This tutorial will help you to install and secure the OpenSSH server on Pop!_OS Linux. In this tutorial, we will cover the following topics:

1. Installing OpenSSH server on Pop!_OS
2. Configuring the OpenSSH server
3. Using the OpenSSH client to connect to a remote system
4. Securing the OpenSSH server

Step 1: Installing OpenSSH Server on Pop!_OS

The OpenSSH server packages are available under the default system repositories. You first need to update the package manager cache by running the following command:

sudo apt update 

Next, install the OpenSSH server by the below-mentioned command:

sudo apt install openssh-server 

Press ‘y’ when prompted for confirmation. This will install the OpenSSH server and all the necessary dependencies.

Once the installation is complete, the OpenSSH server will be automatically started and enabled to start on boot. You can check the service status by running the ‘systemctl status ssh’ command.

Step 2: Configuring the OpenSSH Server:

Once the OpenSSH server is installed, you can configure it by editing the main configuration file, which is located at “/etc/ssh/sshd_config“. This file contains a number of options that control the behavior of the OpenSSH server.

Some of the most important options that you might want to configure include:

• Port: This option specifies the port number that the OpenSSH server listens on. By default, the OpenSSH server listens on port 22, but you can change this to any unused port number if you want to.

  Port 22

• PermitRootLogin: This option controls whether root login is allowed over SSH. By default, root login is disabled, but you can enable it by setting this option to “yes”.

  PermitRootLogin yes

• PubkeyAuthentication: This option controls whether public key authentication is allowed. By default, public key authentication is enabled, but you can disable it by setting this option to “no”.

  PubkeyAuthentication yes

• PasswordAuthentication: This option controls whether password authentication is allowed. By default, password authentication is enabled, but you can disable it by setting this option to “no”.

  PasswordAuthentication no

Once you have edited the OpenSSH server configuration file, you need to restart the OpenSSH server to apply the changes. You can do this by running the following command:

sudo systemctl restart ssh 

Step 3: Using the OpenSSH Client to Connect to a Remote System:

To connect to a remote system using OpenSSH, you will need to use the OpenSSH client, which is included in most Linux distributions. To connect to a remote system, you need to know the IP address or hostname of the system, as well as the username and password of a user account on the remote system.

To connect to a remote system, open a terminal and enter the following command:

# Syntax
ssh username@remote_system

Replace “username” with the username of the user account on the remote system, and “remote_system” with the IP address or hostname of the remote system. For example, to connect to a remote system with the IP address 192.168.1.100 as the user “user1”, you would enter the following command:

ssh user1@192.168.1.100 

If this is the first time you are connecting to the remote system, you will be prompted to confirm the authenticity of the host. Type “yes” to continue. You will then be prompted to enter the password for the user account on the remote system. Once you have entered the correct password, you will be logged in to the remote system.

Step 4: Securing the OpenSSH Server:

To secure the OpenSSH server, there are several steps you can take:

• Use strong passwords: Make sure that all user accounts on the OpenSSH server have strong, unique passwords. Avoid using easy-to-guess passwords, and use a combination of letters, numbers, and special characters.
• Use public key authentication: Instead of using passwords for authentication, consider using public key authentication. With public key authentication, you generate a public and private key pair, and the public key is copied to the remote system. When you connect to the remote system, you use the private key to authenticate, instead of a password. This is more secure than password authentication, as the private key is much harder to guess than a password.
• Limit access to specific users: Instead of allowing any user to connect to the OpenSSH server, consider limiting access to specific users. You can do this by adding the names of the allowed users to the “AllowUsers” option in the OpenSSH server configuration file.
• Limit access to specific IP addresses: If you only want to allow connections from specific IP addresses, you can use the “AllowUsers” and “DenyUsers” options to specify which users are allowed to connect from which IP addresses.
• Use a firewall: Use a firewall to block access to the OpenSSH server from unwanted IP addresses. You can use the FirewallD service on Pop!_OS to set up a firewall and allow connections only from specific IP addresses.

