• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Create a VM ($25 Credit)
  • Buy a Domain
  • 1 Month free Back Blaze Backup
  • Other Deals
    • Domain Email
    • Nixstats Server Monitoring
    • ewww.io Auto WordPress Image Resizing and Acceleration
  • About
  • Links

IoT, Code, Security, Server Stuff etc

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

  • Cloud
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
    • Setting up a Vultr VM and configuring it
    • All Cloud Articles
  • Dev
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to setup pooled MySQL connections in Node JS that don’t disconnect
    • NodeJS code to handle App logins via API (using MySQL connection pools (1000 connections) and query parameters)
    • Infographic: So you have an idea for an app
    • All Development Articles
  • MySQL
    • Using the free Adminer GUI for MySQL on your website
    • All MySQL Articles
  • Perf
    • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Measuring VM performance (CPU, Disk, Latency, Concurrent Users etc) on Ubuntu and comparing Vultr, Digital Ocean and UpCloud – Part 1 of 4
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap
    • All Performance Articles
  • Sec
    • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
    • Using OWASP ZAP GUI to scan your Applications for security issues
    • Setting up the Debian Kali Linux distro to perform penetration testing of your systems
    • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
    • PHP implementation to check a password exposure level with Troy Hunt’s pwnedpasswords API
    • Setting strong SSL cryptographic protocols and ciphers on Ubuntu and NGINX
    • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
    • All Security Articles
  • Server
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All Server Articles
  • Ubuntu
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Useful Linux Terminal Commands
    • All Ubuntu Articles
  • VM
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All VM Articles
  • WordPress
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
    • How to backup WordPress on a host that has CPanel
    • Moving WordPress to a new self managed server away from CPanel
    • Moving a CPanel domain with email to a self managed VPS and Gmail
    • All WordPress Articles
  • All

SSH

MobaXterm tabbed SSH client (etc) for Windows

July 7, 2020 by Simon

After posting my last blog post (Goodbye Dropbox, One Drive, iCloud and Hello Nextcloud private cloud on UpCloud) I received comments from readers as to why I used Putty/WinSCP and not MobaXterm.  To be honest I had no idea MobaXterm existed.

I did a quick Google and checked out the pros and cons of Putty/WinSCP v MobaXTerm.  

MobaXterm Highlights

  • MobaXterm is a lot faster at uploading and downloading files over SSH connections
  • MobaXterm can connect to practically anything (SSH, Telnet, RDP, RSH, Xdmcp, VNC, FTP, SFTP, Serial, Shell etc)
  • Multiple terminals can either be in tabs or split horizontally or vertically.
  • Edit remote files via SSH and SFTP – Pro feature
  • Supports macro controls (multi commands in single screen) – Pro feature
  • MobaXterm has many plugins
  • MobaXterm can be run from a portable USB drive

Nice

MobaXterm Website

I visited https://mobaxterm.mobatek.net/

https://mobaxterm.mobatek.net/ website screenshot

I had an option to download the Free Version or to purchase a Professional Version.

Free v Pro version comparison

I will be reviewing the Pro version (you will see why later). I am reviewing Version 20.2 (Build 249). You can download the free version at https://mobaxterm.mobatek.net/download.html.

If you purchase the Pro version (with 12  months of updates) for $69 USD. Delivery is done by email within 24 hours after payment is received.

Download Home or Pro Version

Installing MobaXterm

I downloaded the 1.5MB Installer (the link was emailed to me after purchase)

installer exe

I opened the MobaXterm installer and entered my Pro serial number (emailed to me) then I clicked Next

Enter serial number

Customise Options (during the install)

I clicked Customise MobaXTerm Professional settings button

Advanced options button

The customizer options are impressive (Import and export settings, enable/disable features, generate a portable package etc)

Customizer options

I had an option to customise the banner or any server I connect to but I left the banner as the default banner.

Banner editing

I reviewed all options for the application. This is more in depth than Putty for sure.

Enable or disable just about everything.

I reviewed my default SSH settings.  SSH Keep alive will be turned on for sure.

SSH Settings Screen

I had an option to add plugins to MobXTerm

Dialog to save files to another folder.

I had the option to generate a portable of full installer 

generate Installer

Now I can resume the setup of MobaXterm, I clicked Next

Installer Click Next

I accepted the licence agreement and clicked Next

Licence Agreement

I installed MobaXterm to my C:\ Drive

Installer Choose destination folder.

I clicked Install

Installer Install

MobaXterm was now installed

Installer: Installed Screenshot

MobaXterm

I opened MobaXterm

Apologies in advance I setup Dark Mode in MobaXterm as soon as I opened the Configuration. All screenshots will be shown below in Dark Mode.

There are 12 colour themes to choose from.

I set the Dark theme.

Main Interface

The MobaXterm interface is more feature packed than Putty.

Menu Bar, Toolbar, Tabs and options are available

Windows prompted me to allowed access to MobaXTerm in my Windows firewall.

Time to create a connection to a server.

Adding a SSH Connection to a Server

I created a new SSH server connection to one of my existing servers.

  • I specified the IP address, username and protocol.
  • I set “SCP (enhanced speed)“
add server with options

I specified the path to my private key (for the server)

I specified my servers private key

I reviewed other terminal settings.

Other settings dialog

I changed the font to Courier New, Size 12 (I am sad). I also increased the initial size of the terminal (width and height)

Set terminal font and size

I reviewed network settings (all good)

network settings

I added a shortcut to the server onto my desktop

Save shortcut to the desktop

When I opened the connection to the server I was prompted to enter the Passphrase I set on my Public Key (nice).

Then I was prompted to put in my 2FA One Time Password (OTP) in the main terminal windows and a second time in a popup form (for the connection that builds the folder structure on the left).  This is how I configured my website. To get the OTP I need to insert my YubiKey and one the YubiCo Authenticator app and enter my keys password.

Some people say that having a passphrase on a public/private key and 2FA Authentication is a bit overkill but that is not everything I do.

enter passphrase

I need to enter two OTP’s to connect to my site.

If you are fast you can use the same OTP in both windows (but they expire in 30 seconds)

enter OTP

Nice I was able to connect to my Server just like Putty.  The cool thing is I can see files and folders without opening WinSCP.

folder list and a terminal side by side

This is way more convenient than using two programs. 

I enabled the Remote Monitoring status bar in MobaXterm. Now I can see system resources on my server without running CLI commands.

Upload Speed to Singapore from Australia

I uploaded a 1GB file with to the same server from WinSCP and MobaXterm to simulate a restore.

winscp v mobaxterm at uploading

I was gobsmacked, WinSCP could only upload a file at 342KB/s, MobaXterm could upload at 4.42MB/s.

I was uploading a 1GB file from my house to a server in Singapore (within 5 minutes of each other). I did set “SCP (enhanced speed)” when Installing MobaXterm.

MobaXTerm is 12x faster than WinSCP at uploading for me. This is well worth upgrading to a Professional licence.

Download Speed (from USA/East Coast) to Australia

I ran a practical download test (this time from Chicago). In the right-hand side of MobaXterm I zipped up my entire website folder (1.66GB)

zip -r /temp/www-22-Jun-2020.zip /www-folder

Then in the left-hand side of MobaXterm I downloaded the file, this is as simple as right-click then download.

Right click download.

I was presented with a directory tree specify where to save the file to.

Specify download location

I noticed the file was downloading at 16Mbps then 18Mbps then 22Mbps within seconds.

The download speed settled down to 26Mbps after a few minutes.

This is amazing for a download from the other side of the world (200ms ping and on a VPN, 19 traceroute server hops away).

download speed

I downloaded the same file from the same server with WinSCP to compare and MobaXTerm was 10x faster at downloading. WinSCP could only manage 2.57/MB/s

winscp download speed

Plugins

I will look into plugins soon: https://mobaxterm.mobatek.net/plugins.html

Local Terminal

I can also start a local terminal (documentation here)

open terminal

I can run Linux commands on my Windows machine via Cygwin

“ls -al” on Windows anyone

ls -al screenshot

I noticed MobaXterm had found my WSL 2 Installation of Debian on my Windows 10 v2020.

I can now use MobaXterm to open my WSL Linux installations.

update wls linux

MobaXterm can easily connect to my local and online Linux servers with ease.

overview of the mobaxterm ui

Multiple Exec

I used the Multiple Exec (similar to the multiple cursors in Sublime Text Editor) to control 2 serves at once and run identical commands.

Multiple Exec sending keystrokes to multiple servers.

Import Putty Sessions

I did not notice until later but you can import existing Putty connections.

MobaXterm can import Putty sessions

Generate Public/Private Keys

Also, you can generate SSH Public and Private Keys from the Tools menu or the left-hand side (tab).

generate ssh key

Pros

  • File/Folder and Terminal window side by site
  • 13x faster file uploads over SSH
  • 10x faster downloads over SSH
  • Integration with WSL Linux Images
  • Import Putty Settings
  • Local Terminals/Cygwin

Cons

  • It would be nice to only have to enter my 2FA OTP once when connecting to one of my serves.
  • The user interface is full-on, I am still learning it

Conclusion

Honestly having faster uploads and downloads over SSH is a dream come true. I live in Australia and we have terrible latency and I have better things to do than to watch slow uploads/downloads.

I look forward to investigating MobaXterm plugins in the near future as I feel I I have just scratched the surface.

Links

MobaXterm Documentation: https://mobaxterm.mobatek.net/documentation.html

 

v.1.1 Plugin info fix

Filed Under: SSH, Uncategorized Tagged With: Linux, MobaXterm, ssh, terminal

Goodbye Dropbox, One Drive, iCloud and Hello Nextcloud private cloud on UpCloud

June 14, 2020 by Simon

I recently came across NextCloud Hub server (free on self-hosted servers) and I wanted to set up my own private cloud server to store my own files.

I wan’t to be able to access my files on Windows, Mac, Android and iOS.

Most of all I want a place in the cloud (that I own) that I can upload my Acronis backup of C Drive as the Backblaze client (read my review of Backblaze here) is a bit slow at uploading a 150GB backup file to the USA.

To create my own Nextcloud server I will need to login to these services.

  • I logged into my Domain Name provider porkbun.com (to ensure I had a domain name)
  • I logged into Cloudflare.com (to manage my DNS for a subdomain (redirected from PorkBun)).
  • I logged into my UpCloud.com account. (to deploy a new virtual machine)

Fyi: If you don’t have a favourite virtual machine provider you can use my referral link to obtain $25 free credit (only if you are new to UpCloud). Every new user who signs up with my referral link will receive a $25 bonus to get started. That’s 5 months free server (1 CPU and 1GB memory Linux server) 

Post Index

  1. NextCloud System Requirements
  2. Creating a new Virtual Machine at UpCloud
  3. Updating Ubuntu
  4. Installing Common Software Packages
  5. Securing SSH with the Google Authentication PAM module
  6. Installing a Firewall
  7. Installing NGINX and DNS
  8. Installing PHP/PHP-FPM
  9. Installing MySQL
  10. Nixstats
  11. CronTab Updates
  12. Misc Security Stuff

1. NextCloud System Requirements

I checked the NextCloud version 18  system requirements and it needs the following to deploy.

  • Ubuntu 18.04 LTS (recommended)
  • MySQL 5.7+ or MariaDB 10.2+ (recommended)
  • Nginx with php-fpm
  • PHP 4 (recommended)

Minimum Memory Requirements 

Nextcloud needs a minimum of 128MB RAM, and they recommend a minimum of 512MB.

