Server Archives • Page 3 of 5 • Linux Tips

Make wget Use IPv4 or IPv6

Today’s article is a fun one, an article where you learn how to make wget use IPv4 or IPv6. Not only is this useful, it’s easy! In fact, it’s easy enough for most anyone to figure out. Plus, this will be a fairly short article – I think. I mean, I haven’t written it yet, but it seems like a short one.

I’ve done a couple wget articles, with the most recent showing you how to make wget ignore certificate errors. In fact, in that article I showed you how to enable that permanently. I’ll have to add that to this article. That’ll come in handy for like 0.01% of you.

If you don’t know, wget is a tool for downloading content from servers. These days, we use it to grab stuff from web servers without having to go through a browser – more often than not. Sometimes we use it to scrape entire sites without actually visiting them in a browser! (Sometimes, doing that makes you a dick.) It’s a handy tool for that sort of stuff.

Once in a while, while using wget, you’ll come across a finicky download that will throw an error about wanting IPv6 (or IPv4 if you’re using IPv6). That’s when this article is going to come in handy. Sometimes, a server isn’t configured for, or will refuse connections from, one or the other. That’s when you’ll see errors and that’s what we’ll resolve in this article.

Hmm… Do I need to explain wget more? Nah, y’all know what it is. IPv4 vs IPv6? Well, how about you check out this link to learn the difference and why it matters. That’s a good link. Alright, moving on…

Make wget use IPv4 or IPv6:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. The wget command will throw an error, letting you know if you must use one or the other.

If you need to force IPv4, it’s nice and easy:

wget --inet4-only <address>

1	wget --inet4-only <address>

If you need to force IPv6, it’s also nice and easy:

wget --inet6-only <address>

1	wget --inet6-only <address>

If you find yourself doing this often, one way or the other, you can actually tell wget to do this on a permanent basis. Like in the previous wget article you can edit your .wgetrc file (create it if it doesn’t exist) to include either --prefer-family=IPv4 or --prefer-family=IPv6 and it’ll try one before trying the other if it’s available.

Closure:

See? Nice, neat, and simple. You’ve learned how to make wget use IPv4 or IPv6 – should you find yourself needing to do so. It’s a handy trick to have up your sleeve, ’cause you will eventually find a server that requires one or the other. Given enough use, it’s gonna happen.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Disallow SSH Login For A Specific User

In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!

I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject.

Here, this link will help you search for SSH articles.

SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.

It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.

So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.

Disallow SSH Login For A Specific User:

This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.

With your terminal/connection now open, enter the following command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

Find a place to make a new line and enter the following with some care:

DenyUsers          <username>

1	DenyUsers <username>

Now, this one is a bit picky. Obviously, you substitute <username> with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!

Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:

sudo systemctl restart ssh

1	sudo systemctl restart ssh

If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.

Hmm… If you’re a barbarian that doesn’t use systemd, try this:

sudo service ssh restart

1	sudo service ssh restart

When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!

Closure:

Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!

Check Your SSH Server Configuration

Today, I’m going to show you how to check your SSH server configuration. It’s a simple process, but not one many people seem to know about. It’s also a pretty handy tool if you’re having SSH issues. Once again, this one isn’t all that complicated, I think… Read on!

So, why would you want to check your SSH server configuration?

Your SSH server might not be working. You may have made some changes and want to test it before moving it to production. An upgrade to the SSH application may have made some of the options different or even removed the options entirely.

There are all sorts of reasons why you’d want to check your SSH server configuration. Those are just a few of them. Not only will the article show you how to check your SSH configuration files – it’ll show you how to test alternative configurations. So, you can test your changes before making them – potentially saving you a physical trip to the server.

Check Your SSH Server Configuration:

By the way, I would test/learn this on a local system. You’re potentially going to break things. In fact, let’s start by breaking them! Well, let’s create a backup first, and then we’ll break stuff.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

1	sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Okay. Now let’s break something! Run this command:

sudo nano /etc/ssh/sshd_config

1	sudo nano /etc/ssh/sshd_config

Find a line that has a command and doesn’t start with a #. You can also remove the # from an option and it’ll be work. Find a one line option that has a “no” option field and change it to “oh_no” *sans quotes, though that probably won’t matter) and then save the file.

(Also, to save the file in nano, press CTRL + X, then Y, and then ENTER and that should do it.)

Now, let’s check that SSH server configuration with the following command:

sudo sshd -t

1	sudo sshd -t

If things go according to plan, it will tell you that you have an error. On top of that, it will tell you on which line you have the error. If it doesn’t throw an error, it means your configuration is fine – or that you may need to restart your SSH service for it to see the new configuration.

If you do somehow need to restart SSH server (you shouldn’t have to), restart it with the following command:

sudo systemctl restart ssh

1	sudo systemctl restart ssh

Run the command again and that should definitely show the error, which you can easily fix by simply undoing what you did in the steps above and saving it. You almost certainly shouldn’t need to restart SSH to show the error, though you may want to restart it after you’re done playing around in the config file. Of course, if you did have to restart the SSH server, you’ll need to do so again after fixing the error you intentionally introduced.

BONUS: If you want, you can list the path and check a configuration file that’s not actually in use. So, you can check the configuration file before putting it into production. That’s just:

sudo sshd -t /path/to/new_config

1	sudo sshd -t /path/to/new_config

Again, under normal circumstances, it won’t show any output if it finds no errors. It only outputs information if there’s actually an error. So, a null response is considered normal and good.