Conclusion

In summary, OpenSSH is a powerful and flexible tool for securely accessing and managing remote systems. By following the steps outlined in this article, you can install and configure the OpenSSH server on Pop!_OS, use the OpenSSH client to connect to a remote system, and secure the OpenSSH server to protect against unauthorized access.

The post How to Install and Secure OpenSSH Server on Pop!_OS appeared first on TecAdmin.

In this tutorial, we will help you to set up an SFTP server and create an SFTP-only user on Ubuntu 22.04 systems. That account can connect over SFTP but is not able to connect over SSH. Also, this will restrict (chroot) the SFTP user to a specific directory only.

Prerequisites

• A running Ubuntu 22.04 LTS system with shell access
• Requies a sudo privileged account

Step 1 – Installing OpenSSH Server

The Ubuntu servers have already installed the OpenSSH server but the desktop systems may not have it. Use the following command to install and run OpenSSH server:

sudo apt update && sudo apt install openssh-server 

Step 2 – Create SFTP User

First of all, create a new account in your system to use as sftp user.

The following command will create a new account named sftpuser with no shell access. You can change the username of your choice

sudo adduser --shell /bin/false sftpuser 

Step 3 – Configure SFTP Directory

Now, create the directory structure to be accessible by the sftp user.

sudo mkdir -p /var/sftp/files 

Here we will allow users to access the “files” directory only.

Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only.

sudo chown sftpuser:sftpuser /var/sftp/files 

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp 
sudo chmod 755 /var/sftp 

Step 4 – Update SSH Configuration File

Now edit the SSH configuration file in a text editor

sudo vim /etc/ssh/sshd_config 

and add the following settings at end of file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Make sure to add configuration after the Subsystem line as shown in below screenshot:

Save the configuration file and close it.

Now validate the configuration file.

sudo sshd -t 

If the validation is successful, no output will be displayed. In case, any error shows in the output, make sure to fix it before running the next commands.

Restart the SSH service to apply changes.

sudo systemctl restart ssh 

All done. SFTP-only user is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.

Step 5 – Connect to SFTP User

One can connect to a remote SFTP server using a command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp to only an account on the Ubuntu system.

Linux users can use the sftp command-line utility to connect to a remote sftp instance.

sftp sftpuser@192.168.1.210 

sftpuser@192.168.10.100's password:
sftp>

You can also connect to a remote SFTP server using graphical interface applications like FileZilla. That is available for both Linux and Windows users. Open the Filezilla application and input to sftp details:

• Host: sftp://system-ip-host
• Username: Use SFTP user created in step 1.
• Password: Use SFTP user password created in step 1.
• Port: Use SSH server port or keep empty for default port.

Click the Quickconnect button:

Verify no shell access:

As this account is configured for SFTP-only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. The user will get the below message:

ssh sftpuser@192.168.1.210  

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

Conclusion

In conclusion, setting up an SFTP server is a great way to securely transfer files between computers. By following the steps in this article, you can set up your own SFTP server in no time on Ubuntu systems. If you have any questions, feel free to leave a comment below and we’ll be happy to help.

The post How to Create SFTP User in Ubuntu 22.04 (No Shell Access) appeared first on TecAdmin.

So to solve this problem, SSH allows you to set and use the ssh config file for different use-cases. SSH uses a system and custom or user-specific configuration file. You can customize and configure client-side connection options and can store information of every remote server you connect with. In today’s article, we will explain how to use the ssh config file and explain some of the common configuration options.

With an SSH config file, you can define and store settings for specific remote machines. And this eliminates the need to keep a track of every information like password, username, IP address, etc required to connect with a remote server.

