dah85.com

Just another blog

I've recently upgraded to using Ubuntu Server 17.04 and I have noticed that by default you must create a user instead of being able to login as root, which is a great idea for security, but makes things harder for permissions, etc.

Once the Ubuntu 17 server has been set up, all we need to do is modify /etc/ssh/sshd_config and add the line PermitRootLogin yes underneath the Authentication heading.

sudo nano /etc/ssh/sshd_config

sshd_config:

#Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Once that's done, we just need to restart the ssh server

sudo systemctl restart sshd

Now, we need to make sure the root user has a password, if not, we can set one now.

sudo passwd

Enter the new root password, once that's done, try logging in as root with SSH, it should work now!

I have a Logitech G15 keyboard which has an LCD screen built into the top of it. Under Ubuntu, getting it to work is a simple matter of running

apt install g15daemon

Under Manjaro, it's a bit different. I can install the g15daemon but it won't start automatically without requring the root password. What we need to do is use a tool called visudo. This is what I did.

sudo visudo

Then go to the bottom of the file, press o to insert and put:

ALL ALL= NOPASSWD: /usr/sbin/g15daemon

Press escape, then :x to save and quit.

Now we enable it as a service in systemctl

sudo systemctl enable g15daemon

And test it by running

sudo systemctl start g15daemon

The LCD on the keyboard now shows me the time and date. To get this to start when I log in, because I'm using Manjaro XFCE I will open "Session and Startup", go to the "Application Autostart" tab and create a new entry with "sudo systemctl start g15daemon" as the command to run, giving it a suitable name.

After a reboot to test it, it's all working!

I originally followed this post on the Manjaro forums with no success, I found my way to be much cleaner.

Getting Steam to work in Manjaro Linux

- Posted in Quick Tip by with comments

This is a quick tip to remind myself (and others) that even though Steam appears to be installed in Manjaro Linux, it won't open.

Running these commands fixes that issue:

find ~/.steam/root/ \( -name "libgcc_s.so*" -o -name "libstdc++.so*" -o -name "libxcb.so*" -o -name "libgpg-error.so*" \) -print -delete

and

find ~/.local/share/Steam/ \( -name "libgcc_s.so*" -o -name "libstdc++.so*" -o -name "libxcb.so*" -o -name "libgpg-error.so*" \) -print -delete

After that, start Steam and it should start updating and work :)

Installing a minimal GUI on a KVM server

- Posted in Quick Tip by with comments

Recently I have found myself needing to install a very basic, light GUI on top of an otherwise blank Ubuntu Server system. This lead me to the following command, which will install the lightweight desktop environment LXDE along with the bare minimum that's needed to run it.

sudo apt install --no-install-recommends lubuntu-core

After that, we'll need a way to actually load the GUI so we need to install xinit. If you don't do this, when you type startx it will warn you to do this anyway.

sudo apt install xinit

Reboot and it will now show you the GUI login screen.

Logging in shows that there is a GUI and nothing else installed except a terminal, a file manager and desktop settings.

Setting up LetsEncrypt free SSL

- Posted in Quick Tip by with comments

Today I will be installing and automatically renewing a free SSL certificate with LetsEncrypt.

Here's what I would do for the domain dah85.com

apt-get install nano python-letsencrypt-apache
letsencrypt --apache -d dah85.com
letsencrypt --apache --expand -d dah85.com -d www.dah85.com
letsencrypt renew
crontab -e
1 1 * * 1 /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renewal.log

Done :)

This also sets up SSL in Apache for things like nextCloud if it's not already set up.

EDIT 0: If it complains that letsencrypt does not exist when installing, try installing python-certbot-apache instead. I found this happens in Ubuntu 17.04.

EDIT 1: Someone kindly pointed out that www.dah85.com didn't work, so I added the command "letsencrypt --apache --expand -d dah85.com -d www.dah85.com" after it and that fixed it :) Thanks Chris!

-Dave

Benchmarking a Linux machine

- Posted in Quick Tip by with comments

When I'm playing with a new VPS, the first thing I like to do is run a benchmark to see if I've got a good deal.

Running this in a terminal will start the benchmark (only need to install time and bzip2 once)

apt-get install time bzip2
bash <(wget --no-check-certificate -O - https://raw.github.com/mgutz/vpsbench/master/vpsbench)

You'll get an output similar to this

CPU model:  Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz
Number of cores: 1
CPU frequency:  1897.804 MHz
Total amount of RAM: 1024 MB
Total amount of swap:  MB
System uptime:   6 min,       
I/O speed:  58.2 MB/s
Bzip 25MB: 6.76s
Download 100MB file: 34.2MB/s

Just got this new toy, off to play with it ;)

-Dave

Setting up UFW for the first time

- Posted in Quick Tip by with comments

Securing a Linux machine is always a good idea, and here's the simplest way to do it.

First, install ufw and check the status. It should be disabled by default.

apt-get install ufw
ufw status

Second, we will enable the default rules which will be to block all incoming and allow all outgoing.

ufw default deny incoming
ufw default allow outgoing

Now for specific ports to open. Here I will allow SSH (22), HTTP (80) and HTTPS (443), webmin (10000) and seafile (8000)

ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 8000/tcp
ufw allow 10000/tcp

Now we enable it, and then check the status.

ufw enable
ufw status

To disable it.

ufw disable

To reset back to default

ufw reset

And that's it, all incoming traffic is blocked except what has been explicitly allowed, and all outgoing traffic is allowed.

-Dave