DEV Community: Sneh Chauhan

Cannot use a custom SSH port in Ubuntu 22.10 or above? Here's a fix

Sneh Chauhan — Wed, 01 Nov 2023 18:21:10 +0000

In recent versions of Ubuntu, specifically from version 22.10 onwards, Ubuntu has shifted from Traditional SSH to Socket-Based SSH activation. This adoption has brought several improvements in system resource utilization and service responsiveness. However, it has also introduced a challenge for users accustomed to configuring their SSH service the traditional way.

Setting up a custom SSH port the old way

In earlier versions of Ubuntu, the process of changing SSH port was straightforward: locate and edit "sshd_config" file (usually in /etc/ssh), adjust the "Port" parameter to the desired port, save and exit the file, open the new port in the firewall, and finally, restart the SSH service. This ensures that SSH would listen on the newly specified port. However, in Ubuntu 22.10 and above, due to the adoption of Socket-based activation, a different method is now required to modify the SSH port. Even the /etc/ssh/sshd_config file includes a section mentioning this:

Setting up a custom SSH port the "NEW" way

As discussed earlier, in Ubuntu 22.10 and beyond, a new approach using Socket-based activation has been introduced to modify the SSH port. This method leverages "systemd" to handle the SSH service. Here's a step-by-step process for changing the SSH port:

Step 1: Create the necessary directory

Open your terminal and execute the following command:

sudo mkdir -p /etc/systemd/system/ssh.socket.d

This command ensures that the necessary directories exist for systemd to manage the SSH socket.

Step 2: Create the configuration file (listen.conf)

sudo vim /etc/systemd/system/ssh.socket.d/listen.conf

If you want SSH to listen on both port 22 and your custom port 54872, add the following lines:

[Socket]
ListenStream=54872

Else, if you want SSH to listen on your custom port "54872 only", add the following lines:

[Socket]
ListenStream=
ListenStream=54872

Next, save the file and exit.

Step 3: Reload the systemd manager configuration:

sudo systemctl daemon-reload

This will ensure that systemd recognizes the new configuration.

Step 4: Restart the SSH socket:

sudo systemctl restart ssh.socket

Step 5: Verify the change:

To confirm that the SSH port has been successfully changed, attempt to connect to your server using the new port, in this case, 54872.

ssh <user>@<your_server_ip> -p 54872

If successful, you've now securely configured SSH to use the new port.

Reverting to the Traditional method of setting a custom SSH port

The shift to socket-based activation for SSH in Ubuntu versions 22.10 and above has evoked varied reactions from users. While some acknowledge its potential advantages in efficiency and resource handling, others face difficulties, particularly concerning custom port configurations and the inclination to return to the conventional SSH setup.

Returning to the traditional configuration involves a sequence of five steps. The following commands facilitate its implementation:

sudo rm /etc/systemd/system/ssh.service.d/00-socket.conf
systemctl disable --now ssh.socket
systemctl enable --now ssh.service
sudo systemctl daemon-reload
sudo systemctl restart ssh

Conclusion

Ubuntu's new way of doing things with Socket-based activation brings benefits, but some users find it tricky. Many prefer the old, familiar method. It's important to find a balance between new ideas and what users already know.

Additional Resources

If you are interested in knowing more about Traditional vs Socket-Based SSH Activation, check out my blog here.

Maximizing Efficiency: Socket-Based SSH Activation in Ubuntu 22.10 and above

Sneh Chauhan — Wed, 18 Oct 2023 18:00:44 +0000

Introduction

In the dynamic landscape of Ubuntu, innovation is the driving force that propels it forward. With the release of Ubuntu 22.10, a seismic shift has occurred in how we interact with one of the most fundamental services: SSH. Meet socket-based activation, a game-changer in how we handle remote connections.

This paradigm shift introduces a more resource-efficient approach to launching SSH services, promising a more judicious allocation of system resources. In this blog post, we embark on a journey through this transformative feature, exploring the intricacies of socket-based activation for SSH in Ubuntu 22.10 and beyond.

What is Socket-Based Activation?

Socket-based activation is a method used to manage services on a Linux system, including SSH. Traditionally, services like SSH were started directly by systemd. However, with Socket-based activation, the service won't start until there is an incoming request. This approach introduces a few key benefits :

Resource Efficiency: System resources like memory and CPU are used judiciously as the SSH service is started only when a connection is requested.
Faster Bootups: As SSH is only initiated when a connection is requested, it eases the burden on systemd when starting services during bootup.

Traditional SSH vs Socket-Based SSH

Traditional SSH involves starting the SSH service (ssh.service ) directly during system boot by systemd even when there is no incoming connection request. In contrast, Socket-based SSH (ssh.socket ) waits till a connection request is made and then it invokes the SSH service.

Inspecting the "ssh.service" unit in Traditional and Socket-Based SSH using systemctl gives us more information about the resource utilization :

As it can be seen in Traditional SSH, the ssh.service unit is "enabled" on startup and the memory usage is 14.6 megabytes.

On the other hand, in Socket-Based SSH, the ssh.service unit is "disabled" on startup and it is triggered by "ssh.socket" upon new connection request. The memory usage here is just 2.3 megabytes which is way less than Traditional SSH.

Which Ubuntu versions adopt this change?

Starting with Ubuntu 22.10 (Kinetic Kudu), this change in SSH activation method continues in subsequent versions 23.04 (Lunar Lobster) and 23.10 (Mantic Minotaur) which is the latest version at the time of writing this article.

How are Ubuntu users reacting to the change?

