When you install a Linux server or PC, you need to configure the system at first. Here is a collection of useful commands taking Ubuntu as example.

Common Commands

Change Directory (cd)

1
2
3
4
5
cd /home/Qjbtiger/files # change directory to path
cd .\ # cd to current directory
cd ..\ # cd to parent directory
cd \ # cd to root directory
cd ~ # cd to current user's home directory
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
cd: cd [-L|[-P [-e]] [-@]] [dir]
  Change the shell working directory.
  
  Change the current directory to DIR.  The default DIR is the value of the
  HOME shell variable.
  
  The variable CDPATH defines the search path for the directory containing
  DIR.  Alternative directory names in CDPATH are separated by a colon (:).
  A null directory name is the same as the current directory.  If DIR begins
  with a slash (/), then CDPATH is not used.
  
  If the directory is not found, and the shell option `cdable_vars' is set,
  the word is assumed to be  a variable name.  If that variable has a value,
  its value is used for DIR.
  
  Options:
    -L        force symbolic links to be followed: resolve symbolic
              links in DIR after processing instances of `..'
    -P        use the physical directory structure without following
              symbolic links: resolve symbolic links in DIR before
              processing instances of `..'
    -e        if the -P option is supplied, and the current working
              directory cannot be determined successfully, exit with
              a non-zero status
    -@        on systems that support it, present a file with extended
              attributes as a directory containing the file attributes
  
  The default is to follow symbolic links, as if `-L' were specified.
  `..' is processed by removing the immediately previous pathname component
  back to a slash or the beginning of DIR.
  
  Exit Status:
  Returns 0 if the directory is changed, and if $PWD is set successfully when
  -P is used; non-zero otherwise.

List the Files(ls)

1
2
3
4
5
ls /home/Qjbtiger/files # list all files in path '/home/Qjbtiger/files'
ls ./ # list all files in current path
ls # same as above
ls -l # list all files in details
ls -a # list all files including hidden files
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
Usage: ls [OPTION]... [FILE]...
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuvSUX nor --sort is specified.

