:
# mkdir / ftp
# mkdir / ftp / pub
And we understand the rights to these folders:
# sudo chmod 0755 / ftp
# sudo chmod 0777 / ftp / pub
# sudo chown -R root / ftp
In this case, access will be made to the ftp folder, but nothing will be changed in it. But in the pub folder - do anything. Naturally, you can simplify everything by throwing out the daddy pub and correcting the rights for ftp ...
And finally, we restart the service so that all the settings work:
# sudo /etc/init.d/samba restart
Now it's time to release our baby in the network)))
For a start, it would be nice to make network file access and management from anywhere on the network. But what do we have in topology?
We must have Internet access with a static real IP address. Those. access from outside must be done directly, and not through the switching of the provider's networks. For example, users of the Ramnet network are all sitting behind a large NAT, since go online through multiple pools. This means that the IP issued during registration does not even coincide with the IP that is “imprinted”, for example, when visiting sites. Real IP is uniquely the IP that is registered in the network settings of the network card driver. To find out the real IP or not, you can use some network service on the Internet that shows your IP address. Suppose we have a real IP.
Further, if the network wire is directly connected to the server, then there are no special problems - the server is already on the network. And if there is some kind of routing device (router, or intermediate splitter-switch based on the same Linux)? In this case, we are already behind our NAT, which needs to be configured a little: forward ports. There is a port for each network service on the machine: SSH - 22, FTP - 21. That is, the router needs to be configured so that when accessing the port via our real IP it will be accessed to the server on this port. If our server has an address of 10.0.0.10, and the provider has issued a real IP of 172.122.34.89, then in the router it is necessary to perform port forwarding (Port Forwarding) 21 and 22 from outside (172.122.34.89) to the server (10.0.0.10). It is easy to configure a couple of lines in the admin panel of the router, or the marshurtization table of the intermediate Linux switch is correct. Let's say it all done too.
In this case, to get through SSH via putty, you just need to specify the real IP address, port 22 (see above, where a small configuration of the putty client is described). We log in and access the server console.
And file access? It's a little more complicated here. You can use WinSCP, but as already mentioned, this is not our method. Samba works only in LAN. Have to set up FTP access ...
For FTP we use the proftpd service. Put the package:
# sudo apt-get install proftpd
The configuration file is here: /etc/proftpd/proftpd.conf. Here is an example of a work file:
This case is inserted into proftpd.conf and accessed via port 2220. But at the same time mod_sftp must be installed along with proftpd. In the regular repoft, proftpd is built without mod_sftp. He will have to "dobosirah" independently. I “patched up” according to some English instructions — I no longer remember. The process is no less creative than building your own repository, but the result is still not pleased, so I will not describe all this.
So we set up FTP. Now I would like to be able to turn on the server when necessary. For example, you need to take something from a network folder.
There is one subtlety. Only power and network are connected to our server. But network cards have long learned to “wake up” a computer: you just need to turn on such support in the computer's BIOS and send the “magic packet” to it. We read in wikipedia:
Magic packet is a special byte sequence that can be inserted into UDP or IPX packets for normal transmission over local networks. Typically, for WOL, packets of top-level protocols are broadcast out, since in the case of dynamic assignment of addresses, it is not known which, say, IP address corresponds to which MAC address. However, to correctly pass through a router that bans broadcasting packets, you can send a packet to a specific address.
Composition magic packet
First comes the so-called “synchronization chain”: 6 bytes, equal to 0xFF. Then - the MAC address of the network card repeated 16 times. That is, if the address of the board looked like 01: 02: 03: 04: 05: 06, then the magic packet would be:
There are a lot of programs, half of which work, and the other not, which form and send such packets to the specified IP. But this is true only in the local network. But after all, we have a real IP - then you can simply try to send a packet to it, and configure the router to relay this packet to the server. Packets for "wake-up" are usually sent on ports 7 or 9. We push them through the router to the server IP. Next, the easiest way to use the network resource is wakeonlan.ru: we hammer in our real IP address and MAC address of the server's network card. Click the button "Turn on the computer!". After a couple of dispatches, the system may well write about the inclusion failure — the server is still behind NAT, and it is more reasonable to turn off the response to router ping in the router settings. , IP MAC. — 14 ?) ( GPRS ).
. , . , , . «» . . DD-WRT ( ). . ) , ( - ). - , -… — ARP . . , :
, «» MAC- ( ) «» IP ( — ARP) .
— . - — .