I can deploy a server with at least 512MB memory free. The minimum UpCloud server I can deploy comes with 1GB of memory for $5 a month.

Time to create a new server.

2. Creating a new Virtual Machine at UpCloud

I logged into UpCloud and  clicked “Deploy Server“

Deploy Server Button

I selected Singapore as the place to deploy my new server (as it was closest to me here in Australia). UpCloud does not have servers here in Australia yet.

I chose to deploy a server in Singapore

I checked https://wondernetwork.com/pings/ to ensure Singapore is the fastest location near.  My server https://fearby.com is located in Chicago as it’s closer to my average readers and search engines.

Ping Speeds

I would like my NextCloud server to be as fast as possible to me. Singapore is the faster UpCloud datacenter near me.

I selected a server with 1 CPU Core, 1GB of Memory, 25GB of storage and 1TB of network traffic. I will add a 500GB drive to this server for additional storage.

If the server needs more resources I will upgrade it later.

Server tier's $5 month to $640 a month

The only downside of a $5/m server is the 1TB network quota. If I overuse the network (downloads) I will get an extra charge. 

I reached out to the support to verify the costs if I go over my quota.

Long answered the question.

My question to UpCloud chat support.

Q1) With a $5/m server with 1TB quota what is the over charge costs if I go over 1TB
Q2) Is 1TB quota up and down or just down?

Prompt Answer

Hi Simon,

Good to speak to you again.

A1) Only Simple plans include monthly allowance of outgoing network traffic. After the allowance, the cost is $0.01/GB. It was a lot higher, but we reduced it to make it more competitive.

A2) The quota is for outgoing network traffic from your servers, all incoming and private traffic between your UpCloud servers is free of charge.
Regards,
~Long Lam

I hope this is helpful, let us know if you have any further questions. 

Based on this information if I use all of my 1TB Monthly quota downloading files and I download and extra 150GB (e.g A 150GB Acronis backup image) it will cost $1.5 extra. That’s not bad.

UpCloud Chat Support

Before I selected a server type (Simple or Flexible) or storage type  (MAX IOPS or HDD) I jumped onto the UpCloud chat and asked a few questions.

Q1) Hello, When deploying a server is there a cost difference between MAX IOPS and HDD storage? I am looking at a 500GB drive

A1) Storage (MaxIOPS), per GB $0.00031/ hourly $0.22/ monthly, Storage (HDD), per GB $0.000078/hourly  $0.06 / monthly 

Q2) What’s the difference between Simple and Flexible?

A2) Flexible will/turn out more expensive depending on your use case, generally, it is more suited for short term deployments.

> With our flexible plans, you decide yourself how much CPU, memory and block storage your cloud server is allocated. This gives you incredible flexibility and allows you to fully customise your cloud server according to your specific needs.
 
>Do also note when flexible plans are shutdown we only charge you for allocated storages and IPv4. Whereas in simple plans, it will be charged fully even when shutdown.
 
> Our simple plans are billed by the hour, up to a limit of 672 hours per month. Should you decide to use your fewer hours, you will only be billed for the hours you actually used.
Question 1 to UpCloud chat

UpCloud has very responsive and helpful chat staff.  I never had this level of help with Vultr, Digital Ocean or AWS.

Question 2 to UpCloud

After I chatted with UpCloud support I decided to deploy a simple (Ubuntu 18.04) Server with 1 CPU Core, 1TB network traffic, 1GB of memory, 25GB system drive and an extra 500GB storage device.

When you create a server you can add an extra storage device. Nice.

Add a new device to the main storage device.

When adding an extra storage device you can choose faster MaxIOPS storage or slower HDD based storage. 

I will choose HDD storage as it will be cheaper for a 500GB device.

Second storage MaxIOPS or HDD storage

I created a 500GB storage device for a Nextcloud data drive.

You can create up to 2TB storage devices with UpCloud.

Name of the second storage device

I selected Ubuntu 18.04 LTS as the operating system.

I chose Ubuntu as the operating system

I configured a login method as “Only SSH Keys” as I have already added my SSH key with a passphrase.

Login method SSH Keys only

I selected my SSH key.

If you have not previously added an SSH Key to UpCloud then click Add new. Read more here.

I selected an Initialisation script I previously created (that just outputs a “Hello World” to a text file). One day I will create an Ansible or Terraform script to set up a server.

Select SSH Key and choose an init script

I clicked Deploy

Fyi: If you don’t have a favourite virtual machine provider you can use my referral link to obtain $25 free credit (only if you are new to UpCloud). Every new user who signs up with my referral link will receive a $25 bonus to get started. That’s 5 months free server (1 CPU and 1GB memory Linux server).

I entered my desired hostname 

Deploying a server at UpCloud

I had a notification that the UpCloud Deploy is being deployed..

Deploy Underway

I could see in my UpCloud dashboard that the server was being deployed.

List of all my servers at UpCloud

Server deploy is underway

Wow that took a whole minute to deploy a 525GB Server.

Deploy log said it took 1 minute to deploy

Wow UpCloud are fast

Configuring the server with Putty

Now it is time to connect to the Ubuntu Servers CLI and configure the server.  I grabbed the IP address that was listed at UpCloud.

I opened Putty  and added the IP address for the server.

New Putty connection

Under the Auth section in Putty I added the path to my SSH Private Key (the same one that configured in the new server)

Putty add ppk file

I saved the connection and clicked Open. I clicked Yes to the SSH fingerprint when I verified it was correct.

SSH Connect Verity

I now had root access to my new server.

Default login

Time to update Ubuntu.

3. Updating Ubuntu

I ran this command to update Ubuntu.

sudo apt-get update && sudo apt-get upgrade

Confirming the 2x storage disks

I ran this command to verify I had the 2 storage devices I selected at server deploy.

sudo lsblk |grep disk
vda    252:0    0   25G  0 disk
vdb    252:16   0  500G  0 disk

Yes, I have a 25GB disk and a 500GB disk

4. Installing Common Software Packages

I installed these packages

sudo apt-get install htop
sudo apt-get install lshw
sudo apt-get install ufw
sudo apt-get install ncdu
sudo apt-get install nmap
sudo apt-get install iozone3
sudo apt install pydf
sudo apt install mc
sudo apt install nnn

5. Securing SSH with the Google Authentication PAM module

Before I carry on any further I need to enable hardware 2FA login protections to all SSH logins. I will follow the guide I created here (Setup two factor authenticator protection at login on Ubuntu or Debian).

Warning: Take a backup of your server first. If you set this up wrong say bye-bye to your server. If I lose my YubiCo YubiKey and forget my backup codes I will have a hard time getting back in.

I will force all SSH logins to require my Hardware YubiCo YubiKey to be inserted (to generate a temporary One Time Password (OTP)).

You don’t need a YubiCo YubiKey, a generic software authentication app is OK but I prefer hardware devices as they are more secure.

YubiKey In USB Port Photo

I set the timezone to match Australia/Sydney. If I enabled a 2FA (OTP) at login with a different timezone than my connecting machine I would never be able to login to my server as my server and local PC need to be in the same timezone.

I ran this command to set the time in Ubuntu.

pkg-reconfigure tzdata

I then checked the time

sudo hwclock --show
2020-05-31 23:17:02.873751+1000

I installed the Google Authentication PAM Module (read more)

sudo apt install libpam-google-authenticator

I ran this command to configure the Google PAM Module

google-authenticator

I was presented with these questions

Do you want authentication tokens to be time-based (y/n) y

I was presented with a secret key, verification code and backup codes (I saved these somewhere safe)

Do you want me to update your “/root/.google_authenticator” file? (y/n) y

Do you want to disallow multiple uses of the same authentication
token? This restricts you to one login about every 30s, but it increases
your chances to notice or even prevent man-in-the-middle attacks (y/n) y

By default, a new token is generated every 30 seconds by the mobile app.
In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. This allows for a time skew of up to 30 seconds between authentication server and client. If you experience problems with poor time synchronization, you can increase the window from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current
code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server.

Do you want to do so? (y/n) y

If the computer that you are logging into isn’t hardened against brute-force
login attempts, you can enable rate-limiting for the authentication module.
By default, this limits attackers to no more than 3 login attempts every 30s.

Do you want to enable rate-limiting? (y/n) y

I can review all config values later with this command

sudo nano ~/.google_authenticator

Now I will enable 2FA at login by editing this file

sudo nano /etc/pam.d/sshd

I searched for “@include common-auth” then added this line after it.

auth required pam_google_authenticator.so

I then comment out the following line (this is the most important step, this forces 2FA)

#@include common-auth

Picture of my /etc/pam.d/sshd changes

pam chnages

I saved the file /etc/pam.d/sshd 

Now I can enable the PAM Module by editing this file

sudo nano /etc/ssh/sshd_config

I searched for

ChallengeResponseAuthentication

And change the value to “yes”

I ensured the following line exists

UsePAM yes

I added this line then saved /etc/ssh/sshd_config

AuthenticationMethods publickey,password publickey,keyboard-interactive

Now I edited /etc/pam.d/common-auth

sudo nano /etc/pam.d/common-auth

I added the following line before the line that says “auth [success=1 default=ignore] pam_unix.so nullok_secure”

auth required pam_google_authenticator.so

Now I can restart the SSH Service and test the 

/etc/init.d/ssh restart
[ ok ] Restarting ssh (via systemctl): ssh.service.

I restarted my putty session and reconnected to my server and I was prompted for the password for my private key and the randomly generated one-time password that was linked to my YubiCo YubiKey. Nice

Now I need to whitelist my SSH port to select IP’s.

6. Installing a Firewall

I installed the UFW firewall by typing this command

sudo apt-get install ufw

I configured UFW to rate limit SSH logins by typing this command

sudo ufw limit ssh comment 'Rate limit hit for openssh server'
Rules updated
Rules updated (v6)

I configured some common ports

sudo ufw allow ssh/tcp
sudo ufw logging on
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 22
sudo ufw allow 53
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 873

I added Cloudflare firewall rules (as my domain is behind their firewall and I will remove all direct IP access to my server later)

sudo ufw allow from 173.245.48.0/20
sudo ufw allow from 103.21.244.0/22
sudo ufw allow from 103.22.200.0/22
sudo ufw allow from 103.31.4.0/22
sudo ufw allow from 141.101.64.0/18
sudo ufw allow from 108.162.192.0/18
sudo ufw allow from 190.93.240.0/20
sudo ufw allow from 188.114.96.0/20
sudo ufw allow from 197.234.240.0/22
sudo ufw allow from 198.41.128.0/17
sudo ufw allow from 162.158.0.0/15
sudo ufw allow from 104.16.0.0/12
sudo ufw allow from 172.64.0.0/13
sudo ufw allow from 2400:cb00::/32
sudo ufw allow from 2405:8100::/32
sudo ufw allow from 2405:b500::/32
sudo ufw allow from 2606:4700::/32
sudo ufw allow from 2803:f800::/32
sudo ufw allow from 2c0f:f248::/32
sudo ufw allow from 2a06:98c0::/29

I added appropriate Whitelisted IP’s that can connect to Port 22 (SSH), removed blanket port 22 access and I configured my firewall to allow 91 incoming and outgoing rules (this is a secret)

I reloaded and enabled the firewall.

sudo ufw reload
sudo ufw disable
sudo ufw enable

7. Installing NGINX and DNS

I update Ubuntu again

sudo apt-get update && sudo apt-get upgrade

I installed Nginx

sudo apt-get install nginx

I edited my NGINX config and I change the default www folder location. 