The transition to socket-based activation for SSH in Ubuntu 22.10 and above has brought about a mixed response from the user community. While many users appreciate the potential benefits in terms of efficiency and resource management, some have encountered challenges, particularly related to custom port usage and the desire to revert to the traditional SSH setup.

One notable concern revolves around the use of custom ports for SSH connections. With socket-based activation, users have found that configuring SSH to listen on a non-standard port can be more intricate than with the conventional setup. This has led to frustration for those who rely on custom ports for security reasons or due to network configurations.

Additionally, there's a segment of the user base that, for various reasons, prefers or requires the familiarity and predictability of the traditional SSH setup. These users have expressed a desire to revert back to the previous method of managing SSH services.

Conclusion

In summary, Ubuntu's move to socket-based SSH activation offers enhanced efficiency. User feedback, particularly on custom port configurations, is vital for refinement. With continued improvements, this feature is set to be a valuable asset.

useradd vs adduser: Which command to use?

Sneh Chauhan — Sun, 29 May 2022 07:35:51 +0000

Linux is amazing! Let me tell you what made me say so.

There are multiple ways to perform a function in Linux. Let's say you simply want to print "Hello World" to the screen. To do so, some beginners might create a new file, write "Hello world" to it and then use the cat command to print the contents of the file. Some experienced users may use the echo command to print the same to the screen. Both of them are correct as the job is done perfectly but the only difference is that using the echo command, we can accomplish the job quickly.

In this blog, we are going to discuss about one such function of creating a new user using two commands adduser and useradd. We'll also talk about which command you must use and when.

Let's dive right into it.

adduser command

The adduser command creates a new user on a linux system. Apart from this it does the following things:

Creates a new group.
Creates the home directory for new user under /home.
Asks for the password.
Asks for additional information such as Full Name, Room number, Work phone, Home phone and other information.

Note that you need superuser permissions to execute the command.

useradd command

The useradd command does the same thing as adduser command i.e creating a new user but with few differences.

It does not create a home directory for the new user by default.
It does not ask for password.
It does not ask for any additional information.

Note that you need superuser permissions to execute the command.

Although it does not ask for any additional information by default, you can provide them that information using the flags given below:

-c, --command : GECOS field for the new account.
-D, --defaults : Create new user with default set values.
-m, --create-home : Create user's home directory
-p, --password : Set Password for the account.
-e, --expire : Set the expiry date for the user.

You can view additional flags by using the command:



useradd --help

Which one should I use and when?

Well, in most of the cases you must use adduser command. It's easy to set up password, create home directory etc., using this command.

But that doesn't mean useradd command is useless. If you temporarily want to create a user without providing much details for the account, you can use the useradd command. Generally it's used while executing commands in automated way in scripts.

That's all for the blog. Comment down below your go-to command for creating a user.

Thank you for reading!

Nexus Repository Manager : What is it & how to configure it on a Digital Ocean Droplet?

Sneh Chauhan — Thu, 26 May 2022 09:12:02 +0000

Introduction

If you are working on a big project which would take long time, repository manager is the thing which can save you a lot of time and effort.

Let's say you are building a Java-Maven application. It uses Maven Central Repository for resolving dependencies. Now if you want to use a package not provided by Java by default, you need to get it from Maven Central. With repository managers, these packages are stored in the repository manager itself so you don't have to look for different packages at different places.

What is a Repository Manager?

A Repository manager is a dedicated server location which is used to manage all the repositories an development team will need throughout the development cycle.

We can consider Repository Manager as a Warehouse for parts. Just as a Warehouse serves as a centralized location for storage of parts and manages receiving, sending and everything in between, a Repository Manager manages all the parts involved in the software development process.

Repository v/s Repository Manager

A Repository is a storage location where components like artifacts, binaries or containers are retrieved so they can be installed or used whereas a **Repository Manager **is a dedicated application which manages all of your internal or proxy repositories.

Why do you need it? 🤔

Let's say you work in a company which is working upon multiple projects. Few of which are build using Java, .NET and Python. Each of these will produce different types of artifacts. Now you'll need different software to store each of them. A Repository manager solves this problem and provides a centralized platform to store all the components involved in the software development process. Few of the other features of a repository manager are :

👉 Saving time and bandwidth due to reduced number of downloads off remote repositories.

👉 Backup and Restore

👉 Cleanup Policies

👉 Search Functionality

👉 Multi-format support

Why Nexus Repository Manager? 🤔

Nexus Repository Manager is a FREE-to-use artifact repository manager by Sonatype. It supports a wide variety of formats like APT, NuGET, Maven and Docker. List of all supported formats can be found here.

Now that you know what Nexus Repository Manager is, let me show you how to configure it on a cloud server. We'll configure Nexus on Digital Ocean Droplet(cloud server) for this blog but you can do the same on almost any other cloud service. Click here to get a FREE $100 credit on Digital Ocean for 60 days.

Configuring Nexus on Digital Ocean Droplet

STEP 1 : Create a Droplet (cloud server)

I've chosen Ubuntu 20.04 LTS but you are free to use distribution of your choice. You can choose the datacenter region which is nearest to your location. In my case it's Bangalore. You can use Password Authentication(less secure) or SSH keys(more secure) for authentication.

Note : Make sure you choose 8 GB/ 4 vCPUs droplet because Nexus takes up a ton of memory and has high CPU usage at times.

STEP 2 : Log in to the droplet using it's `public IP address`

If you used SSH key Authentication, you won't be prompted for password but if you used Password Authentication, you need to enter your password to authenticate yourself.

Note : The default user for any digital ocean droplet is root.

ssh root@<IP_address>

STEP 3 : Install `Java version 8` and networking tools.