What and how we want to get as a result:
- console installation of OS from the USB stick;
- console management skills;
- create your own repository;
- providing remote access via FTP / SFTP;
- providing remote control via SSH protocol;
- remote inclusion of the server behind the router;
- creating conditions for the web server (ideally, a bunch of nginx + apache).
In the internet a lot of step by step instructions. Sometimes there are annoying bugs, and if there is still a linuksoid and snotty yet, then you can spend a couple of hours just to understand that you don’t need an extra stick or a dot - everything is important in Linux! The following is done for the practical purposes of the tasks set — it is not necessary to take everything as a serious instruction for creating a serious server. Especially in the process of “restoring experience” there can be mistakes in me too ...
- Once
')
So, there is an empty computer with connected peripherals. First you need to install the OS itself. There are also images of all the Debian 6.0.0 stable disks. I have long refused laser carriers, i.e. To install, you need to make a bootable USB flash drive. The flash drive was found on 2Gb. After searching, it turned out that it is possible to make, but from the Linux environment itself. I had to install debian from the image of the first disk to a virtual machine (we connect the image to the virtual machine as a virtual CD-ROM and the installation is done “honestly” as if from a laser disk). Set "wholesale" - i.e. and the GUI too (in version 6 there was only GNOME). However, after everything is done, load the deabian, connect the USB flash drive to the virtual machine and open the console.
Execute the command:
# dmesg
We see something like this:
[373982.581725] sd 8:0:0:0: [sdc] 4001760 512-byte hardware sectors (2049 MB) [373982.582718] sd 8:0:0:0: [sdc] Write Protect is off [373982.582718] sd 8:0:0:0: [sdc] Mode Sense: 03 00 00 00 [373982.582718] sd 8:0:0:0: [sdc] Assuming drive cache: write through [373982.584152] sd 8:0:0:0: [sdc] 4001760 512-byte hardware sectors (2049 MB) [373982.585718] sd 8:0:0:0: [sdc] Write Protect is off [373982.585718] sd 8:0:0:0: [sdc] Mode Sense: 03 00 00 00 [373982.585718] sd 8:0:0:0: [sdc] Assuming drive cache: write through [373982.585718] sdc: [373982.589280] sd 8:0:0:0: [sdc] Attached SCSI disk This means that the flash drive is defined in the system.
Download the boot.img.gz file (debian.org) for the required architecture (in my case i386) and copy it to some directory. Next, execute the command from this directory:
# zcat boot.img.gz> / dev / sdc
Now you need to pull out and plug back the USB flash drive so that the new structure / partition table is recognized. This will update the partition table stored by udev. For verification, execute the following commands:
# mkdir / mnt
# mount / dev / sdc / mnt /
# ls / mnt
and see installation files such as syslinux.cfg, setup.exe, and so on. So everything is fine - the flash drive was mounted.
Next, download the ISO image of netinstall (debian.org) with a size of 150-180MB for the corresponding architecture (in my case i386). Netinstall installs the base system, no network needed. Copy this image to some directory and from this directory execute and unmount the USB flash drive:
# cp debian-6.0.1a-i386-netinst / mnt
# umount / dev / sdc
Phew Now with you there is always a flash drive for installation.
If you need to enable such an installer on a flash drive with other OS, then you can contact the grub bootloader. I already have a bootable flash drive with grub4dos. Create a debian folder in the root of the flash drive and drop it there: debian-6.0.1a-i386-netinst.iso, initrd.gz, initrdg.gz, linux - the last 3 files can be pulled from the first Debian 6.0.0 stable installation disk or downloaded (debian .org). And in the menu grub'a (menu.lst) you need to add the following:
title Debian 6.0.1a - Netinstall (Basic System, VGA Install)
kernel /debian/linux video=vesa:ywrap,mtrr vga=788 -- quiet
initrd /debian/initrdg.gz
title Debian 6.0.1a - Netinstall (Basic System, TXT Install)
kernel /debian/linux -- quiet
initrd /debian/initrd.gzNow we stick the flash drive into our improvised server, select the boot from the flash drive through the BIOS and install Debian on a regular basis. When installing anything special, I did not find: select the installation with the graphical interface and then the interactive mode. You can mark up the file system automatically - for the first time come down. After installation and reboot, as well as logging in, we will be happy to see a black screen with a command line prompt - the basic installation is complete!