Closure:

See? Nice and easy. Now you can check your SSH server configuration for errors – even doing so before putting the config into production. It’s a pretty handy tool to have. Also, you’ll need SSH installed and running on the machine you’ll be testing with. I figure that’s obvious, but I better mention it somewhere or someone will point it out or ask about it. Then again, people seldom read this far down in an article.

Stop People From Viewing Files In A Directory With .htaccess

If you have a website, then you will have directories and you might want to stop people from viewing files in a directory. You might want to do this for privacy reasons, or for security reasons. So, if you’re looking to stop people from viewing files in a directory with .htaccess, you’ve come to the right article.

By using the .htaccess method to stop people from viewing files in a directory, people will still be able to see linked files in the directory – they just won’t be able to browse the directory to find unknown files. It’s like the best of both worlds. They can see what you’ve shared, but (unless guessing URLs) can only see what you’ve shared and nothing else.

It’s a handy tool to use and basic security (and privacy) step to prevent snooping around your server – assuming .htaccess is an option. Of course, if you’re just spinning up a quick Python server, it’s not going to be of much help.

Anyhow, this will be a relatively short and easy article, and only applicable to a subset of the site’s visitors. I want to cover more server articles, so we might as well take this one from the previous site and migrate it to this one.

Stop People From Viewing Files In A Directory:

Open the directory you want to keep private with your favorite FTP client – unless you’re doing this on a local computer. If that’s the case, you can just navigate to the directory.

Create a new file called .htaccess. The ‘.’ is important and mandatory, as it’s a hidden file. If the file already exists, now would be a good time to make a backup.

The permissions for .htaccess should be 644. Your FTP client will let you set permissions. Locally, you can chmod 644 .htaccess and that should work nicely.

Next, you’ll want to edit the .htaccess file with a plain-text editor to add the following line (if the file already exists, be sure to put this on its own line):

Options -Indexes

1	Options -Indexes

Save the .htaccess file. Be sure not to modify any other lines in the process. There’s a whole lot that can be accomplished using .htaccess and it can be pretty complicated.

What this will do is prevent indexing the files in that particular folder. If people try to access the folder directly, they’ll get a 403 forbidden error. At the same time, you can still link directly to files in that folder.

So, let’s say you added the .htaccess to a directory called /tmp. You can still link to, use, and send people to /tmp/picture.jpg like normal, but people won’t be able to browse the directory and find files you don’t want them to see. They won’t be able to browse the directory to see that you’ve also uploaded picture2.jpg to the same directory.

For more information, you can click this. (I wasn’t kidding when I said it could get complicated.)

Closure:

Thanks for reading today’s article. Today, we learned how to stop people from viewing the files in a directory – unless you let them know the URL, of course. It’s a pretty handy skill to have, as is basic editing of the .htaccess file.

FTP From The Linux Terminal

Why would you want to use FTP from the Linux terminal? It’s quick, easy, consistent, and works well enough as an FTP client. If it’s not already installed, it’s just a quick installation command away. In my experience, it’s usually already there.

If I’m going to be transferring a bunch of files or editing files, I’ll just use a GUI FTP client. My choice FTP client has been Filezilla for quite a long time now. It does the trick and I just keep moving my profile/config to new computers as I get them. Being easy to migrate is a definite selling point for me.

So, what is FTP? It stands for File Transfer Protocol. It’s not encrypted, so many folks have moved to SFTP – which is actually not related to FTP at all. It just shares similar functionality. Even though FTP traffic isn’t secure, it’s still fairly widely used.

An FTP server is probably not installed by default on your desktop Linux system. However, I’ve written how to Install An FTP Server With VSFTPD which should get you sorted if you need one.

The application will be using is “FTP” which describes itself like:

ftp — Internet file transfer program

And you may find that your version of terminal-based FTP is maintained by your distro maintainers. The FTP command and flagsr should still be pretty universal throughout. Still, be sure to check the man page – especially if things seem weird.

FTP From The Linux Terminal:

Obviously, this requires an open terminal.

Press CTRL + ALT + T and your terminal should pop right open.

Once you have the terminal open the command is basically this:

ftp <server>

1	ftp <server>

You can connect via domain name, hostname, or even IP address. It’ll look like this, or pretty close:

ftp from the terminal — See: You can use FTP from the Linux terminal.

There are many commands available, so you should probably check man ftp to see what’s on offer. We’re just going to cover a few of the more useful commands.

You’ll find that ‘ls’ works to list files, just like you’re used to, as does ‘cd’. If you want to change your local directory, that is your working directory on your machine and not the working directory on the server, you need to use the ‘lcd’ command – like so:

lcd ~/Downloads

1	lcd ~/Downloads

Note: Read More About Paths

After you’ve logged in and learned to navigate, it’s time to do something. If you want to download something, you use the ‘get’ command:

get <file_name>

1	get <file_name>

That will download the file from the server to the local directory. To do the opposite, that is upload something from your current local directory, you would use the ‘put’ command, like so:

put <file_name>

1	put <file_name>

If you want to get or put more than one file, the commands are ‘mget’ and ‘mput’ respectively. They look like this:

mget <file_name1> <file_name2> <file_name3>
mput <file_name1> <file_name2> <file_name3>

1 2	mget <file_name1> <file_name2> <file_name3> mput <file_name1> <file_name2> <file_name3>

Note: It may give a warning about using passive mode. If that’s the case, add the -p flag to your connection command – like ftp -p hostname.

Just like with your regular terminal file management, you can ‘mkdir’, ‘rmdir’, and even use ‘pwd’ to be reminded of your present working directory. Files can also be deleted with the delete <file_name> command.

Closure:

And there you have it, an article that explains how to use FTP from the Linux terminal. It is important to note that the FTP command transmits data without encryption. If security is a concern, use SCP or SFTP.