Saltar al contenido principal

SSH and command line

¿ Qué es SSH ?

SSH est un acrónimo por Secure Shell, y representa un protocolo que permite controlar remotamente una máquina vía la línea de comandos (CLI). También es un comando básico disponible en los terminales de GNU/Linux y macOS. En Windows, hace falta utilizar el programa MobaXterm (después de haberlo iniciado, clicar sobre Session y luego SSH).

La interfaz de línea de comandos (CLI) es, en informática, la manera original (y más técnica) de interactuar con un ordenador. Está generalmente considera como más completa, más potente y eficaz que las interfaces gráficas, aunque sea más difícil de aprenderla.

Durante la instalación de YunoHost

Encontrar su IP

Si instalas YunoHost en un VPS, tu proveedor debería haberte comunicado la dirección IP de tu servidor.

Si instalas un servidor en tu casa (por ejemplo en Raspberry Pi u OLinuXino), tienes que encontrar el IP que fue atribuido a tu tarjeta cuando la conectaste a tu router / caja Internet. Hay varias maneras de hacerlo :

Address to use

If you are installing at home (e.g. on a Raspberry Pi or OLinuXino or old computer):

  • you should be able to connect to your server using yunohost.local (or yunohost-2.local, depending on how many servers are on your network).
  • if yunohost.local and the like do not work, your need to find out the local IP of the server.
  • if you installed a server at home but are attempting to connect from outside your local network, make sure port 22 is correctly forwarded to your server.

If your server is a remote server (VPS), your provider should have communicated you the IP address of the machine

In any cases, if you already configured a domain name pointing to the appropriate IP, it's much better to use your.domain.tld instead of the IP address.

Connecting

The SSH command typically looks like:

# before the postinstall:
ssh root@11.22.33.44

# or after the postinstall:
ssh username@11.22.33.44

# using the domain name instead of the IP (more convenient)
ssh username@your.domain.tld

# using the local domain name instead of the IP (for local access)
ssh username@yunohost.local

# if you changed the SSH port
ssh -p 2244 username@your.domain.tld
nota

fail2ban will ban your IP for 10 minutes if you perform 10 failed login attempts. If you need to unban the IP, have a look at the page about Fail2Ban

Which other users may connect to the server?

By default, only YunoHost users in the admins group can log in to YunoHost's SSH and SFTP servers. Non-admin YunoHost users can't connect via SSH for security reasons. With the permissions system it is possible to specifically grant SFTP or even SSH access to non-admin users.

precaución

Be careful who you give SSH access to. This increases even more the attack surface available to a malicious user.

Go to Users > Manage groups and permissions.

From here, you can add SFTP or SSH permissions to any user or group.

If you want to add an SSH public key to the user, you have to do it from the command line, as the web interface does not yet offer this feature.

Security and SSH

A more extensive discussion about security & SSH can be found on the dedicated page.

The command line

info

Providing a full tutorial about the command line is quite beyond the scope of the YunoHost documentation : for this, consider reading a dedicated tutorial such as this one or this one. But be reassured that you don't need to be a CLI expert to start using it !

The yunohost command

The yunohost command can be used to administer your server and perform the various actions similarly to what you do on the webadmin. The command must be launched either from the root user or from the admin user by preceeding them with sudo. (ProTip™ : you can become root with the command sudo su as admin).

YunoHost commands usually have this kind of structure :

yunohost app install wordpress --label Webmail
          ^    ^        ^             ^
          |    |        |             |
    category  action  argument      options

Don't hesitate to browse and ask for more information about a given category or action using the the --help option. For instance, those commands :

yunohost --help
yunohost user --help
yunohost user create --help

will successively list all the categories available, then the actions available in the user category, then the usage of the action user create. You might notice that the YunoHost command tree is built with a structure similar to the YunoHost admin pages.

The yunopaste command

This command allow you to share with an other person the output of a command.

Example:

yunohost diagnosis show | yunopaste

The ynh-vpnclient-loadcubefile.sh command

This command is only available if you have the VPN Client application installed. You can use it to load a new .cube in case you can't get to the VPN Client interface to do so.

ynh-vpnclient-loadcubefile.sh -u <username> -p <password> -c <path>.cube

Some useful commands

If your administration web interface indicates that the API is unreachable, try starting yunohost-api:

systemctl start yunohost-api

If you can no longer connect with the user admin via SSH and via the web interface, the slapd service may be down, try restarting it:

systemctl restart slapd

If you have manually modified configurations and want to know the changes:

yunohost tools regen-conf --with-diff --dry-run