- Two
Next, you need to set up access and control over the SSH protocol. Also, in order not to bathe with the console, you would need to install mc (Midnight Commander) - an analogue of nc (Norton Commander) in DOS or tc (TotalCommander) in Windows. But to install, you need to copy the package from the network and install it. There is no network. At the same time, almost all of the necessary software is available on Debian 6.0.0 stable disks (disks, it seems, 6). But I refused to work with disks. You can set up a network and use the official network repository - there is no easier way. However, this decision is not for us - we need broad autonomy at the first stage. Yes, and since when we go the easy way - acquaintance is still more research in nature. So you need to make your local repository.
1) preparation ...
We'll have to go back to the virtual machine again. We log in to the console as root (on the server, we will configure sudo in the future, so as not to shine for every nonsense). Create directories:
# mkdir debian / pool
# mkdir debian / pool / contrib
# mkdir debian / pool / main
In these directories we copy the contents of the same directories from all disks. It will turn out one daddy with a volume of 30GB. After the contents of all disks are copied, create directories to store information about packages in the repository:
# cd / debian
# mkdir -p debian / dists / stable / contrib / binary-i386
# mkdir -p debian / dists / stable / main / binary-i386
Further, all commands are executed based on the current debian directory - we are not going beyond its borders! We collect lists of packages:
# apt-ftparchive packages pool / main /> dists / stable / main / binary-i386 / Packages
# apt-ftparchive packages pool / contrib /> dists / stable / contrib / binary-i386 / Packages
Compress the lists:
# gzip -c dists / stable / contrib / binary-i386 / Packages> dists / stable / contrib / binary-i386 / Packages.gz
# gzip -c dists / stable / main / binary-i386 / Packages> dists / stable / main / binary-i386 / Packages.gz
Create Release files:
# apt-ftparchive release pool / contrib /> dists / stable / contrib / binary-i386 / Release
# apt-ftparchive release pool / main /> dists / stable / main / binary-i386 / Release
# cd / debian / pool / dists / stable
# apt-ftparchive release. > Release
Now the / debian folder can be copied to the hard disk and, if desired, connect and organize local repositories on other systems. What we are doing - copy the folder to removable USB-hard.
2) connect ... go to the server as root
We connect USB-hard to the server. Next, we understand how to determine the hard:
# dmesg
We mount it and merge everything that we have done before:
# mount / dev / sda1 / mnt /
# mkdir / dpool
# cp -r / mnt / * / dpool
Edit the file /etc/apt/sources.list - comment all repositories and write ours:
deb file: / debian / stable contrib main
Here we must make a brief digression. How to fix file if one console? There is a vi editor for this:
# cd / etc / apt
# sudo vi sources.list
Next, do what you need: move the cursor to the desired position and click "i". This is the input mode. Do what you need. Done and press ESC to return to command mode. Next - all new. After everything is completed, press the sequence “ESC: w! Enter ”is a return command with saving changes. Fearfully? After installing mc, life will be easier ...
Making an update:
# apt-get update
# apt-cache gencaches
Our local storage is done!
- Three
Now we’ve finally gotten close to SSH.
1) not all the same life as root to work ...
But first, make life easier for yourself - let's set up sudo. Sudo is a system that allows you to delegate certain privileged resources to users with a protocol of work. Simply put, user will be able to perform actions that were originally intended to be performed only as root.
Go to the server as root and open the file / etc / sudoers. Use again the vi editor:
# cd / etc
# vi sudoers
Looking for the string:
root ALL = (ALL) ALL
And under it we add:
user ALL = (ALL) ALL
We leave with the preservation. Done! Now you can log in as a user, but when performing critical commands, just add “sudo” before the command. For the first time, the system will request the current password for identification. Logout and log in as user. The root password can now be written down on a piece of paper - we will use it very rarely, you can also forget it)
2) tortured the console and vi ...
Put the package:
# sudo apt-get install mc
After installation, enter the command
# mc
Now you can rejoice and forget about the commands mkdir, cp, ls, cd, as well as console control in vi. Edit files can now be on F4. Nostalgia for the 2000s - then on the 386th I only used north and ...
3) finally SSH ...
Put the package:
# sudo apt-get install ssh
After a successful installation, you need to add a line to the end of the / etc / ssh / sshd_config file to restrict access:
AllowUsers root user
We carry out:
# sudo mc
Next, go to the specified path and edit the file. After editing, problems with saving will not be - mc is running as root. After editing, you need to update the ssh service - exit to the console and restart the service:
# sudo /etc/init.d/ssh restart
- Four
1) network ...
For the final touch, you only need to configure the network before moving to remote control. My situation is simple: the computer is connected to the router with a wire. Since DHCP is enabled on the router, the Internet will be received from it automatically.
