System Administration tips for Ubuntu
Ubuntu Security Information Tracker
Use dropbear to remotely unlock a fully encrypted disk via ssh
If you've enabled full disk encryption, you will need to enter a password to unlock the disk at reboot timeduring boot-up. If you are sitting in front of your desktop, no problem. But if you want to be able to unlock the disk remotely via ssh, and let the system complete boot-up even if you are not in front of the video console, then here are the steps
- http://blog.netpacket.co.uk/2016/12/05/unlocking-ubuntu-server-16-encrypted-luks-using-dropbear-ssh/
- update: if the above link is not found, you can google search for "dropbear ssh ubuntu luks encryption" for the steps
- After following the above steps, I create an entry called "unlock" in my ~/.ssh/config file on my Mac laptop. So after I boot my Ubuntu 16.04 LTS Desktop VM (using the VirtualBox CLI), then I type 'ssh unlock', and type 'unlock' when presented with the busybox prompt. I am prompted to enter a password to unlock the encrypted disk. After that, the system will boot up, then I can ssh in remotely.
Host unlock
Hostname 192.168.56.101
User root
IdentityFile /Users/ksa/.ssh/id_rsa_ubuntu_unlock
StrictHostKeyChecking no
List all software repositories
...
- apt-cache policy
Use Landscape or Cockpit to centrally manage and monitor Ubuntu machines
If you have a group of 10 or fewer Ubuntu hosts you administer, you can install Landscape (on premises version) "Landscape On Premises Edition" in a VM to manage those hosts for free.
...
- http://www.configserverfirewall.com/ubuntu-linux/install-cockpit-ubuntu-16-04/
Software update, query, management
https://www.digitalocean.com/community/tutorials/ubuntu-and-debian-package-management-essentials
https://help.ubuntu.com/lts/serverguide/package-management.html
https://help.ubuntu.com/lts/serverguide/automatic-updates.html
When there's more than one way to perform an action, multiple commands are listed. There is some overlap is these commands. Some are better suited for interactive use and might have enhanced usability features, and others might be better suited to run inside a script. Many of these examples have auto-completion available (tab) for both actions and package names.
If you install a VM using a "server" image, then you can install the desktop related packages (and get a GUI login screen, etc) using 'apt install ubuntu-desktop' or 'apt install ubuntu-gnome-desktop'
Command | Path | Package Name | Purpose / Notes |
---|
apt update |
| |
|
| update repository metadata |
apt upgrade |
|
|
| install all pending updates |
apt-cache policy |
| /etc/apt/sources.list /etc/apt/sources.list.d/ |
| list repository sources |
| log directory containing 'history.log' and 'term.log' log files/var/log/dpkg.log /var/log/aptitude /var/log/unattended-upgrades/ |
| log file locations relevent to software management |
dpkg-query --list
|
| | dpkg --get-selections |
|
| list all installed packages |
dpkg-query --listfiles <package-name> |
| |
|
| list all files owned by <package-name> |
dpkg-query --search <filename-pattern> |
| |
|
| find out which installed package owns a filename |
apt-file search <filename-pattern> |
|
| apt-file | find out which package would install <filename-pattern>. package does not need to be installed already |
aptitude install <package-name> apt install <package-name> apt-get install <package-name> |
|
| aptitude | install <package-name{ tip: use tab completion for actions and package names |
apt show <package-name> aptitude show <package-name> |
| |
|
| show details about <package-name>, including repository |
debconf-show <package-name> |
| | /var/cache/debconf |
| show configuration options and current values of <package-name> |
dpkg-reconfigure <package-name> |
| |
|
| reconfigures packages after they have already been installed. it will ask configuration questions, much like when the package was first installed. |
aptitude changelog <package-name> |
| |
|
| displays the changelog for <package-name> |
aptitude search <package-name-pattern>
|
| apt search <package-name-pattern> apt-cache search <package-name-pattern> |
|
| search for packages which match <package-name-pattern> |
aptitude download <package-name> |
| |
|
| downloads the .deb file for the given package to the current directory |
aptitude --simulate <action> |
| |
|
| print the actions that would normally be performed, but don't actually perform them. this does not require root privileges. |
man deb |
| |
|
| man page describing deb package format |
dpkg-deb --raw-extract <package.deb> <directory> |
| |
|
| extracts contents of <package-deb> to <directory>, including the control information files into a DEBIAN subdirectory |
apt-cache search meta package |
|
| list of all meta packages (a package name that installs a group of other packages) |
aptitude search ~o |
|
| list of packages which do not have an associated repository (ie, they cannot be downloaded or updated via the standard apt repositories on the host) |
Related articles
Content by Label |
---|
showLabels | false |
---|
max | 5 |
---|
spaces | SCS |
---|
showSpace | false |
---|
sort | modified |
---|
reverse | true |
---|
type | page |
---|
cql | label = "kb-how-to-articleubuntu" and type = "page" and space = "SCS" |
---|
labels | kb-how-to-article |
---|
|