I also configured the log file location, mime types, max body size, gzip, default ports, ssl cert paths, security headers, default page, server name, sensitive file block rules, dns server, cache headers etc.

Read more to here to configure Nginx etc.

Fyi: Nginx config file locations

sudo nano /etc/nginx/nginx.conf
sudo nano /etc/nginx/sites-available/default

I typed my servers IP address into a web browser

Nginx installed

I created an index.html file in the www folder and added “Hello World” to the file.

If I type my server’s IP address into a browser I can see this file.

My DNS is with Cloud flare so I logged in and added 2 DNS entries (IPv4 and IPv6) that direct traffic my new server IP(s) for this subdomain. To obtain the IP addresses I logged into UpCloud and clicked my server then clicked Network and noted my IPv4 and IPv6 addresses.

I then went to Cloudflare and added a DNS record for IPv4 and IPv6 pointing to my servers IP(s). I enabled Cloudflare Proxying to allow Cloud flare to try and hide the IP of the server.  I then configured my firewall to block access to the IP except via Cloudflare and my whitelist.

I then checked for worldwide DNS propagation with https://www.whatsmydns.net/. After 3 minutes my DNS changes were all around the world. Thanks, Cloudflare.

I tried loading my site but CLiudflare said it was down.

Site wont load.

I created a new HTTPS certificate at Cloud flare just to be sure and added it to my sites.

Generated  new SSL cert

After investigating further I found this was because my primary website has a “Strict-Transport-Security header and I had enabled Full (Strict) SSL/TLS Encryption. I changed this to Full at Cloudflare.

Cloudflare HTTPS section

My site was now working.

SIte works

8. Installing PHP/PHP-FPM

To Install PHP 7.4 I ran this command to be able to get the latest version of PHP

sudo apt-get update
sudo apt -y install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

I installed PHP 7.4 with this command

sudo apt -y install php7.4

I checked that PHP is installed by running 

php -v
PHP 7.4.6 (cli) (built: May 14 2020 10:02:44) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.6, Copyright (c), by Zend Technologies

I setup some PHP Modules

sudo apt install php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-soap php7.4-zip php7.4-bcmath php7.4-tidy 

I noticed apache2 installed (and broke my Nginx)  so I uninstalled it.

 sudo apt-get remove apache2

I also blocked apache from installing again

apt-mark hold apache2
apache2 set on hold.

I checked to make sure Apache was blocked from installing

apt-mark hold apache*

apache2 was already set on hold.
apache2-bin set on hold.
apache2-utils set on hold.
apache2-data set on hold.
apache2-doc set on hold.
apache2-suexec-pristine set on hold.
apache2-suexec-custom set on hold.
apache2-dbg set on hold.
apache2-dev set on hold.
apache2-ssl-dev set on hold.
apachedex set on hold.
apacheds set on hold.
apachetop set on hold.

Now I will install PHP-FPM.

FPM is a process manager to manage FastCGI in PHP

sudo apt-get install php7.4-fpm

I checked the status of the PHP FPM service with

sudo service php7.4-fpm status

Output

php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2020-06-06 21:34:31 AEST; 1min 54s ago
     Docs: man:php-fpm7.4(8)
  Process: 7767 ExecStopPost=/usr/lib/php/php-fpm-socket-helper remove /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=exited, status=0/SUCCESS)
  Process: 7772 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.4/fpm/pool.d/www.conf 74 (code=exited, status=0/SUCCESS)
 Main PID: 7769 (php-fpm7.4)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 1147)
   CGroup: /system.slice/php7.4-fpm.service
           |-7769 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
           |-7770 php-fpm: pool www
           `-7771 php-fpm: pool www

I might add some PHP child workers if I add more CPU’s to this server later

I edited my php.ini

sudo nano /etc/php/7.4/fpm/php.ini

I made these changes to php.ini

file_uploads = On
allow_url_fopen = On
memory_limit = 512M
post_max_size = 50M
upload_max_filesize = 50M
cgi.fix_pathinfo = 0
max_execution_time = 360
date.timezone = Australia/Sydney

I added read this page (Nginx Configuration) and edited my /etc/nginx/sites-enabled/default

I tested and reloaded the Nginx config and restarted NGINX and PHP

nginx -t
nginx -s reload

sudo systemctl restart nginx.service
sudo systemctl restart php7.4-fpm

sudo systemctl status nginx.service
sudo systemctl status php7.4-fpm

To test PHP FPM I created a php file in my website root and added the following text

<?php phpinfo( ); ?>

I loaded this file in a browser and I confirmed that PHP-FPM was installed.

The test was ok (I deleted this test file), I deleted the index.html and created an index.php file

PHP-FPM test ok

9. Installing MySQL

To install MySQL I ran the following command

fyi: All usernames and database names are for example only.

sudo apt install mysql-server

I configured MySQL With this command

sudo mysql_secure_installation
Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

...
Would you like to setup VALIDATE PASSWORD plugin?
y


There are three levels of password validation policy:
STRONG

Please set the password for root here.
New password:
**************************************************

Re-enter new password:
**************************************************

Estimated strength of the password: 100

Do you wish to continue with the password provided?
y


Remove anonymous users?
y

Disallow root login remotely?
y

Remove test database and access to it?
y

Reload privilege tables now?
y

Now to test MySQL I will login to it

sudo mysql -u root -p
************************************************************

Now I ran the following to create a database for Nextcloud

mysql> CREATE DATABASE databasename CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
Query OK, 1 row affected (0.00 sec)

I verified the database was created

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| databasename       |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

I created a database user 

mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY '************************************';
Query OK, 0 rows affected (0.00 sec)

I verified the use was created with this command

mysql> SELECT User,Host FROM mysql.user;
+------------------+-----------+
| User             | Host      |
+------------------+-----------+
| **************** | localhost |
| **************** | localhost |
| **************** | localhost |
| username         | localhost |
| **************** | localhost |
+------------------+-----------+
5 rows in set (0.00 sec)

I set permissions to add the user to the database

mysql> GRANT ALL PRIVILEGES ON `databasename`.* TO 'username'@'localhost';
Query OK, 0 rows affected (0.00 sec)

I verified the permissions with this command

mysql> SHOW GRANTS FOR 'username'@'localhost';
+--------------------------------------------------------------------------+
| Grants for [email protected]                                      |
+--------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'username'@'localhost'                       |
| GRANT ALL PRIVILEGES ON `databasename`.* TO 'username'@'localhost' |
+--------------------------------------------------------------------------+
2 rows in set (0.00 sec)

Finally I flushed permissions

mysql> FLUSH PRIVILEGES;

Now the databases is ready for Nextcloud

10. Nixstats

If you do not know what Nixstat’s is check out my post here Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc

I logged into Nixstats and click Add Server. I ran the provided install command.

wget -q -N --no-check-certificate https://nixstats.com/nixstatsagent.sh && bash nixstatsagent.sh ################## ##########################

Todo: Configure Nixstats PHP-FPM and NGINX Reporting (work in progress). My firewall rules are too tight for this install.

Handy Links

  • Monitoring Nginx with Nixstats
  • https://help.nixstats.com/en/article/monitoring-php-fpm-1tlyur6/

11. CronTab Updates

I created a update.sh file that I can call from a crontab entry to update Ubuntu and other software every xx hours.

I added this to my crontab.

12. Misc Security Stuff

I made sure my firewall only allowed traffic to my server was from Cloudflare IP’s and Whitelisted IP’s

Cloud flare IP’s can be found here.

https://www.cloudflare.com/ips-v4/
https://www.cloudflare.com/ips-v6/

At the time of writing the IP’s are 

173.245.48.0/20
103.21.244.0/22
103.22.200.0/22
103.31.4.0/22
141.101.64.0/18
108.162.192.0/18
190.93.240.0/20
188.114.96.0/20
197.234.240.0/22
198.41.128.0/17
162.158.0.0/15
104.16.0.0/12
172.64.0.0/13
131.0.72.0/22
2400:cb00::/32
2606:4700::/32
2803:f800::/32
2405:b500::/32
2405:8100::/32
2a06:98c0::/29
2c0f:f248::/32

I blocked access to my webserver (port 80 and 443) to anyone but Cloudflare.

I whitelisted DNS traffic to only Up Cloud. Thanks, Lon.

Up Cloud support is awesome.

UpCloud Support

Installing NextCloud

Finally I can Install Nextcloud, I navigated to https://nextcloud.com/install/ and clicked Download for Server

Download Nextcloud

I will use the Web installer to Install Nextcloud.

Web Installer Tab

Nextcloud web installer instructions

Setup Instructions

Snip about the Nextcloud Installer from the download page

The Web Installer is the easiest way to install Nextcloud on a web space. It checks the dependencies, downloads Nextcloud from the official server, unpacks it with the right permissions and the right user account. Finally, you will be redirected to the Nextcloud installer.

1) Right-click here and save the file to your computer
2) Upload setup-nextcloud.php to your web space
3) Point your web browser to setup-nextcloud.php on your webspace
4) Follow the instructions and configure Nextcloud
5) Login to your newly created Nextcloud instance!

You can find further instructions in the Nextcloud Admin Manual.

Note that the installer uses the same Nextcloud version as available for the built in updater in Nextcloud. After a major release it can take up to a month before it becomes available through the web installer and the updater. This is done to spread the deployment of new major releases out over time.

I used WinSCP to upload the setup-nextcloud.php to my Nginx web root  folder

WinSCP uploading

I loaded the setup-nextcloud.php file from, my web browser.

Loading setup-nextcloud.php

I entered “.” to install Nextcloud to the website root.

Install Next cloud to .

There is no way Nextcloud installed in 2 seconds, I checked the size of the disk usage in my website root.

sudo du -hs /web-root
313M

Nextcloud took about 10 seconds to download 313MB onto my UpCloud Server.

Fyi: I installed the SpeedTest CLI app and ran a benchmark and UpCloud Chicago can download as 937Mbps/sec and UpCloud Singapore can download at 717Mbps/sec. 

Nextcloud is installed.

Now I need to enter the data root folder for Nextcloud . I installed lswh to be able to see my 500GB disk.

sudo apt-get install lshw

I ran the following to see my disks

sudo lshw -class disk -short
H/W path        Device     Class      Description
=================================================
**********      /dev/vda   disk       26GB Virtual I/O device
**********      /dev/vdb   disk       536GB Virtual I/O device

I formatted my disk

sudo mkfs.ext4 /dev/vdb

I created a new folder under mount to connect to the partition. The folder name is a made-up sample

sudo mkdir -p /mnt/foldername

I mounted the partition to the folder

sudo mount /dev/vdb /mnt/foldername

I made sure Nginx can access the folder

sudo chown -R www-data:www-data /mnt/foldername

I changed to the partition mount

cd /mnt/foldername

I created a test 490GB file

fallocate -l 490G test.file

I checked the file

ls -al
-rw-r--r-- 1 username useername     526133493760 Jun  9 19:38 test.file

I deleted this test file and set this mount point as the data file in Nextcloud setup.