What is the location of the SSH Config file

So as we told you previously, two types of configuration files are available in SSH – System-wide and User-specific(Custom) configuration files. And their locations are:

1. System-wide configuration file: This file mainly contains default information that applies to all the system users and you can find it at /etc/ssh/ssh_config
2. User Specific or Custom configuration file: This configuration file is specific to the user and in this article; this file will be our major focus.

Every user can maintain a custom or client-side SSH configuration file and it can store some common information that is used while making a connection. The file remains in read and write format for the user and others cannot access that.

The Client or custom configuration file is stored in the user’s home directory in the ~/.ssh directory. You will find it here – ~/.ssh/config or $HOME/.ssh/config

By default, the user-specific configuration file does not exist. So you can create it with this command:

touch ~/.ssh/config 

Also, if you do not find the ~/.ssh directory, you can create it with this command:

mkdir -p ~/.ssh 
chmod 0700 ~/.ssh  

Understand the structure of the SSH Config file

The Configuration file is specific to every host and contains information related to connection with a server. Every section starts with a header definition for the host and it is followed by the information and values that should be matched for connections. The file format will look like this:

Host Host1
    ssh_option1 Value Custom Value
    ssh_option2 Value Custom Value
    ssh_option3 Value  Custom Value

Host Host2
    ssh_value Value Custom Value

Host *
    Ssh_option Value Custom Value

How does the SSH configuration file work

Normally if you want to connect to a remote server, you will use this command:

ssh -i ~/.ssh/id_rsa -p 22 hostname@IPaddress 

It is not an easy task to remember the hostname and IP address of all the servers you connect with. So with the configuration file, you can connect with a single command.

ssh hostname 

The SSH will use the information from the configuration file to connect to the remote server. So let’s understand the working of the config file. For example, if you run the following command:

ssh Host1 

SSH will first match the hostname with each host mentioned in the config file with a top-to-down approach and will find the Host1 header file. Once SSH finds a match for Host1, it will check for other hosts too if there is any other similar match. If there is no other match, SSH will interpret the option values mentioned with Host1 to connect with the server.

Using the SSH Config File

Now we know that what is SSH Config file is and how does it work. Now let’s understand how you can use it to simplify the remote connection environment.

Open the configuration file in an Editor.

vi ~/.ssh/config 

And you can define username, IP address, and port values in it. For example:

Host TecAdmin
         HostName 192.167.54.19
         Port 2222
         Forwardx11 no

Host *
         User tecadmin1
         IdentityFile ~/.ssh/id_rsa
         Protocol 2
         Compression yes
         ServerAliveInterval 60
         ServerAliveCountMax 20
         LogLevel Info

Explanation of values used in the file:

• HostName: IP address of the remote server host in which you want to login.
• User: Name of the user, you will log in as.
• Port: The port you want to connect on the remote server.
• Protocol: The version of protocol SSH should prefer. You can enter multiple values separated by a comma.
• IdentityFile: Location of file that contains RSA, ECDSA, and DSA authentication Identity of the user.
• ForwardX11: It allows you to forward the remote server display on your machine.
• Compression: You want to use compression during the remote server connection or not. Turning it on can be useful for you if you have a slow connection
• ServerAliveinterval: It is used to set a timer in seconds for the server connection and in the given time if no response is received from the server, ssh will send a message to request a response.
• ServerAliveCountMax: It sets the number of messages that should be sent to request a response from the server.
• LogLevel: It tells the verbosity level used when logging.

Conclusion

So now you know, how a single configuration file can be so useful for you if you connect with remote servers frequently. You do not need to remember multiple hostnames, ip addresses, and ports.

The post How to Use SSH Config File appeared first on TecAdmin.

SSH works by installing SSH server and SSH application respectively on destination(remote) and source(Client) machine.

After installing the SSH application on the client-side, you can provide information related to the remote server. On the server-side, There will be an SSH daemon that continuously checks for specific TCP/IP ports for client connection requests. Once the client initiates the connection requests with the right credentials, the SSH daemon starts exchanging the identification data with the client to establish a secured remote connection.