Network interface settings are stored in the file: / etc / network / interfaces
Here is an example of the working contents of the file:
# The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 10.0.0.10 netmask 255.0.0.0 network 10.0.0.0 broadcast 10.255.255.255 gateway 10.0.0.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 10.0.0.1 dns-search debian Run mc via sudo and edit this file according to the network settings that are valid for your network.
Setting the server name and hosts are: / etc / hostname, / etc / hosts
If our server is called “debian”, then we check:
In the hostname is only:
debian
And in the first line of the host:
127.0.0.1 localhost debian
10.0.0.10 debian.localhost debian
After all this we extinguish the computer:
# sudo poweroff
2) remote control ...
We disconnect all cables, pull our server to the farthest corner and connect it to the outlet and to the network. In this case, you need to take care in advance that during the BIOS boot phase, you would not wait for the button called “any” to be pressed after it was surprised to find that the keyboard and mouse are not detected. Press the power button and go back to the working computer. I have a Windows on this computer. How now to connect to the server?
There is such a program putty. You can get it on the Internet. After its launch, in the “Session” tab, we register the IP address of our server, leaving 22 as the port (this is the standard port for the Shell). We check that the UTF-8 is set in the “Translation” tab in order to prevent the cracks from displaying the Cyrillic alphabet. We return to “Session” and open the channel: “Open”. After connecting, we will be asked to confirm the creation of connection keys with us - we confirm. Enter username: user. Next, enter the password - the password is not displayed when you enter this is normal. After the connection, we see the server prompt and the native console, but not on the entire monitor, but in a small window, which can also be adjusted with the mouse. This means “Hooray, comrades!”.
- Five
In principle, WinSCP can be used to access the file system. This will give the opportunity to copy files between machines. But it will not be very correct, because after SSH authorization, access to the entire system will be opened. Ideally, I would just like to make one network folder on the server and open access to it. And there is a solution for this.
Put the package:
# sudo apt-get install samba
Now edit the file /etc/samba/smb.conf. Here is an example of working content:
[global] workgroup = WORKGROUP server string = %h server dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [user] path = /ftp/pub readonly = no guest ok = yes As a comment you can see the following:
- it is necessary to indicate the working group in which the screw machines work;
- the security parameter must be set to share;
- in the “user” section, you need to specify the real path and allow guest access - we add this section to the file itself.
After all this business we create the specified directories:
# mkdir / ftp
# mkdir / ftp / pub
And we understand the rights to these folders:
# sudo chmod 0755 / ftp
# sudo chmod 0777 / ftp / pub
# sudo chown -R root / ftp
In this case, access will be made to the ftp folder, but nothing will be changed in it. But in the pub folder - do anything. Naturally, you can simplify everything by throwing out the daddy pub and correcting the rights for ftp ...
And finally, we restart the service so that all the settings work:
# sudo /etc/init.d/samba restart
- Six
Now it's time to release our baby in the network)))
For a start, it would be nice to make network file access and management from anywhere on the network. But what do we have in topology?
We must have Internet access with a static real IP address. Those. access from outside must be done directly, and not through the switching of the provider's networks. For example, users of the Ramnet network are all sitting behind a large NAT, since go online through multiple pools. This means that the IP issued during registration does not even coincide with the IP that is “imprinted”, for example, when visiting sites. Real IP is uniquely the IP that is registered in the network settings of the network card driver. To find out the real IP or not, you can use some network service on the Internet that shows your IP address. Suppose we have a real IP.
Further, if the network wire is directly connected to the server, then there are no special problems - the server is already on the network. And if there is some kind of routing device (router, or intermediate splitter-switch based on the same Linux)? In this case, we are already behind our NAT, which needs to be configured a little: forward ports. There is a port for each network service on the machine: SSH - 22, FTP - 21. That is, the router needs to be configured so that when accessing the port via our real IP it will be accessed to the server on this port. If our server has an address of 10.0.0.10, and the provider has issued a real IP of 172.122.34.89, then in the router it is necessary to perform port forwarding (Port Forwarding) 21 and 22 from outside (172.122.34.89) to the server (10.0.0.10). It is easy to configure a couple of lines in the admin panel of the router, or the marshurtization table of the intermediate Linux switch is correct. Let's say it all done too.
In this case, to get through SSH via putty, you just need to specify the real IP address, port 22 (see above, where a small configuration of the putty client is described). We log in and access the server console.