Nexus repository manager requires Java version 8 to be installed to run.

We'll use netstat utility to check which port our application is listening to for which we need net-tools package to be installed.

To install Java version 8 and net-tools use the command :

apt install openjdk-8-jre-headless -y
apt install net-tools

To check if Java is properly installed, use the command :

java -version

The above command must give the output :

openjdk version "1.8.0_312"
OpenJDK Runtime Environment (build 1.8.0_312-8u312-b07-0ubuntu1~20.04-b07)
OpenJDK 64-Bit Server VM (build 25.312-b07, mixed mode)

STEP 4: Download `Nexus Repository Manager` and `untar` it.

To download Nexus Repository manager in /opt use command :

cd /opt
wget https://download.sonatype.com/nexus/3/nexus-3.38.1-01-unix.tar.gz

To untar it, use the command :

tar -zxvf nexus-3.38.1-01-unix.tar.gz

After executing the above commands, when executing the command ls(list files and directories) , it must have 2 new directories namely nexus-3.38.1-01 and sonatype-work.

root@ubuntu-s-4vcpu-8gb-intel-blr1-01:/opt# ls
digitalocean  nexus-3.38.1-01  nexus-3.38.1-01-unix.tar.gz  sonatype-work

STEP 5: Create a new user `nexus`, give it appropriate permissions and change nexus configuration to run as a `nexus` user.

Note : Services should not run with Root user permissions.

Best Practice : Create a new user for each service.

To create a new user nexus, use the command :

adduser nexus

It will ask for user information and password. To skip filling some values, press Enter key.

root@ubuntu-s-4vcpu-8gb-intel-blr1-01:~# adduser nexus
Adding user `nexus' ...
Adding new group `nexus' (1000) ...
Adding new user `nexus' (1000) with group `nexus' ...
Creating home directory `/home/nexus' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for nexus
Enter the new value, or press ENTER for the default
        Full Name []: Nexus
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

Change the ownership of directories nexus-3.38.1-01 and sonatype-work from root to nexus. To do so, use the command :

cd /opt
chown -R nexus:nexus nexus-3.38.1-01/
chown -R nexus:nexus sonatype-work/

To check if the ownership was changed, use the command :

ls -l

It must output :

drwxr-xr-x  4 root  root  4096 Apr  3 05:51 digitalocean
drwxr-xr-x 10 nexus nexus 4096 Apr  3 17:26 nexus-3.38.1-01
drwxr-xr-x  3 nexus nexus 4096 Apr  3 17:26 sonatype-work

To change nexus configuration to run as a nexus user, open the file nexus.rc using :

vim nexus-3.38.1-01/bin/nexus.rc

Replace it's contents with :

run_as_user="nexus"

STEP 6: Login as `nexus` and start `nexus service`

To switch user from root to nexus, use the command su - <user_name>.

su - nexus

Now, to start nexus, use the command :

/opt/nexus-3.38.1-01/bin/nexus start

It must give the output :

nexus@ubuntu-s-4vcpu-8gb-intel-blr1-01:~$ /opt/nexus-3.38.1-01/bin/nexus start
Starting nexus

To check if it started successfully or not, type :

ps aux | grep nexus

It must give the output :

nexus@ubuntu-s-4vcpu-8gb-intel-blr1-01:~$ ps aux | grep nexus
root       20134  0.0  0.0  10132  3868 pts/0    S    19:08   0:00 su - nexus
nexus      20137  0.0  0.0  10028  5092 pts/0    S    19:08   0:00 -bash
nexus      20353  170 24.3 6618988 1986448 pts/0 Sl   19:10   3:13 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -server -Dinstall4j.jvmDir=/usr/lib/jvm/java-8-openjdk-amd64/jre -Dexe4j.moduleName=/opt/nexus-3.38.1-01/bin/nexus -XX:+UnlockDiagnosticVMOptions -Dinstall4j.launcherId=245 -Dinstall4j.swt=false -Di4jv=0 -Di4jv=0 -Di4jv=0 -Di4jv=0 -Di4jv=0 -Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=../sonatype-work/nexus3/log/jvm.log -XX:-OmitStackTraceInFastThrow -Djava.net.preferIPv4Stack=true -Dkaraf.home=. -Dkaraf.base=. -Dkaraf.etc=etc/karaf -Djava.util.logging.config.file=etc/karaf/java.util.logging.properties -Dkaraf.data=../sonatype-work/nexus3 -Dkaraf.log=../sonatype-work/nexus3/log -Djava.io.tmpdir=../sonatype-work/nexus3/tmp -Dkaraf.startLocalConsole=false -Djdk.tls.ephemeralDHKeySize=2048 -Djava.endorsed.dirs=lib/endorsed -Di4j.vpt=true -classpath /opt/nexus-3.38.1-01/.install4j/i4jruntime.jar:/opt/nexus-3.38.1-01/lib/boot/nexus-main.jar:/opt/nexus-3.38.1-01/lib/boot/activation-1.1.1.jar:/opt/nexus-3.38.1-01/lib/boot/jakarta.xml.bind-api-2.3.3.jar:/opt/nexus-3.38.1-01/lib/boot/jaxb-runtime-2.3.3.jar:/opt/nexus-3.38.1-01/lib/boot/txw2-2.3.3.jar:/opt/nexus-3.38.1-01/lib/boot/istack-commons-runtime-3.0.10.jar:/opt/nexus-3.38.1-01/lib/boot/org.apache.karaf.main-4.3.6.jar:/opt/nexus-3.38.1-01/lib/boot/osgi.core-7.0.0.jar:/opt/nexus-3.38.1-01/lib/boot/org.apache.karaf.specs.activator-4.3.6.jar:/opt/nexus-3.38.1-01/lib/boot/org.apache.karaf.diagnostic.boot-4.3.6.jar:/opt/nexus-3.38.1-01/lib/boot/org.apache.karaf.jaas.boot-4.3.6.jar com.install4j.runtime.launcher.UnixLauncher start 9d17dc87 0 0 org.sonatype.nexus.karaf.NexusMain
nexus      20778  0.0  0.0  10616  3300 pts/0    R+   19:12   0:00 ps aux
nexus      20779  0.0  0.0   8160   732 pts/0    S+   19:12   0:00 grep --color=auto nexus