You can log in to your remote SSH server by types:

• Password Authentication
• Public Key Authentication (Passwordless)

In this tutorial, we will find out how to set up a Public key-based or passwordless SSH Login.

How to Setup Passwordless SSH Login

In passwordless or key-based authentication we create a pair of keys –

• Private key: Stored securely and secretly on the client-side.
• Public key: Stored or given to the server that we want to access.

When we try to connect with a remote server using the authentication key, a message will be created by the public key based on the remote server. That message can only be read with the private key based on the client-server. After reading that message, the Client-server will send a response to the remote server to verify and establish the connection. Once you create and set up the keys, the entire process will be completed automatically.

How to create SSH Keys

So before we create a new key pair, let’s check once if you have already a key pair or not on your system, and for that, you can run the following command in your command line:

ls -al ~/.ssh/id_*.pub 

If you find the keys then you can use them for the further process otherwise you can create new ones. To generate new key pair, open your command line and enter this code:

ssh-keygen -t rsa 

Enter and accept the default location. Next, you will be asked for a passphrase. It depends on you that if you want it or not. If you do not want it then press Enter otherwise enter a passphrase for an extra layer of security. Also, not using a passphrase will help you in automating a lot of tasks. After hitting Enter, your keys will be created. You can list your keys with this command.

ls ~/.ssh/id_* 

Now as we have generated our keys, it’s time to copy the key on the remote server that you want to access. We will do this with the ssh-copy-id command. Type the following command on your command line:

ssh-copy-id -i ~/.ssh/id_rsa.pub remote_username@server_ip_address 

You will be asked for the remote_user password. Once you enter the correct password, the public key will be stored in the remote server.

Now you can log in to your remote server without a password. Use the following command to establish a connection immediately:

ssh remote_username@server_ip_address 

How to disable Password Authentication

So as we have created our SSH keys, now we can disable the password authentication for security. Before disabling the password authentication, make sure you have stored the public key on your remote server and you are able to log in using the authentication key.

To disable the password authentication, enter the following command and open SSH configuration files as a root user or sudo privileged user.

sudo nano /etc/ssh/sshd_config 

Then search for the ‘password authentication’ line and modify it as follow:

PasswordAuthentication no

After changing it, save your file and restart the SSH service.

sudo systemctl restart sshd 

Now you will be able to login into the remote server without a password.

Conclusion

SSH is a secured and easy method to connect to a remote server. It is a simple and common Linux activity and you can learn it for your daily use. And you can even set up a passwordless SSH login by using authentication keys.

The post How to Set Up Passwordless SSH login appeared first on TecAdmin.

FTP is very helpful for businesses as it allows them to perform important functions such as the transfer of large and bulky files on a routine basis. These activities cannot be done over email or through other basic file-sharing programs. It is also used to upload and manage website files to the server.

The FTP is still a very popular way for transferring files but due to the security regions, many peoples prefer SFTP. Use this article to create SFTP only users without shell access.

In this write-up, we will be focusing on how to set up an FTP server with VSFTPD on Ubuntu 20.04.

Installing vsftpd on Ubuntu

VSFTPD is the default FTP server for most Linux distributions. We will start off by installing it on our system. Use the command given below to install VSFTPD.:

sudo apt update 
sudo apt install vsftpd 

Now verify the successful installation of VSFTPD by executing the following command:

sudo systemctl status vsftpd 

How to Configure vsftpd on Ubuntu

Now we will configure the newly installed vsftpd. The configuration rules of vsftpd are stored in /etc/vsftpd.conf. Open the configuration file in any text editor. Here we will use nano to open the configuration file:

sudo nano /etc/vsftpd.conf 

Update the following configuration settings:

1. FTP access

   To only allow local users to access FTP server, make sure your configuration file matches the one given below:

   anonymous_enable=NO
   local_enable=YES
   

2. FTP Passive connections

   VSFTPD works on the active mode by default. To allow VSFTPD to work on passive mode copy the below-given lines into your configuration file:

   pasv_min_port=40000
   pasv_max_port=45000
   

   You can give any range of ports to the configuration file. The system will connect a random port from the range you’ve chosen.