I added a new Nextcloud admin username and password,  mount folder for Nextcloud data folder, the SQL database user/password/database name and host and clicked Finish Setup

Nextcloud details

Nextcloud was setup.

Misc Setup

I ran the /settings/admin/overview report to see if I needed to perform andy final setup steps. I have a few missing php modules and a few optimisation tasks that need resolving.

Links to resolve.

  • Path Fixes
  • PHP Memory Limit
  • PHP Server Tuning

Nextcloud External Security Scan

I loaded https://scan.nextcloud.com/ to perform a external security scan.

Security Scan

Scan Results

All good so far.

Adding Two-Factor Authentication (YubiKeys)

I noticed in the Nextcloud security setting page I can setup a YubiKey as a pass-wordless  login device.

Web AuthN device

This would allow me to insert my YubiKey to login automatically

Auto login.

I added my YubiKey and gave it a name.

Name a YubiKey

The password-less login method is a bit insecure as anyone that has my YubiKey can access my site.

I think I will set up a Two-Factor Authentication/OTP login method and link that to my YubiKey.  I visited the /settings/apps/security page and installed the Two-Factor TOTP Provider app.

Install the OTP App
Install; the OTL app

I clicked the checkbox next to TOTP

Enable TOPT

The app generated a QR code that my YubiCo Authentication App can use to link to Nectcloud

I verified the QR scan and entered the 6 number verification code from my YubiCo Authenticator app

Scan the QR Code

Two Factor logins are now enabled.

2FA Enabled/

Now after I log in I have to enter a temporary 6 digit number that is only valid for 30 seconds (and only after entering my YubiCo YubiKey into my PC and entering its password)

2FA enabled at login/

Nice

Nextcloud Overview

I logged into Nextcloud and was greeted with a wizard.

Welcome screen

The sample images in the welcome screen are a bit small.

welcome screen summary

I can add native apps to Windows, Mac, iOS and Android or I can log in via the web page.

App downalod options

Pointers to the manual, community help and forums.

Help options

Main screen is clean.

Main Screen

A user context Menu is linked in the top right.

Drop down menu.

I setup email alerts (I allowed outgoing ports in my firewall)

sudo ufw allow out 465/tcp
sudo ufw allow out 465/udb

I used my GSuite account to send emails.

email settings

Syncing Files from my PC to Nextcloud

I tried uploading my 150GB Acronis Backup image file to Nextcloud by the web interface but this will fail for sure, this will take many hours.

Acronis image uploading.

I decided to configure Acronis True Image to split backups into 100MB chunks.

100GB file sizes

I created another Acronis image of my Windows Drive.

Nextcloud Windows App

I visited https://nextcloud.com/install/ and installed the Nextcloud Windows app to sync files.

Download windows app

I clicked Windows

Windows Download

Click Next

Click Next

Click Next

Click Next

Click Install

Click Install

Nextcloud sync app is now installing

Installing Wizard

Next cloud sync is now installed.

Run Nextcloud

Click Log in

Login Screen

Enter your Nextcloud server https address and click Next

Enter https server

A web browser login screen appeared and I logged in 

Login to the web app.

After I logged in Nextcloud sync was connected

Sync Connected

I was prompted to sync everything online to my local PC or choose folders to Sync .

Sync File dialog.

All files that were in Nextcloud synced down (that I selected)

Nextcloud sync

I set Nextcloud to start at Windows start.

Start at startup.

I reviewed Download and Upload limits

I decided to add my U:\AcronisBackup folder to my Nextcloud server.

U:\AcronisBackup added rto sync

I was asked to add this to a remote Nextcloud folder.

add to destination folder dialog

Files were backing up.

I has 150GB of Acronis backup files backing up.

I could see each 100MB section of the Acronis Backup appearing in the Nextcloud web app.

Nextcloud Web site

I noticed that the raw file system list of files was about 30 seconds ahead of the web list.

ls -al list of the file system

I had an Alert from my Acronis Backup software that new backup files were downloading.

The Acronis backup folder started backing up but I noticed it was redownloading to a new folder.  I don’t want this.

I allowed Nextcloud to access backup files

I paused the Nextloud Sync and my 150GB Backup was re-downloading to a new folder.

pause backup

It looks like U:\AcronisBackup was backing up then downloading to U:\Nextcloud\Simon\AcronisBackup.

File dialog

I moved my Acronis backup from U:\AcronisBackup to U:\Nextcloud\Simon\ZENigma (ZENnigma is the name of my PC)

I moved my 150GB backup files into Nextcloud folder/

I deleted the old sync of U:\AcronisBackup and started the Nextcloud Sync again

Sync restarted

Now my Acronis backup (150GB) was backing up to Nextcloud.

Backup working

It took 24 hours to backup 150GB from my PC to my server in Singapore.

I can see a handy summary of synced files and disk space used/free.

Done

I can control the sync with a System Tray App.

Sys Tray APp

Nextcloud Conclusion

Pros

  • Free
  • Works well.
  • I have an offsite location for backups and an area for file sharing with my family
  • Faster than Backblaze and Dropbox

Cons

  • Needs better Hardware 2FA support
  • Some Nextcloud web pages are not mobile-friendly (e.g add new user)
  • Needs better post install security checks
  • Web view of files could be updated more often, there is as 30-second delay between the web list of files and a CLI list in Putty of /mnt/foldername/username/files/

Troubleshooting

NGINX website is not loading

Check to see if a package has downloaded apache (this will take out Nginx).

Also, make sure you have set permissions on the folder that holds your SSL Certificates and allow your Nginx www-data user read access.

sudo chown -R www-data:www-data /etc/nginx/https-cert/

Deleting a MySQL Database

I had an issue where Nextcloud did not like the database I created so I ran the following to revoke the database users permissions, remove the user and I deleted the database.

Command to revoke the users MySQL permissions

sudo mysql -u root -p
*************************************
mysql> REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'databaseusername'@'localhost';

Delete the MySQL user

sudo mysql -u root -p
Enter password: *************************************
mysql> DROP USER 'databaseusername'@'localhost';

I reset flushed permissions

sudo mysql -u root -p
Enter password: *************************************
mysql> 
FLUSH PRIVILEGES;

To delete the database run the following.

mysqladmin -u root -p drop databasename
Enter password: *************************************
Dropping the database is potentially a very bad thing to do.
Any data stored in the database will be destroyed.

Do you really want to drop the 'databasename' database [y/N] y
Database "databasename" dropped

Thanks for Reading

Fyi: If you don’t have a favourite virtual machine provider you can use my referral link to obtain $25 free credit (only if you are new to UpCloud). Every new user who signs up with my referral link will receive a $25 bonus to get started. That’s 5 months free server (1 CPU and 1GB memory Linux server) 

v1.1

Filed Under: 2nd Factor, Backblaze, Backup, Database, Domain, Google, Nextcloud, Putty, SSH, UpCloud Tagged With: backblaze, Dropbox, Google One, Nextcloud

Connecting to a server via SSH with Putty

April 7, 2019 by Simon

This post aims to show how you can connect to a remote VM server using Telnet/SSH Secure shell with a free program called Putty on Windows. This not an advanced guide, I hope you find it useful.

2020 Update. I have stopped using Putty and WinSCP. I now use MobaXterm (a tabbed SSH client for Windows) as it is way faster than WinSCP and better than Putty. Read my review post of MobaXTerm here.

You will learn how to connect (via Windows) to a remote computer (Linux) over the Telnet protocol using SSH (Secure Shell). Once you login you can remotely edit web pages, learn to code, install programs or do just about anything.

Common Terms (Glossary)

  • Putty: Putty is a free program that allows you to connect to a server via Telnet. Putty can be downloaded from here.
  • Port: A port is a number given to a virtual lane on the internet (a port is similar to a frequency in radio waves but all ports share the same transport layer frequency on the internet). Older unencrypted webpages work on Port (lane 80), older mail worked on Port 25, encrypted web pages work on Port 443. Telnet (that SSH Secure Shell uses) used Port 22. Read about port numbers here.
  • SSH: SSH is a standard that allows you to securely connect to a server over the telnet protocol. Read more here.
  • Shell: Shell or Unix Shell is the name given to the interactive command line interface to Linux. Read more about the shell here.
  • Telnet: Telnet is a standard on the TCP/IP protocol that allows two-way communication between computers (all communicatin issent as characters and not graphics). Read more on telnet here and read about the TCP protocols here and here.
  • VM: VM stands for Virtual Machine and is a name given to a server you can buy (but it is owned by someone else). Read more here.

Read about other common glossary terms used on the Inetre here:
https://en.wikipedia.org/wiki/Glossary_of_Internet-related_terms

Background

If you want a webpage on the internet (or just a server to learn how to program) it’s easier to rent a VM for a few dollars a month and manage it yourself (with Telnet/SSH Secure Shell) than it is to buy a $5,000 server, place it in a data centre and pay for electricity and drive in every few days and update it. Remote management of VM servers via SSH/Secure Shell is the way for small to medium solutions.

  • A simple web hosting site may cost < $5 a month but is very limited.
  • A self-managed VM costs about $5 a month
  • A website service like Wix, Squarespace, Shopify or WordPress will cost about $30~99 a month.
  • A self-owned server will cost hundreds to thousands upfront.

There are pros and cons to all solutions above (e.g cost, security, scalability, performance, risk) but these are outside this post’s topic. I have deployed VMs on provides like AWS, Digital Ocean, Vultr and UpCloud for years. If you need to buy a VM you can use this link and get $25 free credit.

I used to use the OSX Operating System on Apple computers. I was used to using the VSSH software program to connect to servers deployed on UpCloud (using this method). With the demise of my old Apple Mac book (due to heat) I have moved back to using Windows (I am never using Apple hardware again until they solve the heat issues).

Also, I prefer to use Linux servers in the cloud (over say Windows) because I believe they are cheaper, faster and more secure.

Enough talking lets configure a connection.

Public and Private Keys?

Whenever you want to connect to a remote server via Telnet/SSH Secure Shell you will need a public and private key to encrypt communications between you and the remote server.

The public key is configured on your server (on Linux you add the public key to this file ~/.ssh/authorized_keys).

The private key is used by programs (usually on your local computer) to connect to the remote server.


How to create a Public and Private Key on Linux

I usually run this command on Ubuntu or Debian Linux to generate a public and private SSH key.

sudo ssh-keygen -t rsa -b 4096

The key below was generated for this post and is not used online. Keys are like physical keys, people who have them and know where to use them can use them.