Mandatory arguments to long options are mandatory for short options too.
  -a, --all                  do not ignore entries starting with .
  -A, --almost-all           do not list implied . and ..
      --author               with -l, print the author of each file
  -b, --escape               print C-style escapes for nongraphic characters
      --block-size=SIZE      with -l, scale sizes by SIZE when printing them;
                              e.g., '--block-size=M'; see SIZE format below
  -B, --ignore-backups       do not list implied entries ending with ~
  -c                         with -lt: sort by, and show, ctime (time of last
                              modification of file status information);
                              with -l: show ctime and sort by name;
                              otherwise: sort by ctime, newest first
  -C                         list entries by columns
      --color[=WHEN]         colorize the output; WHEN can be 'always' (default
                              if omitted), 'auto', or 'never'; more info below
  -d, --directory            list directories themselves, not their contents
  -D, --dired                generate output designed for Emacs' dired mode
  -f                         do not sort, enable -aU, disable -ls --color
  -F, --classify             append indicator (one of */=>@|) to entries
      --file-type            likewise, except do not append '*'
      --format=WORD          across -x, commas -m, horizontal -x, long -l,
                              single-column -1, verbose -l, vertical -C
      --full-time            like -l --time-style=full-iso
  -g                         like -l, but do not list owner
      --group-directories-first
                            group directories before files;
                              can be augmented with a --sort option, but any
                              use of --sort=none (-U) disables grouping
  -G, --no-group             in a long listing, don't print group names
  -h, --human-readable       with -l and -s, print sizes like 1K 234M 2G etc.
      --si                   likewise, but use powers of 1000 not 1024
  -H, --dereference-command-line
                            follow symbolic links listed on the command line
      --dereference-command-line-symlink-to-dir
                            follow each command line symbolic link
                              that points to a directory
      --hide=PATTERN         do not list implied entries matching shell PATTERN
                              (overridden by -a or -A)
      --hyperlink[=WHEN]     hyperlink file names; WHEN can be 'always'
                              (default if omitted), 'auto', or 'never'
      --indicator-style=WORD  append indicator with style WORD to entry names:
                              none (default), slash (-p),
                              file-type (--file-type), classify (-F)
  -i, --inode                print the index number of each file
  -I, --ignore=PATTERN       do not list implied entries matching shell PATTERN
  -k, --kibibytes            default to 1024-byte blocks for disk usage;
                              used only with -s and per directory totals
  -l                         use a long listing format
  -L, --dereference          when showing file information for a symbolic
                              link, show information for the file the link
                              references rather than for the link itself
  -m                         fill width with a comma separated list of entries
  -n, --numeric-uid-gid      like -l, but list numeric user and group IDs
  -N, --literal              print entry names without quoting
  -o                         like -l, but do not list group information
  -p, --indicator-style=slash
                            append / indicator to directories
  -q, --hide-control-chars   print ? instead of nongraphic characters
      --show-control-chars   show nongraphic characters as-is (the default,
                              unless program is 'ls' and output is a terminal)
  -Q, --quote-name           enclose entry names in double quotes
      --quoting-style=WORD   use quoting style WORD for entry names:
                              literal, locale, shell, shell-always,
                              shell-escape, shell-escape-always, c, escape
                              (overrides QUOTING_STYLE environment variable)
  -r, --reverse              reverse order while sorting
  -R, --recursive            list subdirectories recursively
  -s, --size                 print the allocated size of each file, in blocks
  -S                         sort by file size, largest first
      --sort=WORD            sort by WORD instead of name: none (-U), size (-S),
                              time (-t), version (-v), extension (-X)
      --time=WORD            with -l, show time as WORD instead of default
                              modification time: atime or access or use (-u);
                              ctime or status (-c); also use specified time
                              as sort key if --sort=time (newest first)
      --time-style=TIME_STYLE  time/date format with -l; see TIME_STYLE below
  -t                         sort by modification time, newest first
  -T, --tabsize=COLS         assume tab stops at each COLS instead of 8
  -u                         with -lt: sort by, and show, access time;
                              with -l: show access time and sort by name;
                              otherwise: sort by access time, newest first
  -U                         do not sort; list entries in directory order
  -v                         natural sort of (version) numbers within text
  -w, --width=COLS           set output width to COLS.  0 means no limit
  -x                         list entries by lines instead of by columns
  -X                         sort alphabetically by entry extension
  -Z, --context              print any security context of each file
  -1                         list one file per line.  Avoid '\n' with -q or -b
      --help     display this help and exit
      --version  output version information and exit

The SIZE argument is an integer and optional unit (example: 10K is 10*1024).
Units are K,M,G,T,P,E,Z,Y (powers of 1024) or KB,MB,... (powers of 1000).

The TIME_STYLE argument can be full-iso, long-iso, iso, locale, or +FORMAT.
FORMAT is interpreted like in date(1).  If FORMAT is FORMAT1<newline>FORMAT2,
then FORMAT1 applies to non-recent files and FORMAT2 to recent files.
TIME_STYLE prefixed with 'posix-' takes effect only outside the POSIX locale.
Also the TIME_STYLE environment variable sets the default style to use.

Using color to distinguish file types is disabled both by default and
with --color=never.  With --color=auto, ls emits color codes only when
standard output is connected to a terminal.  The LS_COLORS environment
variable can change the settings.  Use the dircolors command to set it.

Exit status:
0  if OK,
1  if minor problems (e.g., cannot access subdirectory),
2  if serious trouble (e.g., cannot access command-line argument).

Make Directory (mkdir)

1
2
3
mkdir /home/Qjbtiger/files/newDirectory # make directory named 'newDirectory' in path '/home/Qjbtiger/files'
mkdir ./newDirectory # make directory named 'newDirectory' in current path
mkdir newDirectory # same as above
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
Usage: mkdir [OPTION]... DIRECTORY...
Create the DIRECTORY(ies), if they do not already exist.