In my case the process with process ID 20353. By default it is accessible on the port 8081. We can check it using the command :

netstat -lpnt

It would give the output :

nexus@ubuntu-s-4vcpu-8gb-intel-blr1-01:~$ netstat -lpnt
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      20353/java
tcp        0      0 127.0.0.1:44945         0.0.0.0:*               LISTEN      20353/java
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -

We can confirm from the above output that 20353/java(nexus service) is accessible at port 8081.

If it doesn't show up in your case, give it some time(atleast 5 min) before restarting
the service.

Accessing Nexus from Browser 🤩

We can access Nexus from Browser but for that we need to configure the firewall of our droplet to allow incoming requests to port 8081.

To do so,

👉 Click on the droplet

👉 Open Networking section

👉 Scroll down to the bottom and click on Edit button under Firewall

👉 Click on Create Firewall

👉 Name the Firewall rule

👉 Under inbound rules(rules for incoming requests), create a new Custom rule. Let the protocol be TCP and change the port to 8081. Remove All IPv4 and All IPv6 from sources and put your Public IP address in that field because you don't want your nexus service to be accessible to anyone.

You can get your Public IP address from the URL :

https://ifconfig.me/

Now to access it from your browser, open up your browser and in the address bar type:

<Droplet's_IPv4>:8081

for example it's 143.110.189.99:8081 in my case where 143.110.189.99 is my Droplet's IPv4 and 8081 is the port number.

Congratulations🥳! You're all set to use Nexus in your Browser🤩.

Conclusion

If you learnt something new from this blog, make sure you give it a like, share and follow me on the platform. Also, feel free to connect with me on Twitter. Thank you for reading!📃

15 Vim shortcuts that will make your life easier

Sneh Chauhan — Sun, 22 May 2022 16:27:36 +0000

Introduction

If you ever installed Linux in your life, I'm sure you might have come across Vim.

Vim is a command-line based text editor. It's a great tool but I won't say that it's the best text editor in Linux as it would lead to a never-ending debate.

Vim is actually an improved version of the old vi editor. It comes with many new features including multi-level undo, multiple window support, visual mode and command-line completion.

If you're using it for the first time, you may have hard time trying to exit Vim.
.
.
.
What? Don't you believe me?

Here's the proof :

// Detect dark theme var iframe = document.getElementById('tweet-1105649774504669184-269'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=1105649774504669184&theme=dark" }

In this blog, I'll list down 15 shortcuts that will save you a lot of time while working with vim.

Shortcut key	Function
w	To `move forward` by one word(you need to be in normal mode).
b	To `move backward` by one word(you need to be in normal mode).
gg	To `move to the beginning` of the file.
G	To `move to the end` of the file(last line).
dw	To `delete the word`, cursor is positioned upon.
dd	To `delete the line`, cursor is positioned upon.
d2d	To `delete 2 lines`, starting from the line, the cursor is upon. You can replace '2' by any number and delete any number of lines.
u	To `undo` the last operation performed.
Ctrl+r	To `redo` the last operation performed.
/sample_text	To `search` for the 'sample_text' in the file. Use `n` to move to next occurrence and `N` to move to the previous occurrence of the text(in Command mode).
:%s/old/new/g	`Replaces` all the occurrences of the `old` text with `new` text(in Command mode).
:q!	To `quit the file discarding all the changes` made to the file(in Command mode).
:wq	To `save the file` and `quit`(in Command mode).
:w sample_filename	To `save` the file with filename 'sample_filename'(in Command mode).
:q	To `quit` Vim. It fails when changes has been made to file(in Command mode).

That's all for the blog. I hope you had good time reading the blog!😃

Understanding /etc/passwd file in Linux

Sneh Chauhan — Fri, 13 May 2022 06:08:50 +0000

Introduction

Linux has evolved from being someone's hobby to a full-fledged multi-user operating system powering 95% servers which run world's top 1 million domains.

4 out of 5 smartphones in the world run on linux kernel(modified one to be precise).
100% of the supercomputers have linux.

Linux is truly fascinating. In this blog, we'll understand about a special file in linux.

Let's dive straight into it.

What is /etc/passwd file?

/etc/passwd is a configuration file which stores user account information. It is a plain text-based file containing information like username, user ID and group ID.

This file is owned by root and has rw-r--r-- permissions(octal 644). Thus, the file can be read by any user but only root user or user with sudo privileges can write to the file.

How can I view that file?

To view the contents of the file, open the terminal and type in:



cat /etc/passwd

The output of this command should be similar to the one shown below.



daniel@DVM:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:103:106::/nonexistent:/usr/sbin/nologin
syslog:x:104:110::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false
uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin
sshd:x:109:65534::/run/sshd:/usr/sbin/nologin
landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
daniel:x:1000:1000:Daniel Tanzer,,,:/home/daniel:/bin/bash

Can I modify that file?