Output:

Generating public/private rsa key pair.
Enter file in which to save the key (/username/.ssh/id_rsa): ./server
Enter passphrase (empty for no passphrase): ********
Enter same passphrase again: ********
Your identification has been saved in ./server.
Your public key has been saved in ./server.pub.
The key fingerprint is:
SHA256:sxfcyn4oHQ1ugAdIEGwetd5YhxB8wsVFxANRaBUpJF4 [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| .oB**[email protected]       |
|  +.==B.+        |
| o .o+o+..       |
|  .. +..o...     |
|    o ..Sooo.    |
|         ++o.    |
|        .o+o     |
|        .oo .    |
|         ...     |
+----[SHA256]-----+

The two files were created

server
server.pub
  • “server” is the private key
  • “server.pub“is the public key

Public/Private Key Contents

Public Key Contents (“server.pub”)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7Xo9bOCXJ7gVjP8tKOxHVId3KTo5I0VRU/kSRK3+mGd5VbDbQABo3tdWzYhzkjODzRS9TeL2dcLAQNNQKshi9IW5IGDS1NocSCLFQId5BFr9s3E79fkWqcZkKmwocepXOOZ91EDKgIFxviOzZKe99sdxxMoZzi1nxgVyXl4TnaelyiQxeKYniVs1iqDfYWQCxkKsmYit8TvGtOwrhLvKNh9362/y5ebpXVdFlRuB83eF7k8RHNYCQyOJJVx4cw3TIsAN0GMOwjuaOZbp7rR1d6k7RZmaApNRTbaWOXy32UiBST5TV/jXF2UL/4IBnn+yvCrM0v79e/3omgjlVVKfWByFzMv/YlBKCAX3xxtJQ9RkzTqseKupXmmJU0rik6Xuz31N2oyw4M7yJofSUGVCN0pnpKEvnKxqolfD9egdQy2XDaNioY7cvOO1qRegCKE0sDh1m5MzJWMhbDs7macSMyd6+0O5qWc/ByHy0G/mVbd8kO4jIuEzEs4IFkPCToEZp7KfkY7KRkOhccLbQ4ApCesUfBtGGAN1f33NnXCHae3Cx46nSd23fvgDZUVnjI47tNJH5Z8FNVlW/fp5Rgeu/aPUephnDX2IBxwIKQOmSTDY+nxU4V+c93H1gSOJfvqYbVKIAXKyN9Yh6LC44ZvLrL4q0TC0QlH2+kxMLnuj7zw== [email protected]

Private Key Contents (“server”), always keep the private key safe and never publish it.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D34670C40CE3778974BEF97094010597

b4oecyqLsWt9n+G12ldVNlaQxSKF1wSrlBPg6FGiHRauTCyreUwoI2dMOAkwnGmN
8fcy51fH7D3Kg0G9fWWNPd+oUDwZmrpB8Mv6Ndk4bLYZEbkNOFgvPwNre7edTBOD
JGZRdWqb+yrywgvz3iTXPNjNK5REU3u3JmD69jInFNo92j765QQKA4sFgEyD/8g+
zg8yefIQAhEsVELC5LXPPyuTfA+x0Q+040PqCJ+FCISJI1CeZjLwk7Fbe453Vj81
zaDsurl5X5gaRUlVjB2asr6etWdMLWcalX4Nbyj2A10L3J4ONjKq3Wc2muJ0Q6ES
oNqBaU2iHPlK8yK0TGj/ERfjaG1qdlhBcow0pSapRqGopXBuVBLVuyc2NHe5CCTk
Ezq+LZGsVYmiOIIY4QRJdEN/DVLFHRGK/xA9A7unm484zXIEO6wznE0DuCTtyZs0
luJ3bKLRcack3K1Dphq0LjSG4YxQlkHewa9k9AKpDPTqeeKKckySakiDCGPT6htk
VqaCKrApAt6GQ2hLVXZ0BFVN5A3WUJ5s+HpFvTUzHTNZcdsVS4PgxhuCtnSO/BdS
/G+ODc4aZJNYQD9QQfWUnxkgnQJCWJ+aBZtKF7eDPRYY7qD9jWxubDzrFplBkmAi
O+aX5N8dpU3lEty4INjyh5LpgZW3swjUhEKWi/c1k+Qd1gCWzYzwAq2BfpWcF8Z+
c+y9lQUKbq2yDlxReCIsfb/hda5k1HjgaUlhKbjWIITSlGqf/NE9i+vj0rQEMQXQ
mxBoilfLUPd5A1ttG5XvqC2ex5HBmjzCazZ13Z/2c/PkwicHBmrf5bKYHZp49niV
44n8tZRamCUv6HaJUaKR22MigOG/qGppGPodGeLNj1DFLYAEQ78SYcVhEqIICBo1
t1yaIemUq8MWXSZz1K3cP4FEXQcEziQxFLU/0DCE0P0mIU3MExUmjB/nVE8vxb5l
p3ej3yrRGe+P2neco2gttgaTEi6l/S+0TIiZNstnVPG48BPW71mwVg9XR1d+avO7
OpXt0UgocX0xp7zBgK2up8Ai6v66WwjoNgyvFe02aK4/+fSC+aJ5D6N7JVNxd/bn
Py4W8oLKnrE1PKtIfBw/aE+rgudaMIyuxCaLllRKyDxVPPiJFp2iFcH/Y+k+0vDa
xE9Jpdd0zOWkZyebAxrS8zAUUNNaTQ+rWkj/zORjE4ptHpdwdazzHoQwIs+1kjsv
e/+JEmoskH7XozLnxClVhhWMXWfgQsPWBqPnGzieW0tv9SeIAU/BLJCHJRhBMAT1
ugBtcda1VMlAPVroYtVyUdCxkYZqGfIDbKqtOvvuBgUIUe/HnC3ExQQycC9F05BH
RJibaM/11MLTcZSO7KOK65Dg2v3VBhe6rfDl4tTR0yOySPXCacb9aMt2pMPTEe0/
wU49wCefchfD2bsR3kXPpUqm+HbkHORpIwsMZfQO/8dooXYdiYUdzV9roXG6OGVQ
SsV/xR2lE3XrR71TBegfRnQirI8tj4psSor+yCj3qV936Oh31D96Z6P4glshibsG
ffWAO/TSdu5ZV+UVahh6bTozs+g+odUu/S48TeI1fk7lPlqwZdjoSHXUI2v1FAQ2
jSSywuZQxHlGhg6OeI052cxx3zcVyVVLFHhIrfvufNc3c3+KYhtyiSzBNYN1BrJi
xNXwlDS1jYWgRHkf9zbNBU0MLTYHjZZvO9Jpl/UhKKBdIvJFwmGmXS2lgU6slunJ
Ojp4tY1tbI520KOskV/OoqEfmhXh5fTlI3onzoK1aLqxk1d0d65ONcxqVbAG79RN
b0Q5PgewSOgFlcZ7tEIZKAWsWVhjlFTSGRujdZVM1vZB9fCJesemai7HU0e4J+Do
tqvss8I2n6TPxlTYFzQ4w12pIiOzx/8cFLX78NLN8wQFElhhczeuW5HDAnmPxYhQ
eLY0HgDCFSvVAvGXo0j1gcBUcOr/LzZSsJhxsB7FKyrUjlmD/7Y45WoKJj41bKL+
y4+iDhXyLBiqVClRijsguwiCkmPFiR7Bng2pglS0oIWPWu1UbTJWVJPfuUTOBC+M
4/2fBtgFjUz8iUISs9ncEKkERlxodBIu+ekgLJZAigSMvUKfGE1YB1AA9x96VLjd
VJSjjWvnhMEoSwNzlNQ9+dhoD5Cg9zicgIIKnHnovYGOu8g9ZWfvhJFrKZgkfLRv
r2KgkWiHWpf0swiyGUOlGJDe39nMMkoxib7XE/J3VI3na1ZUOIf8kl9kdHXJ0R3C
2IjdbfiFHEDOrakp5oeVf8BbLK7RB8OlxgJAS47Byh8j97U7f13A5ZYlK3bkZ7E4
h7mCJQozgWP81ut0d9WUlcKp5M8yg2ctZ7h4oeG4Js4ceHqd19Z4P+1xWKwXcdmV
+uhiTftevTu3/UhYQVV4ck98C9pursJJYL5hTnIIpTSWIR+jSahhtzUy/upjugPp
cKi6eGlOkcHdKNRtiu7/IZqni85fC8PAwPZ93SICdiq6BpGaGWFh046weIJuflSK
Pd76+M70YRd+pkaRjJyFJ3hLyg7W5mlOb1+yBIlXKzpbch9B5E4dRHCcOsg4+v/9
exRgAnvUIhR/GpSySDDwgKHg8rAyjjoGeZFH3TJIemAAimyaR608a9tCn7SxVobs
UQlZ9WwC0dQIEv7mSvSige3imbybPtCoBHJAqsJqKCFJEDWbIF5l2VYZcfJUYaEI
oZAJHYGnZm33yQ6eSOusXJ2SnnGZ+ZsGO4bDVSwN20FkSt11gN8Wjrki9CxeVQp7
dWbKX1r/lZw74yUB4cYN23hgLJsdqvM7THzwlBkVtgV74RGY0qv59ecBUSQedlSK
dkOnkmoCiGRSNyf+ebijQaygnfK0ArG5wiRF/RQWiPFj7S6DHRxIOrXqcmvhJ7Ly
NApn9pPYyoZEAbk82MAXkapZ5+YLIKLjdNsYuKq5xVty+mc+FfxLWmZGX+QQinra
Z9DfY9KQw4rxJ/ju4ILnDrygm/QBsNFXBojOuzOIULt7c26s3d/47T+IXA4SIX4v
cPqYa6S3PU/Yoe5/Ya3tFxXmBXgEgVLZuujMs7dyCOAqLEyBEHYqIclp+TElWQLR
V660fczVXeedfd2tNBy1IBj1vhGa9j5mZLbFwTczykwCFfihLIrxSEc1MQA4CaSX
-----END RSA PRIVATE KEY-----

The Public and Private keys is used to encrypt all Telnet/SSH connections and traffic to your server. Keep these key’s private.

fyi: Putty can create SSH Keys too

If you do not have a Linux computer or Linux server to generate keys the Putty generator can create keys too.

Puttygen generating a key based on the randomness of mouse movements.

I did not know Putty can create keys.

Do save the public and private key(s) that were generated in Puttygen (tip: PPK files are what we are after along with the public key later in this post).

Public keys are added to your server when you deploy them. On Linux, you can add new Pulic keys after deployment by adding them to this file “~/.ssh/authorized_keys” to allow people to log in.

Puttygen does format the keys differently than how Ubuntu generates them. Read more here. I’ll keep generating keys in Linux over Puttygen.

Output of the public and PPK files from Puttygen

Putty SSH Client on Windows

Putty is a free windows program that you can use to connect to serves via SSH. Download and install the Putty program.

Open Putty

Putty Icon

Default Putty User Interface.

Screenshot of the Putty Program

To create a connection add an exiting IP address (server name) and SSH port (22) to Putty.

Screenshot of an IP and port entered into putty

In Putty (note the tree view to the left of the image), You can set the auto login name to use to log into the remote server under the Connection the Data in the tree view item

Screenshot showing the SSH usename being added to putty under Connection then Data menu,

You can also set the username under the Connection then Rlogin section of Putty.

Set the usernmae undser rlogin area of putty

OK, lets add the private SSH Key to Putty.

Putty Screehshot showing no support for standard SSH keys (only PPK files)

It looks like Putty only supports PPK private key files not ones generated by Linux. I used to be able to use the private key in the VSSH program on OSX and add the private key to connect to the server over SSH. Putty does not allow you to use Linux generated Private keys directly.

Convert your (Linux generated) private key to (Putty) PPK format with Puttygen

Putty comes with a Key Generator/Converter, you can open your existing RSA private key and convert it (or generate a new one).

TIP: If you generate a key in Puttygen don;t forget to ad’d it to your authorized host file in your remote server.

Open Puttygen

Puttygen icon

Click Conversions than Import Key and choose the private key you generated in Linux

Screenshot showing import RSA key to convert

The private key will be opened

Screenshot of imported RSA key

You can then save the private key as a PPK file.