   The connection is established by the server in active mode whereas in the passive mode the connection is established by the client’s side.

3. Enable Uploads

   To allow the FTP user to modify the filesystem, search for the following line in the configuration file and uncomment it by removing the ‘#’ (hash) symbol from the beginning of the line:

   write_enable=YES
   

4. Restrict FTP access

   To allow only certain users to access VSFTPD, copy the below given lines at the end of the configuration file:

   userlist_enable=YES
   userlist_file=/etc/vsftpd.user_list
   userlist_deny=NO
   

These configuration settings are very basic. You can set the configuration rules according to your own needs.

Press Ctrl + X and then hit Enter to save and exit the text file. Now run the following command to restart the VSFTPD service:

sudo systemctl restart vsftpd 

How to Configure the Firewall For FTP on Ubuntu

Now we will configure the firewall to allow FTP traffic. We will open ports 20 and 21, the default/recommended ports for FTP, and ports 40000:45000 for passive FTP. But first, let’s allow SSH by using the command given below otherwise we may get locked out of our server:

sudo ufw allow OpenSSH 

If you get an error “ERROR: Could not find a profile matching ‘OpenSSH’” then you first need to install OpenSSH before running the above command. Use the following command to install OpenSSH on your system:

sudo apt install ssh

Once everything is set up, open the default ports 20 and 21 for FTP:

sudo ufw allow 20:21/tcp

Open the ports 40000:45000 for passive FTP as well:

sudo ufw allow 40000:45000/tcp

Now run the firewall by using the following command. Ignore, if it gives a warning about the disruption of SSH connection. Press y and hit Enter:

sudo ufw enable

The firewall is already active and enabled on my system.

You may run the following command to verify the firewall rules that were just added:

sudo ufw status

How to Create a user for FTP on Ubuntu

Use the “adduser” command to create a new user. We will use this user to login into FTP.

sudo adduser test_user 

The terminal will ask you to set the password of the new user. It will also ask for a few other details. Just press Enter if you do not want to provide these details.

You can restrict this user’s SSH access if you only want them to log in through FTP. Use the nano editor to open the SSH configuration files:

sudo nano /etc/ssh/sshd_config 

Now copy the following line and paste it into the configuration file to restrict the users access:

DenyUsers test_user

(Do remember to replace “test_user” with the actual name of your user)

Save and exit the configuration file and reboot the SSH service using the below-given command to let the changes take effect:

sudo systemctl restart ssh

Now add the user to the list of FTP users by running the following command:

echo "test_user" | sudo tee -a /etc/vsftpd.user_list

Next make a new directory for the user to use for uploading the files:

sudo mkdir -p /home/test_user/ftp/test_dir 

Now give permissions to the new user according to your requirements. Here we are giving the following permission to the test_user:

sudo chmod 550 /home/test_user/ftp 
sudo chmod 750 /home/test_user/ftp/test_dir 
sudo chown -R test_user: /home/test_user/ftp 

Here 550 gives the “read” and “execute” permission in the following way:

While 750 gives the “write” permission as well to the owner in the following way:

That’s it. Your FTP server has been fully set up.

Conclusion

FTP is used to transfer files between computers on a network. It is a protocol that dictates (instructs) how data is transferred between computers on the network. People still use FTB but it is not as secure as SCP or SFTP.

In this write-up, we focused on how to install, set up, and configure VSFTPD. Moreover, we comprehended how to configure firewalls and create a new user for FTP.

You may also like another tutorial, how to download and upload files using ftp command line.

The post How To Setup FTP Server with VSFTPD on Ubuntu 20.04 appeared first on TecAdmin.

This blog post describes you create SFTP-only users without shell access on Ubuntu and Debian systems.