Yes, you can modify the file contents using any text editor like vim, nano or emacs but it's considered to be a bad idea unless you know what you are doing.
You must always use dedicated commands to modify the file. Let's say for an example, you want to add a new user to the system. For doing so, you must use adduser or useradd command instead of manually editing the /etc/passwd file using a text editor.

Understanding /etc/passwd file format

/etc/passwd file contains many lines, one for each user. The first line contains information about root user followed by system user accounts and normal user accounts.

It has 7 fields separated by colon(:).

1) Username :

This is the first field in a line which represents the login name of the user. It has a length ranging from 1 to 32 characters.

2) Password :

This is the second field in a line. In older linux systems, user's encrypted password was stored here. Now in the modern systems, this field is replaced by a character x and the encrypted password is stored in a file called /etc/shadow.

If the field is blank, we do not need a password to login to the system.

To change the password of any user, use passwd command which stores the password in encrypted form in /etc/shadow.

3) User ID (UID):

This is the third field in a line. It contains a unique identifier of a user which is used by an operating system to refer to a user.

UID 0 is reserved for root user.
UID 1-99 is reserved for other predefined accounts.
UID 100-999 is reserved for system accounts.
UID above 999 are for normal user accounts.

4) Group ID(GID):

This is the fourth field in a line. It determines the primary group of the user. Users can belong to more than one group in linux. To get a full list of groups a user belongs to, type in the command:



groups <user_name>

The first group in the output is the primary group and the rest are secondary groups.

5) GECOS :

This is the fifth field in a line. It contains comma-separated information about the user including:

Full name
Room number
Work phone number etc.

6) Home directory :

This is the sixth field in a line which contains the path to the user's home directory. By default, this path is under /home directory and is named after the user. For example, for a user having a username daniel, his home directory would be /home/daniel.

7) Login Shell :

This is the seventh and the last field in the line. It contains path to the user's default login shell. For most of the distributions, it is bash having the path /bin/bash.

It is not necessary to for it to be a shell. For example, system administrators can use nologin shell having path /sbin/nologin. So, if a user tries to login to an account with nologin shell, the nologin shell closes the connection.

This is it for the blog. I hope you understood the format of the file /etc/passwd.

Thank you for reading!

apt update vs apt upgrade: What's the difference?

Sneh Chauhan — Tue, 10 May 2022 09:17:56 +0000

Package Managers are fantastic!
Let me tell you what made me say that.

Features of Package Managers:

Downloads, installs and updates existing software from a repository.
Ensures the integrity and authenticity of the package.
Manages and resolves required dependencies.
Knows where to put all the files in the Linux file system.

Just imagine performing tasks like checksum verification, installing dependencies, storing components like docs, binaries and config files in different folders manually.

Although for some package managers like "dpkg", you still need to install dependencies manually. But I don't know why would one use package managers like dpkg if we have more advanced package managers which use these low level package managers under the hood and simplifies the task.

"apt" is one such high level package manager.

If you ever googled how to install <package_name> in Ubuntu machine, you'd have probably came across these commands:



sudo apt update
sudo apt upgrade
sudo apt install <package_name>

You might be thinking that we only wanted to install a certain package so why are people suggesting us to execute those 2 additional commands?

Let's understand that.

What does apt update do?

"apt update" updates the package sources list with the latest versions of the packages in the repositories.

Package sources list contains the locations or URLs of some of the repositories from which a package is installed.

You can view this list using the command :



cat /etc/apt/sources.list

It would give output:

One such location in these repositories is /ubuntu/dists/bionic-updates/main/source (You can check that here) where Sources.gz file contains all the information about the packages including:

Dependencies of the package
Latest versions of the package
Checksums of the packages to verify integrity
And much more as shown in the figure below.

So, whenever we type in apt update it browses these lists from the repositories and copies the latest version of them to the local system. It actually doesn't install any package on the system.

What does apt upgrade do then?

"apt upgrade" compares the version of all the packages currently installed on the system with the ones in the list we fetched through apt update and upgrades all of them to their latest versions.

Generally, when upgrading all the packages in the system, we merge both apt update and apt upgrade commands in a single line:



sudo apt update && sudo apt upgrade

All these things happen in the backend within a few seconds.

Virtual Machines 101

Sneh Chauhan — Sat, 07 May 2022 16:10:39 +0000

Introduction

Alex : Hey Garry! Can you spin up a VM and test this application?
Garry : Sure, I'll do that right away.

How often do you hear that idiom "spin up a VM" while conversing in IT? It's quite common right? But for anyone who's just starting his career in cloud, it can be quite overwhelming.

So... what the heck are VMs? What technology does it use and what are hypervisors?

Read on to know more👇

What is Virtualization🤔?

As per Wikipedia,

Virtualization is the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, storage devices, and computer network resources.

Or to put it simply, Virtualization means splitting physical resource like memory, CPU and storage into multiple virtual resources.

It's a technology that allows us to utilize a machine's full capacity by distributing it's resources among multiple environments each isolated from one another.

Virtual Machine🔖

A "Virtual Machine" or "VM" is a virtual instance of a computer. Just like other computers it has a CPU, memory and storage.

These virtual machines run on a physical computer and a software called "Hypervisor" manages their allocation and access to the computing resources.

Hypervisor🔖

Hypervisor or Virtual Machine Monitor is a virtualization software which allows one to build and run different VMs. It lets one host computer support multiple guest VMs by sharing its resources like memory and CPU.

Hypervisors are of two types:

Type-1 Hypervisor
Type-2 Hypervisor

Type-1 Hypervisor🔖

Type-1 Hypervisor or Native Hypervisor runs directly on host's hardware and replaces the Host operating system.
As it sits directly on the hardware, it is also called Bare-Metal Hypervisor.

Usage:

It is very commonly used in data centers and other server-based environments due to its high performance.

Advantages:

Higher performance (as it has direct access to the hardware)
More Secure
No Single point-of-failure
Better Scalability

Disadvantages:

Needs a dedicated machine to administer different VMs and control hardware.

Few of the mostly widely used Type-1 Hypervisors are VMware ESXi, Microsoft Hyper-V and KVM.

Type-2 Hypervisor🔖

Type-2 Hypervisor or Hosted Hypervisor runs as an application on the top of the Host operating system.

Usage:

It is commonly used by people who want to try out different operating systems or want to test their application for compatibility.

Advantages:

Cost efficient
Simplified Management
Threat isolation

Disadvantages:

Compromised performance
Single point of failure

Few of the most widely used Type-2 hypervisors are VirtualBox, VMware Workstation and Parallel Desktop.

Revisiting the Pain: The World without Git

Sneh Chauhan — Thu, 05 May 2022 05:04:05 +0000

Introduction

Computers have evolved a lot in a short span of time and are still evolving rapidly. With the advent of technology, the world is now at our finger tips. Along with these advancements in the hardware sector, software development has also progressed a lot. And when we talk about software development, how can one forget Git?

Git is the single most-used version control system(VCS). Git is superfast and it seems as if Gods of speed have blessed Git with unworldly powers. If you're a Software developer, it's your bread and butter. But Git was developed in 2005(with a blazing controversy) and software is being developed for more than 7 decades now. So, how did the development world look before Git.

Let's dive right into it.

1) Maintaining Backups locally

In earlier stages of software development, there was no existence of a version controlling system. Daily or Weekly backups was the norm.

For a collaborative project, there used to be a master copy usually under a single person's control. Everyone worked with that person.
Back in those days, a Commit meant backing up the current version and applying the new changes.

This came up with 2 major problems :

1) It was hard to know what changes you made over time. There was no other option than manually checking the files for differences.

2) Overtime, the files would become so large that making multiple of them may eventually take up your whole disk storage.

2) Local VCS (LVCS)

All the tasks without VCS were tedious. It required more effort from release team and the project leaders. To solve this, programmers developed Local VCS. They are also referred to as "First Generation VCS".

As the name suggests, it had a local database to store the changes made to the files. One of the most popular local VCS was "RCS(Revision Control System)" which stored patch sets and could reproduce how the file looked at any point of time by merging those patch sets.

Another popular first generation local VCS was "SCCS" or Source Code Control System which was indeed the first VCS developed in 1972 by UNIX developers.

3) Centralized VCS (CVCS)

Local VCS were good or at least better than maintaining backups but even it had a problem. Everything was stored locally. Incase if the system crashed and there's no backup you would lose everything. Also, there was no way to collaborate with other developers.

To solve this issue, Centralized VCS was developed. They were the "Second Generation VCS"

Here, we had a central server which contained all the versions and commits ever made to the project. Everyone could push and pull the changes. As the server was centralized, almost everyone knew what the other person was working upon.

Along with all these pros, CVCS also came up with cons:

1) As everything was centralized, if there's a server failure or the hard disk of the server gets corrupted, you lose everything(if there are no backups). You may get the latest version of the project from some developer who committed the last change but all the previous changes are gone.

2) Also, due to centralized server, you need to have an Internet connection if you want to commit your changes. So, if you're working in a place with no internet, you may have a bad time.

Some of the examples of Second Generation VCS are "Apache Subversion(SVN)", "CVS" and "Perforce".

4) Distributed VCS (DVCS)

Everything earlier came with it's pros and cons. But there was a need of something even better and that's when Distributed VCS came into picture. It was also referred to as the "Third Generation VCS".

Here, everyone had the full backup of the project both locally on their machine and also on the centralized server. As everyone had a local copy of entire work history, one doesn't need to be online to commit their changes. They can commit their changes to local repository first and whenever there's an availability of internet, they can push those changes to the master repository(remote repository).

Some of the examples of Third Generation VCS are "Git", "Mercurial", "Bitkeeper" and "bzr".

A Short history of GIT

Linux development started in the year 1991. Until the year 2002, changes were passed as patches and archived files. This was very difficult for the developers looking at the scope of the project.

So, finally in the year 2002, they began using "Bitkeeper VCS" which was free-to-use at that time. Everything was good and the Linux development was going smoothly up until 2005 when Bitkeeper's copyright holder Larry McVoy revoked the free-of-charge status after claiming that Andrew Tridgell created Sourcepuller by reverse engineering Bitkeeper's protocols.

This was the time when Linus Torvalds, the creator of Linux, thought of developing their own Distributed VCS with the features they needed. The development of Git began on 3 April, 2005 and achieved it's performance goals on 29 April, 2005.

This led to the development of the single-most used VCS in the software development world.

Credits

Images: Pro Git

References

Pro Git eBook: https://git-scm.com/book/en/v2
Wikipedia: https://en.wikipedia.org/wiki/Git

Behind the scenes: From Pressing the power button to Getting to the Login Screen

Sneh Chauhan — Tue, 03 May 2022 19:40:51 +0000

Introduction

Ever wondered how your modern PC get to the Login screen with a mere press of a button? Are you curious of what happens behind the scenes of bootup or do you want to get called up by your friends when they face an error while booting up their PC? If yes, you're at the right place.

Boot up is not just a short-hand for Powering on a PC, it's actually a long and vital process. It's involves an extensive list of things that takes place to get a fully-functional session of an operating system. In this blog, we'll look upon the entire boot process from BIOS to Bootloader.