Save the private key as a PPK file
“server.ppk” Key contents (sample key)
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: imported-openssh-key
Public-Lines: 12
AAAAB3NzaC1yc2EAAAADAQABAAACAQC7Xo9bOCXJ7gVjP8tKOxHVId3KTo5I0VRU
/kSRK3+mGd5VbDbQABo3tdWzYhzkjODzRS9TeL2dcLAQNNQKshi9IW5IGDS1NocS
CLFQId5BFr9s3E79fkWqcZkKmwocepXOOZ91EDKgIFxviOzZKe99sdxxMoZzi1nx
gVyXl4TnaelyiQxeKYniVs1iqDfYWQCxkKsmYit8TvGtOwrhLvKNh9362/y5ebpX
VdFlRuB83eF7k8RHNYCQyOJJVx4cwnTIsAN0GMOwjuaOZbp7rR1d6k7RZmaApNRT
baWOXy32UiBST5TV/jXF2UL/4IBnn+yvCrM0v79e/3omgjlVVKfWByFzMv/YlBKC
AX3xxtJQ9RkzTqseKupXmmJU0rik6Xuz31N2oyw4M7yJofSUGVCN0pnpKEvnKxqo
lfD9egdQy2XDaNioY7cvOO1qRegCKE0sDh1m5MzJWMhbDs7macSMyd6+0O5qWc/B
yHy0G/mVbd8kO4jIuEzEs4IFkPCToEZp7KfkY7KRkOhccLbQ4ApCesUfBtGGAN1f
33NnXCHae3Cx46nSd23fvgDZUVnjI47tNJH5Z8FNVlW/fp5Rgeu/aPUephnDX2IB
xwIKQOmSTDY+nxU4V+c93H1gSOJfvqYbVKIAXKyN9Yh6LC44ZvLrL4q0TC0QlH2+
kxMLnuj7zw==
Private-Lines: 28
DkpbM78GgGBSgfs9MsmZwDJj6HFXdoe+fCP1rLnwbE99mvU6Fbs23hXd+FsVdQbb
VR5tKTocV7tEwGjtLCHSTSF6gap0l4ww0Ecuvr/Dra2CJ2BsntyssBrWnlUT7OlA
M9zKQAzywAy4AHkph0YvH4l7BcJ5V1pUltm2JDTU6+iFqXDsstUUEDcQ4u0EalWU
EEsW+quNSwO0HBHvWY6N7tbiuEN9L+cFYIdsJEDfqM4hNi+7Ym+SQq5FOPyA6gXa
vhujsjPQAWI3TFxh7EIvsPDMCXxWHL6qaDvOMmPPTZDbEvm4nQ5Kax9jWacPILn7
ezc7ZAiZdDiFbkF3TLyuHx71mjChZgLoZLWYfXR3MBEEYnkNO/7oSMRUwDzEyWKW
ZgqdUtGg0cR+qWvaxQTDQsN/DjB7jGgnlreF92S8xSsbk5GgpZnTQ1V0cm3oecB+
+JP90K4Fi979gPWnwTfg6ZvmLUiVz3uBbvegkT9CVZhhZXSKq53H+SjTZfKBPrM9
NHGLkYr1WjToGR39LMrh4X3KChGewMFyuxtpkEQV60eCnHZBHgTco2A0yriRprOP
Ks4qJXOtZnsMYMesUDX9W5wLc4HcRvRh2UBPw/8bPz6mNrBk8j5SPIwBrPMIBejd
4IPoYezaEFKPg2bP7dn+Nftz5CGagcV2g+zhE615dsWzX1P7yu/1dTmz9LXaMmN6
d+zJE8TtjeaoW5NE1H3Flj9rknzJW7xQfokhS5hMkOg6J0AA6Pk13tupu8WHMkVB
x7nVu876f8tIbT8GzXCGgSl+zS7IJO3pt9T9QHIYa+T3oTIUqfBfK1WffUZwHMRn
Xn/VKUtIIIPiVfCtQuxSrTiJzQcoJ/yvfv62YAGv2LsDlBoHfXRdf6h3TCCCOVxT
WE45sbj3gJ1Cgjt1SEd/8A3hkstn2U2NKBI9gkB9H5BbDJoAXq6/4CkwaQvSEzs7
LK5btRlWop+7gqkyMPpgxv9li9IEDJ999ufMqxkFgOBkmkR5Si71elXRnwiKrjfU
Ce14iy7Dd7lb7IU9OEBjWFZlSigVEnc8klhGHDuxnojiW1ld7pUDIkAAbdTMOFON
abcpfNwcg5Y3l+1KwIQHuewAUuA9472jV4V9EAn7pJ7wgmYHbzMzg9Z9dM8h/3UI
axBzAW+cJM80gN+nZMbmDC9FkXV16GSuqC2iQUVGb2TIheAS7oCR+JFZFQNv0ytF
rGQ9K1wIGbMI4oDPcAid7DzrEXVl3d2x8MtwF/WzfHehVJD1h1uNwezLf1gBKyas
9GBfDOYwd8zgaL2H99GYD1Ba7TePJY81mx7m10eYdwDj1vCpboKE3cE6AyL7ki+4
Ix7GSzQs9NBckF9+8eVXe2T4Cc450hIoN0BWcxVUUdGCA1skZ1PczPs1z/ae4lxd
l5WmPy8Gyh7cnZpyqzvwAPSFDadkNP60eekfkRHyo4QyLhj7QZtO0kOgWhT3CHma
FjZ5jJu59U/4gc0TpQ8ra3vgKQKudloExsg027+34nR98dN+zzUj4S2C/J34W98C
DEEu/SO7nfW/a2UARXBKWCbS+3j24zHc9dbgX2tZoAoInUvRGiSOsLVsMhDiBoyb
wWoNxrKPR3Fi5zZ+GfDUgUGpZoW/b54KnFouIHBYbI41Gkh4vj6lxOGh/sb3SPHd
Wg6EN/0z/mer3bG0a2/ZHKYA5KGWRXWYvYLz4Je8fb/egBrSU6BztwSNeilzA9lI
J4BO7pzXECnWYutB14UxHw==
Private-MAC: 12298fa865ac574da81898252e83b812200cba59

Now the PPK key can be added to Putty for any server connection that uses the public key. Use the right key for the right server though.

Add the private key to a Putty server by clicking Connection, SSH, AUTH section and browing to the PPK file.

Screenshot showing the PPK key file added to Putty

Now we need to save the connection, click back on the Session note at the top of the treeview, type a server name and click Save

Save Putty connection.

Connecting to your sever via Telnet/SSH wiht Putty.

Once you have added a server name, port, usernames and private key to Putty you can double click the server list item to connect to your server.

You will see a message about accepting the public key from the server. Click Yes. This fingerprint will be the same fingerprint that was shown when you generated the keys (if not maybe someone is hacking in the middle of your local computer and server)

Putty messgae box asking to to remember the public key

Hopefully, you will now have full access to your server with the account you logged in with.

Screenshot of an Ubuntu screen after login

Happy Coding.

Alternatives to self-managed VM’s

I will always run self-managed server (and configure it myself) as its the most economical way to build a fast and secure server in my humble opinion.

I have blogged about alternatives but these solutions always sacrifice something and costs are usually higher and performance can be slower.

I am also lucky enough I can do this as a hobby and its not my day job. when you self manage a VM you will have endless tasks or securing your server and tweaking but its fun.

More Reading

Read some useful Linux commands here and read my past guides here. If you want to buy a domain name click here.

If you are bored and want to learn more about SSH Secure shell read this.

Related Blog Posts

  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Useful Linux Terminal Commands
  • Setup two factor authenticator protection at login (SSH) on Ubuntu or Debian
  • etc

Version: 1.1 Added MobaXterm link

Filed Under: 2FA, Authorization, AWS, Cloud, Digital Ocean, Linux, Putty, Secure Shell, Security, Server, SSH, Ubuntu, UpCloud, VM, Vultr Tagged With: Connecting, Putty, secure, server, Shell, ssh

How to code PHP on your localhost and deploy to the cloud via SFTP with PHPStorm by Jet Brains

March 31, 2019 by Simon

This is a quick guide that will show you how you can connect to a cloud server via SFTP with the PHPStorm IDE from Jet Brians and deploy files from your localhost to the cloud. This is my opinion, I am not paid to promote PHPStorm or UpCloud.

Pre-Requisites/Assumptions

This guide will assume you already have (or know how to)..

  • Buy a domain name and point it’s DNS to a server (I use Namecheap.com for buying domains)
  • Buy and deploy a server in the cloud. I have used AWS, Digital Ocean, Vultr but now use UpCloud for deploying fast self-managed servers. Read this guide here to see how I create a server from scratch on Up Cloud.
  • Setup SSH access to your server and configure a firewall.
  • You have or know how to set up PHP and Web Servers and configure them on your localhost and remote server (guides here, here, here, here, here and here).
  • etc ( check out all my guides here https://fearby.com/all )

I am using Windows 10 Home (with IIS Web Server (document root redirected to S:\Code\) and a pre built Ubuntu Cloud servers.

IIS pointing to S:\Code

Why no FTP? I do not create FTP servers on my serves to increase security and I only access servers via SSH via white-listed IP’s and then authenticate with hardware 2FA keys from YubiCo (read me 2FA guide here and also how to secure *nix servers and WordPress with 2FA).

Background

2 years ago I used to use the Cloud 9 IDE to connect to, and code files on cloud servers and life was good. I could configure and connect to servers, drag and drop files, run bash scripts from a web page and close the Cloud 9 browsers tabs, travel hundreds of kilometres and log back into C9 and all code and bash scripts would reappear.

Here is the Cloud 9 IDE showing code on the left and a Browser on the right.

C9.IDE showing code on the left and web page on the right

With Cloud 9 code could be easily accessed, edited and run.

See screenshot of code running from a Cloud 9 hosted server with properties windows on the right.

C9 IDE showing  a bash terminal windows and code

Regrettably, I cancelled my $9/m subscription to Cloud 9 after a minor stroke and since then I have gone back to a terminal screen to code and transfer files. In the last 2 years.

Screenshot of the putty program connected to a Ubuntu box editing a file with nano

Uploading and downloading files on mass is painful via pure SSH.

AWS has since purchased Cloud 9 and I am not sure if it will ditch support of non-AWS servers in the future. AWS is good but servers are very expensive for what you get IMHO. I have found Disk IO on UpCloud is awesome (also UpCloud support is great (I am not paid to say that)).

PHPStorm IDE?

A quick Google of IDE’s like Cloud 9 mentioned PHPStorm from Jet Brains. I have used IntelliJ IDEA from Jet Brains before and PHPStorm seems to be very popular.

Go to
https://www.jetbrains.com/phpstorm/ and see the features of PHPStorm

Watch PHPStorm in action

Whats new in PHPStorm 2019.1

Install PHPStorm

Visit https://www.jetbrains.com/phpstorm/download/ and download and install PHPStorm (free trial 30 days)

System requirements

  • Microsoft 10/8/7/Vista/2003/XP (incl. 64-bit)
  • 2 GB RAM minimum
  • 4 GB RAM recommended
  • 1024×768 minimum screen resolution

Pricing

PHPStorm is $8.90/m for individual use (or $19.90/m commercial). For the first 12 months of uninterrupted subscription payments qualify you for receiving a perpetual fallback license (20% discount for an uninterrupted subscription for a 2nd year, 40% discount for an uninterrupted subscription for 3rd year onwards).