Step 1- Creating a New User

First of all, create a user account in your system to use as an SFTP user. The following command will create a new account named sftpuser with no shell access. You can change the username of your choice

sudo adduser --shell /bin/false sftpuser 

The command will prompt for the password to be set for a new account.

Step 2 – Create Directory for SFTP

Now, create the directory structure to be accessible by the SFTP user.

sudo mkdir -p /var/sftp/files 

Here we will allow users to access the “files” directory only.

Now, change the ownership of the files directory to the sftpuser. So that SFTP users can read and write on this directory only. No files outside of this directory will be accessible.

sudo chown sftpuser:sftpuser /var/sftp/files 

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp 
sudo chmod 755 /var/sftp 

It will restrict SFTP users from writing files under /var/sftp directory.

Step 3 – Configure sshd for SFTP Only

/etc/ssh/sshd_config is the main configuration file of the OpenSSH server. Be careful with changing this configuration file, because any mistake can lead to connection loss.

Edit the SSH configuration file in a text editor:

sudo vim /etc/ssh/sshd_config 

then add the following settings at end of the file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the file and close.

The directives are:

• Match User Defines the username, on which the SFTP only configurations applied. In our case it is: sftpuser
• ForceCommand internal-sftp enforce the SFTP only access to user and restrict for the shell access.
• PasswordAuthentication yes allows password authentication for the user.
• ChrootDirectory /var/sftp Restrict user to access directories under this directory only. Here /var/sftp is act as the root directory of the user.
• AllowAgentForwarding no Specifies whether ssh-agent forwarding is permitted. The default is yes.
• AllowTcpForwarding no Specifies whether TCP forwarding is permitted. The default is yes.
• X11Forwarding no Specified where the graphical application is permitted for not

Restart SSH service to apply new settings:

sudo systemctl restart ssh 

That’s it. You have successfully completed the instructions to create an SFTP-only user on Debian-based systems.

Step 4 – Security Tips (Options)

Here are some basic but important security tips for SFTP accounts in a production environment.

1. Run SSH server on a non-standard port
2. Disallow the password authentication and configure key-based authentication
3. Make sure the firewall is restricted to specific IP addresses only
4. And keep the OpenSSH package up to date

Conclusion

This tutorial describes you create SFTP-only users in the Ubuntu system. It will disabled shell access for the same users to restrict to a specified directory only.

The post How to Create SFTP Only User in Ubuntu & Debian appeared first on TecAdmin.

Most Linux distributions use OpenSSH as the default application as an SSH server. It encrypts all traffic throughout the route and provides a higher level of security. This article describes you to change the OpenSSH server port on a Linux system.

Change SSH Port in Linux

Changing SSH port is a straightforward process in Linux systems. Any system can use the port range 1 to 65535, For TCP, port number 0 is reserved and cannot be used. The default SSH service listens on port 22. Just this port with some other ports.

To change SSH port in Linux, edit OpenSSH configuration file:

sudo nano /etc/ssh/sshd_config 

• Change from – Search for the below line, default it can be commented.

  #Port 22
  

• Change to – Remove ‘#’ symbol from prefix to uncomment above line, Then replace 22 with a non-standard port like:

  Port 2232
  

To save and close file press CTRL + X keys, then press ‘y’ and hit enter button.

Now, restart the SSH daemon to apply changes.

sudo systemctl restart ssh 

That’s it. The SSH service is now running on an updated port as configured above.

Connect SSH to New Port

The SSH service is listening on a non-standard port. So, you have to provide a port number while connecting the server using the ssh client.

Use the following command from the client machine to connect the remote server to a new port.

ssh -p 2232 user@remote-host 

The rsync user follow these instructions to connect remote system on a different port.

Conclusion

This tutorial helped you to secure your Linux server by changing the SSH port to a non-standard port. Once the SSH port is changed, you must update the firewall rules to secure the new port.