Mandatory arguments to long options are mandatory for short options too.
  -m, --mode=MODE   set file mode (as in chmod), not a=rwx - umask
  -p, --parents     no error if existing, make parent directories as needed
  -v, --verbose     print a message for each created directory
  -Z                   set SELinux security context of each created directory
                         to the default type
      --context[=CTX]  like -Z, or if CTX is specified then set the SELinux
                         or SMACK security context to CTX
      --help     display this help and exit
      --version  output version information and exit

Delete Files or Directories(rm)

1
2
3
4
5
rm /home/Qjbtiger/files/fileReadyToDelete.txt # delete the file named 'fileReadyToDelete' in path '/home/Qjbtiger/files'
rm ./fileReadyToDelete.txt # delete the file named 'fileReadyToDelete' in current path
rm ./* # delete all files in current path. Command 'rm' support for wildcard character
rm -r /home/Qjbtiger/files/DirectoryReadyToDelete # delete the directory named 'DirectoryReadyToDelete' in path '/home/Qjbtiger/files'. '-r' means deleting directories and their contents recursively
rm -rf /* # ready to run away~~
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Usage: rm [OPTION]... [FILE]...
Remove (unlink) the FILE(s).

  -f, --force           ignore nonexistent files and arguments, never prompt
  -i                    prompt before every removal
  -I                    prompt once before removing more than three files, or
                          when removing recursively; less intrusive than -i,
                          while still giving protection against most mistakes
      --interactive[=WHEN]  prompt according to WHEN: never, once (-I), or
                          always (-i); without WHEN, prompt always
      --one-file-system  when removing a hierarchy recursively, skip any
                          directory that is on a file system different from
                          that of the corresponding command line argument
      --no-preserve-root  do not treat '/' specially
      --preserve-root[=all]  do not remove '/' (default);
                              with 'all', reject any command line argument
                              on a separate device from its parent
  -r, -R, --recursive   remove directories and their contents recursively
  -d, --dir             remove empty directories
  -v, --verbose         explain what is being done
      --help     display this help and exit
      --version  output version information and exit

By default, rm does not remove directories.  Use the --recursive (-r or -R)
option to remove each listed directory, too, along with all of its contents.

To remove a file whose name starts with a '-', for example '-foo',
use one of these commands:
  rm -- -foo

  rm ./-foo

Note that if you use rm to remove a file, it might be possible to recover
some of its contents, given sufficient expertise and/or time.  For greater
assurance that the contents are truly unrecoverable, consider using shred.

Compression & Decompression

1
2
3
4
5
6
7
8
9
10
11
tar -cf /home/Qjbtiger/tmp.tar /home/Qjbtiger/tmp.txt # create new archive (no compression) and '-f' is usually necessary
tar -zcf /home/Qjbtiger/tmp.tar.gz /home/Qjbtiger/tmp.txt # create new archive (with gzip compression)
tar -jcf /home/Qjbtiger/tmp.tar.bz2 /home/Qjbtiger/tmp.txt # create new archive (with bzip2 compression)
tar -xf /home/Qjbtiger/tmp.tar # extract the archive (no compression)
tar -zxf /home/Qjbtiger/tmp.tar.gz # extract the archive (with gzip compression)
tar -jxf /home/Qjbtiger/tmp.tar.bz2 # extract the archive (with bzip2 compression)
tar -zvxf /home/Qjbtiger/tmp.tar.gz # with verbose

zip /home/Qjbtiger/tmp.zip /home/Qjbtiger/tmp.txt # compress files
zip -r /home/Qjbtiger/tmp.zip /home/Qjbtiger/tmp # compress directory
unzip /home/Qjbtiger/tmp.zip # decompress the archive

Check ip Address (ifconfig)

1
ifconfig

Show Network Status (netstat)

1
2
3
4
5
6
7
8
9
10
netstat # show active connections
netstat -a # show all ports including Listened and not listened
netstat -at # show all port of tcp links
netstat -au # show all port of udp links
netstat -l # show all listened ports
netstat -s # show statustic information
netstat -p # show PID and process name
netstat -n # show ip adress instead of hosts/ports/users name

netstat -tulpn # usually use
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
usage: netstat [-vWeenNcCF] [<Af>] -r         netstat {-V|--version|-h|--help}
       netstat [-vWnNcaeol] [<Socket> ...]
       netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }

        -r, --route              display routing table
        -i, --interfaces         display interface table
        -g, --groups             display multicast group memberships
        -s, --statistics         display networking statistics (like SNMP)
        -M, --masquerade         display masqueraded connections

        -v, --verbose            be verbose
        -W, --wide               don't truncate IP addresses
        -n, --numeric            don't resolve names
        --numeric-hosts          don't resolve host names
        --numeric-ports          don't resolve port names
        --numeric-users          don't resolve user names
        -N, --symbolic           resolve hardware names
        -e, --extend             display other/more information
        -p, --programs           display PID/Program name for sockets
        -o, --timers             display timers
        -c, --continuous         continuous listing

        -l, --listening          display listening server sockets
        -a, --all                display all sockets (default: connected)
        -F, --fib                display Forwarding Information Base (default)
        -C, --cache              display routing cache instead of FIB
        -Z, --context            display SELinux security context for sockets

  <Socket>={-t|--tcp} {-u|--udp} {-U|--udplite} {-S|--sctp} {-w|--raw}
           {-x|--unix} --ax25 --ipx --netrom
  <AF>=Use '-6|-4' or '-A <af>' or '--<af>'; default: inet
  List of possible address families (which support routing):
    inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) 
    netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) 
    x25 (CCITT X.25)

System Service (systemctl)

1
2
3
4
5
6
7
systemctl start smbd # start service 'smbd'
systemctl stop smbd # stop service 'smbd'
systemctl restart smbd # restart service 'smbd'
systemctl reload smbd # reload config file of service 'smbd'
systemctl status smbd # start service 'smbd'
systemctl enable smbd # start service 'smbd' when starting up
systemctl disable smbd # don't start service 'smbd' when starting up
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
systemctl [OPTIONS...] COMMAND ...

Query or send control commands to the system manager.

Unit Commands:
  list-units [PATTERN...]             List units currently in memory
  list-sockets [PATTERN...]           List socket units currently in memory,
                                      ordered by address
  list-timers [PATTERN...]            List timer units currently in memory,
                                      ordered by next elapse
  start UNIT...                       Start (activate) one or more units
  stop UNIT...                        Stop (deactivate) one or more units
  reload UNIT...                      Reload one or more units
  restart UNIT...                     Start or restart one or more units
  try-restart UNIT...                 Restart one or more units if active
  reload-or-restart UNIT...           Reload one or more units if possible,
                                      otherwise start or restart
  try-reload-or-restart UNIT...       If active, reload one or more units,
                                      if supported, otherwise restart
  isolate UNIT                        Start one unit and stop all others
  kill UNIT...                        Send signal to processes of a unit
  clean UNIT...                       Clean runtime, cache, state, logs or
                                      configuration of unit
  is-active PATTERN...                Check whether units are active
  is-failed PATTERN...                Check whether units are failed
  status [PATTERN...|PID...]          Show runtime status of one or more units
  show [PATTERN...|JOB...]            Show properties of one or more
                                      units/jobs or the manager
  cat PATTERN...                      Show files and drop-ins of specified units
  set-property UNIT PROPERTY=VALUE... Sets one or more properties of a unit
  help PATTERN...|PID...              Show manual for one or more units
  reset-failed [PATTERN...]           Reset failed state for all, one, or more
                                      units
  list-dependencies [UNIT...]         Recursively show units which are required
                                      or wanted by the units or by which those
                                      units are required or wanted
Unit File Commands:
  list-unit-files [PATTERN...]        List installed unit files
  enable [UNIT...|PATH...]            Enable one or more unit files
  disable UNIT...                     Disable one or more unit files
  reenable UNIT...                    Reenable one or more unit files
  preset UNIT...                      Enable/disable one or more unit files
                                      based on preset configuration
  preset-all                          Enable/disable all unit files based on
                                      preset configuration
  is-enabled UNIT...                  Check whether unit files are enabled
  mask UNIT...                        Mask one or more units
  unmask UNIT...                      Unmask one or more units
  link PATH...                        Link one or more units files into
                                      the search path
  revert UNIT...                      Revert one or more unit files to vendor
                                      version
  add-wants TARGET UNIT...            Add 'Wants' dependency for the target
                                      on specified one or more units
  add-requires TARGET UNIT...         Add 'Requires' dependency for the target
                                      on specified one or more units
  edit UNIT...                        Edit one or more unit files
  get-default                         Get the name of the default target
  set-default TARGET                  Set the default target