PHPStorm work on Windows, OSX or Linux. This great an I use Windows locally and Linux remotely but I’m keen to use Linux locally to match local and remote dev environments.

Official PHPStorm Pricing Page:
https://www.jetbrains.com/phpstorm/buy/#edition=commercial

fyi: Jet Brains has free licencing for individual use for Students and faculty members.

Creating a Project

Open PHPStorm and select “Create New Project”.

Create New Project screen

Choose a project type on the left (e.g “PHP Empty Project“) and choose a location to save too (I chose “S:\code\php001) on my local machine. I chose “S:\code\php001” on my local machine.

New Project screenshot asking for a name and save location

Choose a folder to save to.

Choose a project and location to save to locally

Click “OK” to create the project.

PHPStorm will have created a project for you. You will notice a “.idea“folder under the location you saved with these files.

  • misc.xml
  • modules.xml
  • php001.xml
  • wordspace.xml

Do not delete these files.

Creating your first PHP file

You can right click on the project root and select New then PHP File

Right click on the root in the tree view then new PHP File

Or clicking the File then New menu choosing PHP File.

File new PHP File dialog

Name the file (e.g index.php)

Naming a file index.php

The file has been created and its available in my localhost web server.

Screenshot showing PHPStorm with index.php, S:\Code showing index.php and http://localhpst/php001/index.php loading

Creating a Deploy Target

Now we need to specify a deploy target in PHPStorm to push the file changes to the cloud. Backup your server (yes backup your server just in case).

Open your PHPStorm project and click Tools, Deployment and then Configuration.

Click Tools, Deployment and then Configuration.

Click the plus icon near the top left and choose SFTP

Screenshot showing add new deployment server (SFTP)

Name the deployment target (e.g “server (project)”)

Screenshot of an input box showing a server name
  • Enter your “server name” or IP and port
  • Enter your “ssh username” (ensure the SSH user had write access to the wwwroot folder and the web server can read the files written by this user)
  • Under password I chose “Key pair OpenSSH or Putty (as I had SSH details already setup in Putty details
  • You can add your ppk private key from Putty (use the puttygen program to conbvert ssh public and private kets to ppk format)
  • If you have a passphrase on your SSH key add it now
  • Enter your web servers remote path (for the project)
  • Enter your web server URL
Screenshot showing a server name, port, username, password, ssh file passphrase, root path and web server url.

I did SSH to my remote server and created the destination folder. This will ensure I can deploy code here (PHPStorm does not create the remote path fpor you ).

mkdir /wwwroot/php001
chown -R www-data:www-data /wwwroot/php001/

Click Test Connection

Test Successful screenshot

No we need to click the Mappings tab and add a mapping.

  • Local path is your local path
  • Deployment path is / (the web root path is carried forward from the previous tab)
  • Web path is the web path that is entered in the browser
Screenshot showing a manual file mapping of local and remote file locations

Click Add New Mapping. Now we are ready to deploy

Deploying code to the cloud

I right clicked on the root note in PHPStorm and created an index.php file.

Creating an index.php file by file new

I edited the index.php on my local machine and then click the Tools then Deployment and choose “Upload to fearby.com (php001)” menu.

Manual upload available in Tools menu then Deployment menu

The File Transfer output window showed the transfer progress.

Screenshot showing the file transfer window output saying the file uploaded.

I loaded https://fearby.com/php001/index.php in Google chrome. It worked.

Screenshot showing https://fearby.com/php001/index.php loaded in a bowser

Don’t forget to turn off Automatic uploads under Tools, Deployment menu.

'Screenshot showing Automatic updated turned on

Now when I create new files or change existing files they will auto upload.

Sourc Control

I will add this soon.

Shell Command

You can also open an SSH console to the server and run commands

e.g zip files

zip -r backup.zip .

I can also open a folder window in PHPStorm and show all remote files by clicking Tools then Deployment then Show Remote Files, Zip files can be easily downlaoded or other files uploaded. Nice.

Screenshot showing remote files

Linux Client

I will review the Linux PHPStorm client soon.

Troubleshooting

Watch the Official guide on Deployment and Remote Hosts in PhpStorm – PhpStorm Video Tutorial

Good Luck. I hope this guide helps someone.

Version

1.2 Removed advertisements

1.1 Minor Updates

1.0 Initial Version

Filed Under: 2FA, Backup, Cloud, Code, Git, GUI, IDE, Linux, SSH

Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App

October 28, 2018 by Simon

Here is a quick guide to show you how to add two-factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA authenticator app

I have a number of guides on moving away from CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line.

Why Secure WordPress

WordPress CMS is a widely targeted CMS for hackers. View the official WordPress stats on WordPress Version/PHP and MySQL Version. View WordPress vulnerabilities here.

Read the Sucuri 2017 report on reported WordPress Hacks here (spoiler 34,371 infected websites in 2017).

Plugins exist to secure and scan WordPress. Read my blog post here on the now-retired Gravityaity Scan plugin and the awesome WordFence security plugin.

You (and hackers) can scan your site with https://wpscans.com/ or other open-source tools like wp-scan from OWASP ZAP. If you manage a WordPress site I’d recommend you install Kali Linux to scan your site.

Running a wp scan in Kali Linux is easy.

wpscan --url https://fearby.com --debug-output 2> ~/Desktop/wpscan.txt

The output from the Kali Linux wpscan tool

WPscan tool in KaiLinux

What are Hardware YubiCo YubiKeys

Read my guide here to see what YubiCo YubiKeys are and how to use them.

Yubico YubiKeys

Get the Two-Factor Plugin for WordPress Plugin

Plugin: https://en-au.wordpress.org/plugins/two-factor/

Two-Factor

Plugin Page at WordPress.org

Two Factor Auth Plugin

The source code for this plugin is available (nice): https://github.com/georgestephanis/two-factor. This plugin was updated 2 weeks ago (nice).

Downloading the Plugin

FYI: I do not allow downloading or updating of plugins in WordPress (via FTP), I prefer SSH manual downloading. FTP plugin installation and updating are not allowed on my site.

I got the latest download URL (e.g. https://downloads.wordpress.org/plugin/two-factor.zip) by copying the URL from the download button above.

I connected to my server via SSH and navigated to my WordPress plugin folder

cd /your-www-root/wp-content/plugins

I download the plugin.

[email protected]:/your-www-root/wp-content/plugins# wget https://downloads.wordpress.org/plugin/two-factor.zip
--2018-10-28 14:44:27--  https://downloads.wordpress.org/plugin/two-factor.zip
Resolving downloads.wordpress.org (downloads.wordpress.org)... 198.143.164.250
Connecting to downloads.wordpress.org (downloads.wordpress.org)|198.143.164.250|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 47882 (47K) [application/octet-stream]
Saving to: 'two-factor.zip'

two-factor.zip                             100%[=======================================================================================>]  46.76K  --.-KB/s    in 0.001s

2018-10-28 14:44:27 (37.1 MB/s) - 'two-factor.zip' saved [47882/47882]

I extracted the plugin zip file

[email protected]:/your-www-root/wp-content/plugins# unzip two-factor.zip
Archive:  two-factor.zip
   creating: two-factor/
   creating: two-factor/assets/
  inflating: two-factor/assets/banner-1544x500.png
  inflating: two-factor/assets/banner-772x250.png
  inflating: two-factor/assets/icon-128x128.png
  inflating: two-factor/assets/icon-256x256.png
  inflating: two-factor/class.two-factor-core.php
   creating: two-factor/includes/
  inflating: two-factor/includes/function.login-header.php
   creating: two-factor/includes/Google/
  inflating: two-factor/includes/Google/u2f-api.js
   creating: two-factor/includes/Yubico/
  inflating: two-factor/includes/Yubico/U2F.php
   creating: two-factor/providers/
  inflating: two-factor/providers/class.two-factor-backup-codes.php
  inflating: two-factor/providers/class.two-factor-dummy.php
  inflating: two-factor/providers/class.two-factor-email.php
  inflating: two-factor/providers/class.two-factor-fido-u2f-admin-list-table.php
  inflating: two-factor/providers/class.two-factor-fido-u2f-admin.php
  inflating: two-factor/providers/class.two-factor-fido-u2f.php
  inflating: two-factor/providers/class.two-factor-provider.php
  inflating: two-factor/providers/class.two-factor-totp.php
   creating: two-factor/providers/css/
  inflating: two-factor/providers/css/fido-u2f-admin.css
   creating: two-factor/providers/js/
  inflating: two-factor/providers/js/fido-u2f-admin-inline-edit.js
  inflating: two-factor/providers/js/fido-u2f-admin.js
  inflating: two-factor/providers/js/fido-u2f-login.js
  inflating: two-factor/readme.md
  inflating: two-factor/readme.txt
  inflating: two-factor/two-factor.php
  inflating: two-factor/user-edit.css

Enable the Plugin

Don’t forget to update the plugin in WordPress.

Enable the Plugin in WordPress

Once the plugin is enabled I can setup Two-factor authentication

Edit your Users

To setup two-factor authentication open your WordPress users screen (/wp-admin/users.php).

WordPress Users List /wp-admin/users.php

Notice the Two-Factor column

Edit your desired user to enable two-factor login options

Scroll down to Two Factor Options header, you will see a QR code that you can scan with your two-factor authentication app (e.g Google Authenticator or YubiCo Authenticator).

Enable 2FA via plugin

Always generate and save backup codes in case you lose your YubiKeys or authenticator app.

You can enable authentication methods as required.

Add the code to your Authenticator app. I will add mine to my Yubico Authenticator app that requires the insertion of a physical YubiKey. I can read my YubiKey via NFC and use my mobile phone to generate one time passwords too. Read here to learn about YubiKey 2FA (touch) devices. I have secured my Ubuntu/Debian and macOSX with these keys,

TIP: Don’t forget to save the user after editing.

Add the YubiKey 2FA (touch) to WordPress logins.

While editing a user click Register New Key under Security Keys

Add the YubiKey 2FA to WordPress

Add your primary and backup YubiKey as required (I added both of mine).

Screenshot showing two YubiKeys added to WordPress.

Enable all desired 2FA options

  • Email (OFF)
  • Time based One-Time Password (Authenticator App) (ON)
  • FIDO Universal 2nd Factor (U2F) – YubiKey Insertion and touch (ON)
  • Backup Codes (ON)

Set all desired 2FA login methods

TIP: Don’t forget to save the user after editing.

Users Table

Aim to set up every user who has access to your WordPress to use 2FA.

Mobile 2FA login

I tested logos via mobile and I was prompted to tab my YubiKey to my phone. Nice.

What happens at login?

When One Time Password is enabled as the primary authentication method I am prompted for a one-time password after entering my username and password. I then need to insert my YubiKey (or tap the YubiKey to my phone (via NFC)) to generate a one time password.

Screenshot of 2FA login prompt

When FIDO is enabled I need to insert my YubiKey and press the button.

Enter Security Key

Conclusion

I can now secure my WordPress site with 2FA protections without expensive security plugins.

I hope this guide helps someone.