1) Pressing the Power button

When you press the Power button, the Power supply in the CPU cabinet supplies the power to it's units like-Hard disks, motherboard and SSDs to name a few.

Once, all the units gets power, CPU looks for a program called BIOS or UEFI(in modern systems).

2) BIOS/UEFI and Performing POST

BIOS stands for Basic Input and Output System. Even though it hasn't evolved much, it has certainly changed it's residence many time from CMOS SRAM to NOR flash. It resided in CMOS SRAM in it early days but as SRAM was volatile, it's contents got flushed after turning OFF the computer.
BIOS then took it's place in PROM(non-erasable), UV-ROM(erasable by UV rays) and finally ended up in flash memory backed up by a CMOS battery.

BIOS performs POST(Power-on self-test) wherein it sends a signal to all devices and check's if they're up and running. If there's some error, it beeps and shows an error. The number of times it beeps signals the type of error. For example, if there's a RAM failure in a certain Dell laptop, it will beep 3 times signaling the error. You can know more about beep codes and corresponding errors here.

Now, once the BIOS is done testing the hardware, it hands over the control to the Operating system's bootloader.

3) Stage-1 Bootloader(Primary Bootloader)

BIOS looks for the Operating System to boot and load for which it has to select a Boot Device. This can be HDD, SSD, USB, CD or DVD drive.

For MBR partitioning system, we have the bootloader in the first sector of the hard disk called MBR Sector.

MBR sector is 512 bytes long and has primarily 3 partitions:

1) 446 byte for Primary Bootloader
2) 64 byte for Partition Table (4 tables of 16 bytes each)
3) 2 byte for Magic Number (Validation of MBR)

The main task of 446-byte long primary bootloader, also referred to as the stage-1 bootloader, is to find the secondary bootloader. It finds it by looking through the partition table.

4) Stage-2 bootloader(Secondary bootloader)

Now, once the Stage-2 bootloader is loaded, it actually loads the operating system.

It does this by loading the kernel and optional initial RAM disk(initramfs). The kernel starts the init system(systemd mostly) which starts other services leading all the way to login screen.

For Linux, we have GRUB bootloader, Windows uses Windows Boot Manager and Macs use boot.efi.

UEFI/GPT-based systems use something called EFI executable which doesn't have to be present in the first sector of the disk.

All these processes hardly take a few seconds. The evolution in the tech-world has made the computer boot up process lightning fast!

Demystifying Linux: The purpose of /bin, /usr/bin and /usr/local/bin

Sneh Chauhan — Sat, 23 Apr 2022 15:40:20 +0000

Introduction

Linux is a Unix-like, open source and community-developed operating system for computers💻, mobile devices📱, servers🖥 and embedded devices. Whether you know it or not, Linux is everywhere from your smartwatch⌚ to self-driving cars🚗.

Linux was known for being less intuitive and only for people who do tech-stuff but time has changed ⌛. Linux has something for everyone.
It has GIMP as a Photoshop alternative, Gedit as a Notepad alternative, VLC media player as a Windows media player alternative and many such software alternatives.

If you have been a Windows user💻 and have switched to Linux to look super nerdy🤓 or to crack linux jokes(yeah some people do), you might find it hard even to do basic things like copying, moving and deleting files or switching between directories.

Let's say you're exploring Linux for the first time, and you happened to be in the top level root directory(/). Now if you typed ls, you may come across a lot of the stuff which you think you know about. But it's highly likely that you interpreted it wrong.

For example, /bin might sound analogous to the Recycle Bin in Windows but that's not the case. Both are way different.

Although most of the modern Linux distributions come with the GUI, the real power of Linux is in it's CLI👨‍💻 and not GUI.

Linux File Hierarchy Structure

Linux file hierarchy structure describes the directory structure and it's contents in Unix and Unix-like Operating systems. It is maintained by Linux Foundation.

You can learn more about it here.

Difference between /bin and /usr/bin

For checking the difference between /bin and /usr/bin, type in the command :



man hier | grep -E '/bin$|^.{7}(/bin)' -A2

It would give output :



snake@Snake:~$ man hier | grep -E '/bin$|^.{7}(/bin)' -A2
       /bin   This  directory contains executable programs which are needed in single user mode and to bring the sys‐
              tem up or repair it.

--
       /usr/X11R6/bin
              Binaries which belong to the X-Window system; often, there is a symbolic link from the more traditional
              /usr/bin/X11 to here.
--
       /usr/bin
              This is the primary directory for executable programs.  Most programs executed by  normal  users  which
              are  not  needed  for booting or for repairing the system and which are not installed locally should be
--
       /usr/local/bin
              Binaries for programs local to the site.

The output says it all.
So, that's all for the blog. I hope you understood it.
.
.
.
.
Well, not really. There's a good historical reason for this split.

Back in time, when Ken Thompson and Dennis Ritchie were developing UNIX on a PDP-11, they used a pair of RX05 disks of 1.5 MB each.

As the Operating system grew bigger in size, first RX05 disk got filled up. So, a second RX05 disk was used and the mount was created by the name /usr. All the directories like /bin, /sbin, /tmp were replicated under it.

So, First RX05 disk contained the binaries which would help in its bootup(like single-user mode).
And the Second RX05 disk contained a lot less and least used binaries during that time until multi-user mode came into existence.

As the time passed the storage capacity on a disk drive increased exponentially and in this modern world, even the throwaway disk will have at least multi-gigabyte capacity. So, for a person born in this era, it's hard to imagine why the split would be made.

What about /usr/local/bin ?