Machine Commands:
  list-machines [PATTERN...]          List local containers and host

Job Commands:
  list-jobs [PATTERN...]              List jobs
  cancel [JOB...]                     Cancel all, one, or more jobs

Environment Commands:
  show-environment                    Dump environment
  set-environment VARIABLE=VALUE...   Set one or more environment variables
  unset-environment VARIABLE...       Unset one or more environment variables
  import-environment [VARIABLE...]    Import all or some environment variables

Manager State Commands:
  daemon-reload                       Reload systemd manager configuration
  daemon-reexec                       Reexecute systemd manager
  log-level [LEVEL]                   Get/set logging threshold for manager
  log-target [TARGET]                 Get/set logging target for manager
  service-watchdogs [BOOL]            Get/set service watchdog state

System Commands:
  is-system-running                   Check whether system is fully running
  default                             Enter system default mode
  rescue                              Enter system rescue mode
  emergency                           Enter system emergency mode
  halt                                Shut down and halt the system
  poweroff                            Shut down and power-off the system
  reboot [ARG]                        Shut down and reboot the system
  kexec                               Shut down and reboot the system with kexec
  exit [EXIT_CODE]                    Request user instance or container exit
  switch-root ROOT [INIT]             Change to a different root file system
  suspend                             Suspend the system
  hibernate                           Hibernate the system
  hybrid-sleep                        Hibernate and suspend the system
  suspend-then-hibernate              Suspend the system, wake after a period of
                                      time, and hibernate
Options:
  -h --help              Show this help
     --version           Show package version
     --system            Connect to system manager
     --user              Connect to user service manager
  -H --host=[USER@]HOST  Operate on remote host
  -M --machine=CONTAINER Operate on a local container
  -t --type=TYPE         List units of a particular type
     --state=STATE       List units with particular LOAD or SUB or ACTIVE state
     --failed            Shorcut for --state=failed
  -p --property=NAME     Show only properties by this name
  -a --all               Show all properties/all units currently in memory,
                         including dead/empty ones. To list all units installed
                         on the system, use 'list-unit-files' instead.
  -l --full              Don't ellipsize unit names on output
  -r --recursive         Show unit list of host and local containers
     --reverse           Show reverse dependencies with 'list-dependencies'
     --with-dependencies Show unit dependencies with 'status', 'cat',
                         'list-units', and 'list-unit-files'.
     --job-mode=MODE     Specify how to deal with already queued jobs, when
                         queueing a new job
  -T --show-transaction  When enqueuing a unit job, show full transaction
     --show-types        When showing sockets, explicitly show their type
     --value             When showing properties, only print the value
  -i --ignore-inhibitors When shutting down or sleeping, ignore inhibitors
     --kill-who=WHO      Whom to send signal to
  -s --signal=SIGNAL     Which signal to send
     --what=RESOURCES    Which types of resources to remove
     --now               Start or stop unit after enabling or disabling it
     --dry-run           Only print what would be done
                         Currently supported by verbs: halt, poweroff, reboot,
                             kexec, suspend, hibernate, suspend-then-hibernate,
                             hybrid-sleep, default, rescue, emergency, and exit.
  -q --quiet             Suppress output
     --wait              For (re)start, wait until service stopped again
                         For is-system-running, wait until startup is completed
     --no-block          Do not wait until operation finished
     --no-wall           Don't send wall message before halt/power-off/reboot
     --no-reload         Don't reload daemon after en-/dis-abling unit files
     --no-legend         Do not print a legend (column headers and hints)
     --no-pager          Do not pipe output into a pager
     --no-ask-password   Do not ask for system passwords
     --global            Enable/disable/mask unit files globally
     --runtime           Enable/disable/mask unit files temporarily until next
                         reboot
  -f --force             When enabling unit files, override existing symlinks
                         When shutting down, execute action immediately
     --preset-mode=      Apply only enable, only disable, or all presets
     --root=PATH         Enable/disable/mask unit files in the specified root
                         directory
  -n --lines=INTEGER     Number of journal entries to show
  -o --output=STRING     Change journal output mode (short, short-precise,
                             short-iso, short-iso-precise, short-full,
                             short-monotonic, short-unix,
                             verbose, export, json, json-pretty, json-sse, cat)
     --firmware-setup    Tell the firmware to show the setup menu on next boot
     --boot-loader-menu=TIME
                         Boot into boot loader menu on next boot
     --boot-loader-entry=NAME
                         Boot into a specific boot loader entry on next boot
     --plain             Print unit dependencies as a list instead of a tree

See the systemctl(1) man page for details.

User Management

Add (New) User

Make sure you do it by Root user or add sudo before the commands below.

1
adduser newUserName
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
adduser temp
Adding user `temp' ...
Adding new group `temp' (1001) ...
Adding new user `temp' (1001) with group `temp' ...
Creating home directory `/home/temp' ...
Copying files from `/etc/skel' ...
New password: # input password
Retype new password: 
passwd: password updated successfully
Changing the user information for temp
Enter the new value, or press ENTER for the default
        Full Name []: # input information or press 'Enter' to leave a blank
        Room Number []: 
        Work Phone []: 
        Home Phone []: 
        Other []: 
Is the information correct? [Y/n] Y # input 'Y'

Delete User

Make sure you do it by Root user or add sudo before the commands below.

1
2
userdel deleteUseName # delete the user named 'deleteUseName' but its home directory won't be delete.
userdel -r deleteUserName # delete the user named 'deleteUseName' and its home directory will be delete as well.

Setting SSH Transport

Add Key

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# generate key
ssh-keygen # input command 1
Generating public/private rsa key pair.
Enter file in which the key is (/home/qjbtiger/.ssh/id_rsa): # just press 'Enter'
Created directory '/home/qjbtiger/.ssh'
Enter passphrase (empty for no passphrase): # input passphrase or press 'Enter' to leave a blank 
Enter same passphrase again: # same as above
Your identification has been saved in /home/qjbtiger/.ssh/id_rsa.
Your public key has been saved in /home/qjbtiger/.ssh/id_rsa.pub

# install public key
cd ~/.ssh # input command 2 & 3
cat id_rsa.pub >> authorized_keys

# optional step
chmod 600 authorized_keys
chmod 700 ~/.ssh

Make sure you do it by Root user or add sudo before the commands below.

1
2
3
4
5
6
7
8
9
10
# setting ssh config file
vi /etc/ssh/sshd_config # input command 4

RSAAuthentication yes # enable RSA authentication
PubkeyAuthentication yes # allow public key authentication
PermitRootLogin yes # allow Root user log in
PasswordAuthentication yes # allow log in by password

# restart ssh service
service sshd restart # input command 5

Download the private key file ‘id_rsa’ to local PC. If you use PuTTY or some tools like this, you need to convert the file to new format by PuTTYGen which PuTTY can recognize.

Setting sudo Command

Make sure you do it by Root user or add sudo before the commands below.

1
vi /etc/sudoers
1
2
3
4
5
6
7
8
# User privilege specification
root	ALL=(ALL:ALL) ALL
qjbtiger ALL=(ALL:ALL) ALL
#----Add the user here! The first ALL means all hosts. The second ALL means all users can be used to exxcute commands. The third ALL means all groups can be used to exxcute commands. The fourth ALL means ALL commands can be executed----#

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL
#----Add the group here!----#

Setting SFTP (vsftpd)

First Setting

If necessary, it is recommanded to do it by Root user or add sudo before the commands below, unless only one local user uses it.

