Linux Server Admin Tips
For a few years now I have been administering a group of dedicated Linux web servers. I thought I’d share a few of the ways I use to deal with them quickly. None of this is particularly complex but once setup, makes everyday administration much faster. Please feel free to add comments, and I will incorporate new ideas into this list.
1) Hosts
Pretty obvious really, but I give my machines short names, and then give them an entry in my hosts file. In my case I used fruit.
123.123.123.123 grape 123.123.123.124 banana 123.123.123.125 strawberry
2) SSH config
Of course I set up ssh with keys so I can log into each machine without needing to specify a password. To do this, create the keys on your workstation
ssh-keygen -t rsa
I don’t use any pass phrase as this slows everything down, and I rely on my workstation being secure. Next, is to copy the contents of the public key you just created
~/.ssh/id_rsa.pub
and paste it into a file on the remote server called
~/.ssh/authorized_keys
I also set up a file on my workstation named ~/.ssh/config which saves you specifying options on the command line for scp and ssh.
Host * Compression yes CompressionLevel 9 KeepAlive yes host strawberry user root hostname 123.123.123.125 port 3366 host banana user root hostname 123.123.123.124 port 3366
This allows you to pre-configure access to the machines via ssh and specify some options you want to use each time. In my case I put all my machines SSH daemon on a non standard port (3366) for security, and I always log in as root. This config fileĀ is also used for scp, so to copy machines from my workstation to the remote server it’s simply
scp index.html strawberry:/var/www/httpdocs/
3) Aliases
I guess you could do this with a script but I opted to do it via aliases. In you shell startup scripts (possibly ~/.bashrc or perhaps bashrc refers to an alias file called ~/.bash_aliases) I alias each machine name with
alias strawberry="ssh strawberry"
So to connect to a machine I simply type in its name. In addition to this, each of my web sites baseĀ (which are setup using Plesk), location is something like /var/www/vhosts/mydomain.com/httpdocs. So I create an alias named from an abbreviation of the website such as alias md=’cd /var/www/vhosts/mydomain.com/httpdocs’ alias ad=’cd /var/www/vhosts/anotherdomain.com/httpdocs’ So once I connect to a machine, I can nvaigate into the correct directory in a few keystrokes by just type “md” or “ad”
4) Coloured Promtps
As I look after lots of machines, you really don’t want to be typing the wrong thing into the wrong machine. So I colour code the prompts by adding something like this to .bashrc on each server
STARTCOLOUR='\[\033[1;36m\]'
ENDCOLOUR='\[\033[40;0;37m\]'
PS1="${USER}@$STARTCOLOUR${HOSTNAME}$ENDCOLOUR:\w> "
Change the number 36 to another colour code for each machine, here is a list of the available colours Foreground Colours
- 30 Black
- 31 Red
- 32 Green
- 33 Yellow
- 34 Blue
- 35 Magenta
- 36 Cyan
- 37 White
The colours really stop you making silly mistakes.
5) Concurrent execution of commands
If you need to do the same thing on multiple machines try cssh. Once installed use,
cssh server1 server2 server3...
An ssh terminal will appear for each server and another control window. With the control window in focus anything you type will be inserted into all ssh terminals, plus you canswitch focus to an individual terminal and just send characters to that specific machine.
If this has been useful to you, and you would like to buy me a coffee, or help towards my monthly server costs please click here to make a donation via paypal.
small but nice and helpful tips, like it.
Good list!
. Of course it’s a metter of preference:-) Also, I usually put -X to my ssh alliases to forward windows for server to desktop:-)
Tip.3. I also use alliases to ssh commands, but I use little shorter forumla than yours. For example, instead of
alias strawberry=”ssh strawberry”
I would have used alias sss=”ssh strawberry”, and simillarly,
alias ssg=”ssh grape” and alias ssb=”ssh banana”
Dude!
“In my case I put all my machines SSH daemon on a non standard port (3366) for security, and I always log in as root.”
Um, yeah. Don’t bother with the port thing – nmap will still find it – it only stops bad guys that are dumber than rocks. Don’t login as root, really. Turn off the ability to login as root and require sudo. No passphrase? man ssh-agent.
“The colours really stop you making silly mistakes.”
The king of silly mistakes is shutting down the wrong machine. Check out molly-guard, if you’re working with debian based distros.