The post How to Change SSH Port in Linux appeared first on TecAdmin.

Prerequisites

Before you can install OpenVPN Client on Ubuntu, you’ll need to make sure you have the following:

• The latest version of Ubuntu is installed on your computer.
• A reliable internet connection.
• An OpenVPN configuration file, which you can get from your VPN provider.
• A working VPN account.

Once you have all the prerequisites in place, you’re ready to start installing OpenVPN Client on Ubuntu.

Step 1 – Installing OpenVPN Client on Ubuntu

Installing OpenVPN Client on Ubuntu is relatively easy. Just follow the steps below and you should be up and running in no time.

1. Open a terminal window on your Ubuntu machine and type in the following command: sudo apt install openvpn. This will install the OpenVPN package on your system.

   sudo apt update && sudo apt install openvpn -y 
   

2. Once the package is installed, you’ll need to create a configuration file. To do this, type in the following command in the terminal window:

   sudo nano /etc/openvpn/client.conf 
   

   This will open a text editor where you can paste the configuration file (opvn) from your VPN provider.

3. Once you’ve pasted the configuration file, save and exit the text editor by pressing Ctrl+X followed by Y and then Enter.

Step 2 – Connecting to a VPN Server with OpenVPN Client

Once you’ve installed OpenVPN Client on Ubuntu, you can easily connect to a VPN server. All you need to do is type in the following command in the terminal window:

sudo openvpn --config /etc/openvpn/client.conf 

This will start the OpenVPN Client and you’ll be prompted to enter your VPN username and password. Once you’ve done that, you’ll be connected to the VPN server.

Output:
Sat Feb 29 15:39:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194
Sat Feb 29 15:39:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Feb 29 15:39:18 2020 UDP link local: (not bound)
Sat Feb 29 15:39:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194
Sat Feb 29 15:39:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd
Sat Feb 29 15:39:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Sat Feb 29 15:39:18 2020 VERIFY OK: depth=0, CN=tecadmin-server
Sat Feb 29 15:39:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sat Feb 29 15:39:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194
Sat Feb 29 15:39:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1)
Sat Feb 29 15:39:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: timers and/or timeouts modified
Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 29 15:39:19 2020 OPTIONS IMPORT: route options modified

Step 3 – Verify Connection

Once your client machine successfully established the VPN connection, A new virtual interface is created on your system named tun0. The OpenVPN server assigned an IP address to this interface based on server configuration. This IP will be in the same network as the VPN server. To view IP address of this virtual interface, type:

ip a show tun0 

Output:
4: tun0:  mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

You can also check the OpenVPN server log to verify the connection status:

sudo tail -f /var/log/openvpn.log 

You should see the following output:

Output:
Fri Feb 21 15:39:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sat Feb 29 15:41:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445
Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445
Sat Feb 29 15:41:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6
Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST'
Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Feb 29 15:41:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Troubleshooting Tips for Installing OpenVPN Client on Ubuntu

If you’re having trouble installing OpenVPN Client on Ubuntu, here are a few troubleshooting tips that might help:

• Make sure that your OpenVPN configuration file is correct. Double-check it for any typos or errors and make sure all the settings are correct.
• Make sure that your internet connection is stable and fast. If your connection is slow or unreliable, it may cause issues with the installation process.
• If you’re still having trouble, try reinstalling the OpenVPN package. You can do this by typing in the following command in the terminal window: sudo apt --purge remove openvpn followed by sudo apt install openvpn.
• If you still can’t get it to work, try using a different OpenVPN client. There are several alternatives available such as OpenConnect, OpenVPN GUI, or Viscosity.

Alternatives to Installing OpenVPN Client on Ubuntu

If you don’t want to install OpenVPN Client on Ubuntu, there are several alternatives available. Here are some of the most popular ones:

• OpenConnect – This is an open-source VPN client that is compatible with most VPN providers. It supports both command-line and GUI options.
• OpenVPN GUI – This is a graphical user interface for OpenVPN. It’s user-friendly and easy to set up.
• Viscosity – This is a commercial VPN client that supports a wide range of VPN protocols. It’s user-friendly and fully featured.