1
2
3
4
5
6
# optional step
apt-get update
apt-get upgrade

# install vsftpd
apt-get install vsftpd # input command 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# config SFTP config file
vi /etc/vsftpd.conf # input command 2

anonymous_enable=NO # forbid anonymous user log in
local_enable=YES # IMPORTANT. allow loacl user log in
write_enable=YES # allow write (or delete) files


# chroot (optional)
chroot_local_user=YES # restrict local users to their home directories (Root directory is not allowed)
allow_writeable_chroot=YES # allow to write in root directory
chroot_list_enable=YES # users in  files is forbidden to change Root directory
chroot_list_file=/etc/vsftpd/chroot_list # file path in '/etc/vsftpd/chroot_list'


# userlist (optional)
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list # add users alled to log in path '/etc/vsftpd.user_list'
userlist_deny=NO

# optional
local_root=/home/$USER # the directory when user log in, default is '/home/$USER'
1
2
# restart vsftpd service
service vsftpd restart # input command 3

Common Commands

1
2
3
4
service vsftpd start # start
service vsftpd stop # stop
service vsftpd status # check status
service vsftpd restart # restart

Other

Remerber to allow port 20/21 and 30000:31000 when configuring firewall. If necessary, you can new a user specific to SFTP

Setting Samba Server (samba)

ATTENTION: The default port 139/445, which is used by smb service, is forbidden by broadband operator in China, and the clients of Windows is not support for changing ports of smb service. So it is recommanded to use it in LAN instead of public network.

Make sure you do it by Root user or add sudo before the commands below.

First Setting

1
2
3
4
5
6
# optional step
apt-get update
apt-get upgrade

# install samba
apt-get install samba # input command 1
1
2
3
4
5
6
7
8
9
10
11
# edit config file
vi /etc/samba/smb.conf # input command 2

# add those words at the end of config file
[share]
  path = /home/qjbtiger
  valid users = qjbtiger # the user name you allow
  available = yes
  browseable = yes
  public = no # need password to log in
  writable = yes
1
2
3
4
5
6
7
8
9
10
11
# check config file is correct or not (optional)
testparm

# add share user
smbpasswd -a qjbtiger # input command 3
New SMB password: # input password
Retype new SMB password:
Added user qjbtiger.

# restart smb service
systemctl reload smbd nmbd # input command 4

Common Commands

1
2
3
4
5
6
7
systemctl start smbd nmbd # start samba
systemctl stop smbd nmbd # stop samba
systemctl restart smbd nmbd # restart samba
systemctl reload smbd nmbd # reload config file

systemctl status smbd nmbd # check samba status
smbstatus # same as above

Other

Remerber to allow port 139/445 when configuring firewall. If necessary, you can new a user specific to samba.

Or,

1
ufw allow 'Samba'

Setting Firewall (ufw)

Make sure you do it by Root user or add sudo before the commands below.

1
2
3
4
5
6
ufw enable # start firewall
ufw disable # stop firewall
ufw reload # restart firewall
ufw status # check status
ufw allow 22 # allow port 22
ufw delete allow 22 # forbid port 22 (delete the rule above)
Usage 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Usage: ufw COMMAND

Commands:
 enable                          enables the firewall
 disable                         disables the firewall
 default ARG                     set default policy
 logging LEVEL                   set logging to LEVEL
 allow ARGS                      add allow rule
 deny ARGS                       add deny rule
 reject ARGS                     add reject rule
 limit ARGS                      add limit rule
 delete RULE|NUM                 delete RULE
 insert NUM RULE                 insert RULE at NUM
 route RULE                      add route RULE
 route delete RULE|NUM           delete route RULE
 route insert NUM RULE           insert route RULE at NUM
 reload                          reload firewall
 reset                           reset firewall
 status                          show firewall status
 status numbered                 show firewall status as numbered list of RULES
 status verbose                  show verbose firewall status
 show ARG                        show firewall report
 version                         display version information

Application profile commands:
 app list                        list application profiles
 app info PROFILE                show information on PROFILE
 app update PROFILE              update PROFILE
 app default ARG                 set default application policy