More

Read more here

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.1 Added Mobile login details

v1.0 Initial post

Filed Under: 2FA, 2nd Factor, Auth, Authorization, Blog, MFA, NFC, owasp, Security, SSH, Vulnerability, Yubico, YubiKey Tagged With: 2FA, add, and, app, auth, authenticator, factor, hardware, login, or, Protection, to, two, with, wordpress, Yubico, YubiKeys

Setting up the Debian Kali Linux distro to perform penetration testing of your systems

March 7, 2018 by Simon

This post will show you how to setup the Kali Linux distro to perform penetration testing of your systems

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Securing your systems is very important (don’t stop) and keep learning (securing ubuntu in the cloud, securing checklist, run a Lynis system audit etc)

snip from: https://www.kali.org/about-us/

“Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.”

Download Kali

I downloaded the torrent version (as the HTTP version kept stopping (even on 50/20 NBN).

Download Kali

After the download finished I checked the SHA sum to verify it’a integrity

cd /Users/username/Downloads/kali-linux-2018.1-amd64
shasum -a 256 ./kali-linux-2018.1-amd64.iso 
ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317  ./kali-linux-2018.1-amd64.iso

A least it matched the known (or hacked) hash here.

Installing Parallels in a VM on OSX

I use Parallels 11 on OSX to set up a VM os Demina Kali, you can use VirtualBox, VMWare etc.

VM Setup in Parallels

Hardware: 2x CPU, 2048MB Ram, 32MB Graphics, 64GB Disk.

I selected Graphical Install (English, Australia, American English, host: kali, network: hyrule, New South Wales, Partition: Guided – entire disk, Default, Default, Default, Continue, Yes, Network Mirror: Yes, No Proxy, Installed GRUB bootloader on VM HD.

Post Install

Install Parallel Tools

Official Guide: https://kb.parallels.com/en/123968

I opened the VM then selected the Actions then Install Parallels Tools, this mounted /media/cdrom/, I copied all contents to /temp/

As recommended by the Parallels instal bash script I updated headers.

apt install linux-headers-4.14.0-kali1-amd64

Then the following from https://kb.parallels.com/en/123968

apt-get clean
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get install dkms kpartx printer-driver-postscript-hp

Parallels will not install, I think I need to upgrade to parallel 12 or 12 as the printer driver detection is not detecting (even though it is installed).

Installing Google Chrome

I used the video below

I have to run chrome with

/usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir &

It works.

Chrome

Running your first remote vulnerability scan in Kali

I found this video useful in helping me scan and check my systems for exploits

Simple exploit search in Armitage (metasploit)

Armitage Scan

A quick scan of my server revealed three ports open and (22, 80 and 443). Port 80 redirects to 443 and port 22 is firewalled.  I have WordPress and exploits I rued failed to work thanks to patching (always stay ahead of patching and updating of software and the OS.

k006-ports

Without knowing what I was doing I was able to check my WordPress against known exploits. 

If you open the Check Exploits menu at the end of the Attacks menu you can do a bulk exploit check.

kali_bulk

WP Scan

Kali also comes with a WordPress scanner

wpscan --url https://fearby.com

This will try and output everything from your web server and WordPress plugins.

/xmlrpc.php was found and I was advised to deny access to that file in NGINX. xmlrpc.php is ok but can be used in denial of service attacks.

location = /xmlrpc.php {
	deny all;
	access_log off;
	log_not_found off;
}

I had a hit for a vulnerability in a Youtube Embed plugin but I had a patched version.

k007-wpscan

TIP: Check your WordPress often.

More to come (Draft Post).

  • OWASP scanner
  • WPSCAN
  • Ethical Hacker modules
  • Cybrary training
  • Sent tips to @FearbySoftware

Tips

Don’t have unwanted ports open, securely installed software, Use unattended security updates in Ubuntu, update WordPress frequently and limit plugins and also consider running more verbose audit tools like Lynis.

More Reading

Read my OWASP Zap guide on application testing and Cloudflare guide.

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.2 added More Reading links.

v1.1 Added bulk exploit check.

v1.0 Initial post

Filed Under: Exploit, Linux, Malware, Security, Server, SSH, Vulnerability Tagged With: debian, distro, Kali, Linux, of, penetration, perform, Setting, systems, testing, the, to, up, your

Connect to a remote server with ssh keys generated on OSX

November 26, 2017 by Simon

Below is the way I connect to a remote server via SSH keys generated on OSX.

Setting up a server

When you set up an Ubuntu server on Vultr (read my guide on setting up a Vultr server for as low as $2.5 a month) or Digital Ocean (use this link to get two months free when you setup an Ubuntu server on digital ocean) you can specify an SSH key to use for remote connections during the server create stage (old guide here).

How to create an SSH key on OSX to use to connect to a remote server

Run the following command (“sudo ssh-keygen -t rsa“) to generate an ssh key paid in “~/.ssh/” on OSX.

cd ~/.ssh/
sudo ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/root/.ssh/id_rsa): test.rsa            
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in test.rsa.
Your public key has been saved in test.rsa.pub.
The key fingerprint is:
SHA256:sJtlhWremoved2IUp8 [email protected]
The key's randomart image is (edited):
+---[RSA 2048]----+
|    .   +o=+.    |
|   . o + =.o..   |
|  . . + o *o+ .  |
|   .   E B +.=   |
|      o S = +.   |
|       O o..+ o  |
|   * . .o * .    |
|   o  ..*        |
|   ..+..         |
+----[SHA256]-----+

TIP: It is a good idea to also generate a passphrase to use with the key (double protection). You will be prompted to enter this password to use the RSA key.

You can now see the generated keys in ~/.ssh/

ls test* -al
total 224
drwxr-xr-x+ 29 username  staff   928 26 Nov 17:07 .
[email protected] 89 username  staff  2848 25 Nov 19:03 ..
...
-rw-------   1 username   staff  1766 26 Nov 17:07 test.rsa
-rw-r--r--   1 username   staff   412 26 Nov 17:07 test.rsa.pub
...

You can view the contents of the public file (you can use this when generating Digital Ocean, Vultr, AWS or Azure or other cloud servers).

fyi: Replace 123.123.123.123 with your remote serves ip.

sudo cat /~.ssh/test.rsa.pub
ssh-rsa AAAAB3NzaC...removed...1RL5hCG0lUn 123.123.123.123

How to connect to a server (the old way).

As long as your host added the desired public ssh key file contents to the server (adding the public ssh key contents to “~/.ssh/authorized_keys” you will be able to connect to the server.

Run the following command on OSX command line to connect to the server via SSH.

sudo ssh -i ~/.ssh/test.rsa [email protected]

You should see..

Enter passphrase for key '/Users/username/.ssh/test.rsa': 
> PASSPHRASECREATEDEARLIER
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Last login: Sun Nov 26 08:47:20 2017 from 123.123.123.123

[email protected]:~# ls -al
total 32
drwx------  5 remoteuser remoteuser 4096 Nov 25 12:07 .
drwxr-xr-x 24 remoteuser remoteuser 4096 Nov 25 12:15 ..
-rw-------  1 remoteuser remoteuser 1813 Nov 26 08:57 .bash_history
-rw-r--r--  1 remoteuser remoteuser 3106 Oct 22  2015 .bashrc
...

Congratulations, you should now be able to connect to your server via SSH.

Securing your ubuntu Server

Read my guides here, here and here.

Don’t forget to add a firewall and set up an SSL certificate.

How to connect to a server (faster way).

todo: ~/.ssh/config method

Now we can connect to your remote server with the shorter method.

todo: ~/.ssh/config method

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.0 Initial Post

etc

Filed Under: SSH Tagged With: a, Connect, generated, keys, on, OSX, remote, server, ssh, to, with

Primary Sidebar

Poll

What would you like to see more posts about?
Results

Support this Blog

Create your own server today (support me by using these links

Create your own server on UpCloud here ($25 free credit).

Create your own server on Vultr here.

Create your own server on Digital Ocean here ($10 free credit).

Remember you can install the Runcloud server management dashboard here if you need DevOps help.

Advertisement:

Tags

2FA (9) Advice (17) Analytics (9) App (9) Apple (10) AWS (9) Backup (21) Business (8) CDN (8) Cloud (49) Cloudflare (8) Code (8) Development (26) Digital Ocean (13) DNS (11) Domain (27) Firewall (12) Git (7) Hosting (18) HTTPS (6) IoT (9) LetsEncrypt (7) Linux (20) Marketing (11) MySQL (24) NGINX (11) NodeJS (11) OS (10) PHP (13) Scalability (12) Scalable (14) Security (44) SEO (7) Server (26) Software (7) SSH (7) ssl (17) Tech Advice (9) Ubuntu (39) Uncategorized (23) UpCloud (12) VM (44) Vultr (24) Website (14) Wordpress (25)

Disclaimer

Terms And Conditions Of Use All content provided on this "www.fearby.com" blog is for informational purposes only. Views are his own and not his employers. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Never make changes to a live site without backing it up first.

Advertisement:

Footer

Popular

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Add Google AdWords to your WordPress blog

Security

  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • Setting up DNSSEC on a Namecheap domain hosted on UpCloud using CloudFlare
  • Set up Feature-Policy, Referrer-Policy and Content Security Policy headers in Nginx
  • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
  • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
  • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
  • Beyond SSL with Content Security Policy, Public Key Pinning etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Run an Ubuntu VM system audit with Lynis
  • Securing Ubuntu in the cloud
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider

Code

  • How to code PHP on your localhost and deploy to the cloud via SFTP with PHPStorm by Jet Brains
  • Useful Java FX Code I use in a project using IntelliJ IDEA and jdk1.8.0_161.jdk
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider
  • How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic
  • Installing Android Studio 3 and creating your first Kotlin Android App
  • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
  • How to use Sublime Text editor locally to edit code files on a remote server via SSH
  • Creating your first Java FX app and using the Gluon Scene Builder in the IntelliJ IDEA IDE
  • Deploying nodejs apps in the background and monitoring them with PM2 from keymetrics.io

Tech

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • The case of the overheating Mac Book Pro and Occam’s Razor
  • Useful Linux Terminal Commands
  • Useful OSX Terminal Commands
  • Useful Linux Terminal Commands
  • What is the difference between 2D, 3D, 360 Video, AR, AR2D, AR3D, MR, VR and HR?
  • Application scalability on a budget (my journey)
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.

Wordpress

  • Replacing Google Analytics with Piwik/Matomo for a locally hosted privacy focused open source analytics solution
  • Setting web push notifications in WordPress with OneSignal
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Wordfence Security Plugin for WordPress
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
  • Moving WordPress to a new self managed server away from CPanel
  • Moving WordPress to a new self managed server away from CPanel

General

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Using the WinSCP Client on Windows to transfer files to and from a Linux server over SFTP
  • Connecting to a server via SSH with Putty
  • Setting web push notifications in WordPress with OneSignal
  • Infographic: So you have an idea for an app
  • Restoring lost files on a Windows FAT, FAT32, NTFS or Linux EXT, Linux XFS volume with iRecover from diydatarecovery.nl
  • Building faster web apps with google tools and exceed user expectations
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..

Copyright © 2023 · News Pro on Genesis Framework · WordPress · Log in

Some ads on this site use cookies. You can opt-out if of local analytics tracking by scrolling to the bottom of the front page or any article and clicking "You are not opted out. Click here to opt out.". Accept Reject Read More
GDPR, Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT