Ubuntu 18.04 LAMP Server – Quick Setup and FTP to Webserver

I recently setup an Ubuntu 18.04 webserver to test webpages locally. I used tasksel to quickly install the LAMP server role as follows:

sudo apt update
sudo apt install tasksel
sudo tasksel install lamp-server

With the webserver up and running I needed to be able to FTP into the var/www/html directories to upload my HTML and CSS.

As Ubuntu server comes with SSH installed be default I decided to use that for FTP instead of installing something like vsftd (Very Secure FTP Daemon). FTP over SSH turned out to be a much simpler and quicker setup.

Warning: These steps do not restrict access to folders outside of the /var/www/html directories. As such this setup is not recommended for any kind of production server.

First create a new directory under /var/www/html:

cd /var/www/html
sudo mk dir newdirectory

Create a new user and give the user a password:

sudo adduser ftpuser
sudo passwd ftpuser

Finally give the new user the permissions that they need. Change the directory ownership and group:

sudo chown www-data:www-data /var/www/html/newdirectory

Give the group write permissions to the directory:

sudo chmod -R 775 /var/www/html/newdirectory

Add the new user to the www-data group:

sudo usermod -a -G www-data ftpuser

With this done I configured FileZilla to establish a secure FTP connection to my webserver.

Filezilla: Secure FTP using SSH File Transfer Protocol.

Sources:

https://www.digitalocean.com/community/questions/permissions-on-var-www-html-for-uploading-web-site-files-via-sftp

Ubuntu – SSH Warning – Remote Host Identification Has Changed

Using SSH to an IP address that is now being used by a different server will give you this nice warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
c8:94:a2:46:8f:c9:d0:d9:fd:33:44:42:9c:9f:ea:58.
Please contact your system administrator.
Add correct host key in /home/mike/.ssh/known_hosts to get rid of
this message.
Offending key in /home/mike/.ssh/known_hosts:2
RSA host key for 192.168.0.41 has changed and you have requested
strict checking.
Host key verification failed.

SSH keys in Ubuntu are stored in the /home/{username}/.ssh/known_hosts file.

The above warning lets me know that the offending key is in line 2 of my known_hosts file.

I can either manually delete line 2 from my known hosts file or run the following command:

ssh-keygen -R {server-ip-address}

In this case I was of course aware of the change in my infrastructure and went ahead and amended my known_hosts file. As the error states you could also be the victim of a man in the middle attack, so be careful!

An IP address change is just one cause of this SSH error – see here for more details.

Enabling SSH In VMware vSphere 4.1 (ESXi)

Once upon a time enabling SSH in ESXi involved logging into the console directly and working some command line mojo.

I didn’t look at this with the 4.0 release of vSphere but can confirm that using the console is no longer required to enable SSH in vSphere 4.1. Here are the steps to follow using the vSphere Client:

  • Click the Configuration tab
  • Click Security Profile in the Software box on the left hand side
  • Click Properties at the top right
  • In the Service Properties window select Remote Tech Support (SSH)
  • Click the Options button
  • In the Remote Tech Support SSH window click the Start automatically radio button
  • Click the Start button
  • Click OK

No reboot should be necessary – that wasn’t so painful now was it?