And file access? It's a little more complicated here. You can use WinSCP, but as already mentioned, this is not our method. Samba works only in LAN. Have to set up FTP access ...
For FTP we use the proftpd service. Put the package:
# sudo apt-get install proftpd
The configuration file is here: /etc/proftpd/proftpd.conf. Here is an example of a work file:
Include /etc/proftpd/modules.conf ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ DefaultRoot ~ RequireValidShell off Port 21 <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> MaxInstances 10 User nobody Group nogroup Umask 022 022 AllowOverwrite on TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> <Anonymous /home/ftp/pub> User user1 Group nogroup UserAlias anonymous user1 #RequireValidShell off MaxClients 10 TransferRate RETR,STOR 4096 <Limit LOGIN> AllowAll </Limit> <Limit READ> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous> <Anonymous /home/ftp/pub> User user2 Group nogroup #UserAlias anonymous user2 #RequireValidShell off MaxClients 3 #TransferRate RETR,STOR 4096 <Limit LOGIN> AllowAll </Limit> <Limit READ> AllowAll </Limit> <Limit WRITE> AllowAll </Limit> </Anonymous></code> : - FTP "standalone", ; - "Anonymous" : user1 4/ 10, user2 , 3. ftp-: <b># sudo /etc/init.d/proftpd restart</b> FTP- . , 21 . / /. . : <b># sudo useradd user1 # sudo useradd user2</b> : <b># sudo passwd user1 # sudo passwd user2</b> - - ))) SFTP . proftpd mod_sftp. (3 ) . 10 , . . SFTP SSH - . , .. , , . SFTP ( FTP , ), . - mod_sftp. , SSH: <source lang="bash"><IfModule mod_sftp.c> SFTPEngine on SFTPLog /var/log/proftpd/sftp.log TransferLog /var/log/proftpd/xferlog-sftp.log Port 2220 SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_dsa_key SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys SFTPCompression delayed MaxLoginAttempts 6 </IfModule> This case is inserted into proftpd.conf and accessed via port 2220. But at the same time mod_sftp must be installed along with proftpd. In the regular repoft, proftpd is built without mod_sftp. He will have to "dobosirah" independently. I “patched up” according to some English instructions — I no longer remember. The process is no less creative than building your own repository, but the result is still not pleased, so I will not describe all this.
- Seven
So we set up FTP. Now I would like to be able to turn on the server when necessary. For example, you need to take something from a network folder.
There is one subtlety. Only power and network are connected to our server. But network cards have long learned to “wake up” a computer: you just need to turn on such support in the computer's BIOS and send the “magic packet” to it. We read in wikipedia:
Magic packet is a special byte sequence that can be inserted into UDP or IPX packets for normal transmission over local networks. Typically, for WOL, packets of top-level protocols are broadcast out, since in the case of dynamic assignment of addresses, it is not known which, say, IP address corresponds to which MAC address. However, to correctly pass through a router that bans broadcasting packets, you can send a packet to a specific address.
Composition magic packet
First comes the so-called “synchronization chain”: 6 bytes, equal to 0xFF. Then - the MAC address of the network card repeated 16 times. That is, if the address of the board looked like 01: 02: 03: 04: 05: 06, then the magic packet would be:
FFFFFFFFFFFF010203040506010203040506010203040506010203040506 010203040506010203040506010203040506010203040506010203040506 010203040506010203040506010203040506010203040506010203040506 010203040506010203040506 There are a lot of programs, half of which work, and the other not, which form and send such packets to the specified IP. But this is true only in the local network. But after all, we have a real IP - then you can simply try to send a packet to it, and configure the router to relay this packet to the server. Packets for "wake-up" are usually sent on ports 7 or 9. We push them through the router to the server IP. Next, the easiest way to use the network resource is wakeonlan.ru: we hammer in our real IP address and MAC address of the server's network card. Click the button "Turn on the computer!". After a couple of dispatches, the system may well write about the inclusion failure — the server is still behind NAT, and it is more reasonable to turn off the response to router ping in the router settings. , IP MAC. — 14 ?) ( GPRS ).
. , . , , . «» . . DD-WRT ( ). . ) , ( - ). - , -… — ARP . . , :
ip neigh change 10.0.0.10 lladdr 00:10:20:1F:C4:57 nud permanent dev br0
ip neigh add 10.0.0.10 lladdr 00:10:20:1F:C4:57 nud permanent dev br0, «» MAC- ( ) «» IP ( — ARP) .
— . - — .
Source: https://habr.com/ru/post/126944/
All Articles