/usr/local/bin contains binaries of the third-party apps we install. Any local executable that didn't come with the Linux install may get it's place here.

Same is the case with /sbin which contains the binaries for root users.

Top 3 Networking certifications for 2022

Sneh Chauhan — Fri, 22 Apr 2022 18:45:33 +0000

Introduction

Are you among those folks who wonder how two devices separated by oceans are able to communicate to each other or how the bullet you fired on your friend in CS: GO, get all the way to your friend sitting in LA on his comfy chair?

If it's you, you must consider giving Computer Networking a shot, after all, who knows it may be the starting point of your IT career.

Believe me, getting started into IT can be really hard. But that statement is true only if you don't learn IT the right way.

While learning anything in IT, certifications are the go-to thing, that most of the beginners look for, to break into the field.

Although they are not mandatory, but it cannot be neglected that almost 99% employers use certifications to make hiring decisions as per Cisco which is the by far the most dominant player in the networking world.

Certifications are a great source for structured learning. In this article, we will review some of the most in-demand Networking certifications out there in the market.

Networking Certifications

1. CCNA (Cisco Certified Network Associate)

CCNA is the most popular vendor-specific network certification in the market. It covers Network fundamentals, IP connectivity, IP services, Security fundamentals and Automation. Cisco also offers CCNP(Professional) and CCIE(Expert level).

Pre-requisites: Cisco recommends a year of experience administering Cisco solutions.
Price: $300 plus taxes
Languages : English and Japanese
Duration : 120 minutes

Schedule an exam: 200-301 CCNA - Cisco

2. CompTIA Network+

CompTIA Network+ is the perfect choice for the people seeking vendor-neutral network certification. This is recommended for people who want to learn about networking in general for other roles such as DevOps engineering. CompTIA also offers CompTIA A+, CompTIA Linux+, CompTIA Security+, CompTIA Cloud+ and CompTIA Server+.

Pre-requisites: 9-12 months experience and at least CompTIA A+ certification is recommended.
Cost: $348 plus taxes
Languages: English at launch. German, Japanese, Portuguese, Thai and Spanish
Duration: 90 minutes

Buy Exam: CompTIA Network+

3. Juniper Networks Certified Associate (JNCIA-Junos)

Juniper Networks Certified Associate certification is designed for professionals with beginner-intermediate knowledge of networking. It provides understanding of the core functionality of the Juniper Networks Junos OS.

Pre-requisites: None
Cost: $200 plus taxes
Languages: English only
Duration: 90 minutes

So what are you waiting for... Kick start your journey today in this amazing world of Networking!

DEV Community: Sneh Chauhan

Cannot use a custom SSH port in Ubuntu 22.10 or above? Here's a fix

Setting up a custom SSH port the old way

Setting up a custom SSH port the "NEW" way

Reverting to the Traditional method of setting a custom SSH port

Conclusion

Additional Resources

Maximizing Efficiency: Socket-Based SSH Activation in Ubuntu 22.10 and above

Introduction

What is Socket-Based Activation?

Traditional SSH vs Socket-Based SSH

Which Ubuntu versions adopt this change?

How are Ubuntu users reacting to the change?

Conclusion

useradd vs adduser: Which command to use?

adduser command

useradd command

Which one should I use and when?

Nexus Repository Manager : What is it & how to configure it on a Digital Ocean Droplet?

Introduction

What is a Repository Manager?

Repository v/s Repository Manager

Why do you need it? 🤔

Why Nexus Repository Manager? 🤔

Configuring Nexus on Digital Ocean Droplet

STEP 1 : Create a Droplet (cloud server)

STEP 2 : Log in to the droplet using it's public IP address

STEP 3 : Install Java version 8 and networking tools.

STEP 4: Download Nexus Repository Manager and untar it.

STEP 5: Create a new user nexus, give it appropriate permissions and change nexus configuration to run as a nexus user.

STEP 6: Login as nexus and start nexus service

Accessing Nexus from Browser 🤩

Conclusion

15 Vim shortcuts that will make your life easier

Introduction

Understanding /etc/passwd file in Linux

Introduction

What is /etc/passwd file?

How can I view that file?

Can I modify that file?

Understanding /etc/passwd file format

1) Username :

2) Password :

3) User ID (UID):

4) Group ID(GID):

5) GECOS :

6) Home directory :

7) Login Shell :

apt update vs apt upgrade: What's the difference?

Features of Package Managers:

What does apt update do?

What does apt upgrade do then?

Virtual Machines 101

Introduction

What is Virtualization🤔?

Virtual Machine🔖

Hypervisor🔖

Type-1 Hypervisor🔖

Usage:

Advantages:

Disadvantages:

Type-2 Hypervisor🔖

Usage:

Advantages:

Disadvantages:

Revisiting the Pain: The World without Git

Introduction

1) Maintaining Backups locally

2) Local VCS (LVCS)

3) Centralized VCS (CVCS)

4) Distributed VCS (DVCS)

A Short history of GIT

Credits

References

Behind the scenes: From Pressing the power button to Getting to the Login Screen

Introduction

1) Pressing the Power button

2) BIOS/UEFI and Performing POST

3) Stage-1 Bootloader(Primary Bootloader)

4) Stage-2 bootloader(Secondary bootloader)

STEP 2 : Log in to the droplet using it's `public IP address`

STEP 3 : Install `Java version 8` and networking tools.

STEP 4: Download `Nexus Repository Manager` and `untar` it.

STEP 5: Create a new user `nexus`, give it appropriate permissions and change nexus configuration to run as a `nexus` user.

STEP 6: Login as `nexus` and start `nexus service`