Conclusion

Installing OpenVPN Client on Ubuntu is easy. Just follow the steps outlined in this guide and you’ll be connected to a secure, encrypted VPN server in no time. Make sure to double-check your OpenVPN configuration file for any typos or errors, and if you’re still having trouble, try using a different OpenVPN client. Good luck!

If you found this guide helpful, please share it with your friends and family. And if you have any questions or comments, feel free to leave them in the comments section below.

The post How to Install & Connect OpenVPN Client on Ubuntu appeared first on TecAdmin.

Step 1 – Create Account

First of all, create a user account for the sftp access. For this tutorial, we are creating a user named sftpuser with no shell access. Also, set a strong password for the user.

sudo adduser --shell /bin/false sftpuser
sudo passwd sftpuser

Changing password for user sftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Step 2 – Create Directory

Now, create the directory structure to be accessible by sftp user. we will restrict the new user to this directory only. So the user can’t access files to other directories.

sudo mkdir -p /var/sftp/files

Change the ownership of the directory to newly created sftp users. So that sftpuser can read and write on this directory.

sudo chown sftpuser:sftpuser /var/sftp/files

You must set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

Step 3 – Configure SSH for SFTP

As we know the SFTP runs over the SSH protocol, So we need to configure this in the configuration file. Edit the SSH configuration file in a text editor.

sudo vim /etc/ssh/sshd_config

And add the following settings at end of the file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the configuration and restart SSH service to apply changes.

sudo systemctl restart sshd.service

All done, Your system is ready to accept sftp only connection for the created account. Let’s test the sftp connection and also make sure that the user is not authorized to SSH.

Step 4 – Test SFTP Connection

I am using FileZilla for the connection to the SFTP instance from my Windows systems. Linux desktop users can also use Filezilla for connection.

For the Linux server, users can use sftp command-line utility to connect to remote sftp instance.

sftp sftpuser@sftp.tecadmin.net

Connecting to sftp.tecadmin.net...
sftpuser@sftp.tecadmin.net's password:
sftp>

Connect with FileZilla:

This account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:

ssh sftpuser@sftp.tecadmin.net

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

The above message (This service allows sftp connections only.) shows that the user has sftp access only. Users can’t connect server over SSH.

The post How to Create SFTP User without Shell Access on CentOS/RHEL 8 appeared first on TecAdmin.

Step 1 – Create Account

First of all, create a user account to use for sftp access. Below command will create user named sftpuser with no shell access.

sudo adduser --shell /bin/false sftpuser
sudo passwd sftpuser

Step 2 – Create Directory

Now, create the directory structure to be accessible by sftp user.

sudo mkdir -p /var/sftp/files

Change the ownership of the files directory to sftp user. So that the sftpuser can read and write on this directory.

sudo chown sftpuser:sftpuser /var/sftp/files

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

Step 3 – Configure SSH for SFTP

Now edit the SSH configuration file in a text editor

sudo vim /etc/ssh/sshd_config

and add the following settings at end of file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the configuration and restart SSH service to apply changes.

sudo systemctl restart sshd.service

Step 4 – Test SFTP Connection

I am using FileZilla for the connection to the SFTP instance from my Windows systems. Linux desktop users can also use Filezilla for connection.

For the Linux server, users can use sftp command-line utility to connect to remote sftp instance.

sftp sftpuser@sftp.tecadmin.net

Connecting to sftp.tecadmin.net...
sftpuser@sftp.tecadmin.net's password:
sftp>

Connect with FileZilla:

As this account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:

ssh sftpuser@sftp.tecadmin.net

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

The post How to Create SFTP User without Shell Access on CentOS/RHEL 7 appeared first on TecAdmin.