System Administration tips for Ubuntu
Use dropbear to remotely unlock a fully encrypted disk via ssh
If you've enabled full disk encryption, you will need to enter a password to unlock the disk at reboot time. If you want to be able to unlock the disk remotely via ssh, here are the steps
- http://blog.netpacket.co.uk/2016/12/05/unlocking-ubuntu-server-16-encrypted-luks-using-dropbear-ssh/
- After following the above steps, I create an entry called "unlock" in my ~/.ssh/config file on my Mac laptop. So after I boot my Ubuntu 16.04 LTS Desktop VM (using the VirtualBox CLI), then I type 'ssh unlock', and type 'unlock' when presented with the busybox prompt. I am prompted to enter a password to unlock the encrypted disk. After that, the system will boot up, then I can ssh in remotely.
Host unlock
Hostname 192.168.56.101
User root
IdentityFile /Users/ksa/.ssh/id_rsa_ubuntu_unlock
StrictHostKeyChecking no
Use Landscape or Cockpit to centrally manage and monitor Ubuntu machines
If you have a group of 10 or fewer Ubuntu hosts you administer, you can install "Landscape On Premises Edition" in a VM to manage those hosts for free.
In addition to Landscape (or an alternative) is Cockpit which you can use to centrally manage CentOS, RedHat, Fedora, and Ubuntu hosts:
Software update, query, management
https://www.digitalocean.com/community/tutorials/ubuntu-and-debian-package-management-essentials
https://help.ubuntu.com/lts/serverguide/package-management.html
https://help.ubuntu.com/lts/serverguide/automatic-updates.html
Command | Relevent Pathname | Package Name | Purpose / Notes |
---|---|---|---|
apt update | update repository metadata | ||
apt upgrade | install all pending updates | ||
apt-cache policy | /etc/apt/sources.list /etc/apt/sources.list.d/ | list repository sources | |
/var/log/apt/ /var/log/dpkg.log /var/log/aptitude /var/log/unattended-upgrades/ | log file locations relevent to software management | ||
dpkg-query --list | list all installed packages | ||
dpkg-query --listfiles <package-name> | list all files owned by <package-name> | ||
dpkg-query --search <filename-pattern> | find out which installed package owns a filename | ||
apt-file search <filename-pattern> | apt-file | find out which package would install <filename-pattern>. package does not need to be installed already | |
aptitude install <package-name> apt install <package-name> apt-get install <package-name> | aptitude | install <package-name{ tip: use tab completion for actions and package names | |
apt show <package-name> aptitude show <package-name> | show details about <package-name>, including repository | ||
debconf-show <package-name> | /var/cache/debconf | show configuration options and current values of <package-name> | |
dpkg-reconfigure <package-name> | reconfigures packages after they have already been installed. | ||
aptitude changelog <package-name> | displays the changelog for <package-name> | ||
aptitude search <package-name-pattern> | search for packages which match <package-name-pattern> | ||
aptitude download <package-name> | downloads the .deb file for the given package to the current directory | ||
aptitude --simulate <action> | print the actions that would normally be performed, but don't | ||
man deb | man page describing deb package format | ||
dpkg-deb --raw-extract <package.deb> <directory> | extracts contents of <package-deb> to <directory>, including the control information files into a DEBIAN subdirectory | ||
apt-cache search meta package | list of all meta packages (a package name that installs a group of other packages) |
Related articles
There is no content with the specified labels