diff --git a/notes/btrfs.md b/notes/btrfs.md index 00d8da6..6fe1756 100644 --- a/notes/btrfs.md +++ b/notes/btrfs.md @@ -9,6 +9,7 @@ - [Information on Filesystem](#information-on-filesystem) - [Drive Manipulation](#drive-manipulation) - [Replace Drives](#replace-drives) + - [Degraded Mount and Missing Device Removal](#degraded-mount-and-missing-device-removal) - [Filesystem Manipulation](#filesystem-manipulation) - [Upgrading Btrfs Block Group Cache to V2](#upgrading-btrfs-block-group-cache-to-v2) - [Defrag](#defrag) @@ -19,6 +20,8 @@ - [Delete Snapshots](#delete-snapshots) - [Backup Procedures](#backup-procedures) - [Recovery](#recovery) + - [Filesystem Check](#filesystem-check) + - [Diagnosis](#diagnosis) ## Placeholders @@ -110,6 +113,7 @@ btrfs device usage Scan all devices or a specific drive: ```bash +btrfs device scan btrfs device scan ``` @@ -121,6 +125,17 @@ Read errors, write errors, flush errors, etc.: btrfs device stats ``` +**Reset Device Error Counters** + +Reset all per-device error counters to zero after acknowledging them: + +```bash +btrfs device stats --reset +btrfs device stats -z +``` + +- `-z` / `--reset`: Zeroes the counters after printing. Useful after a known event you've already investigated. + **List BTRFS Subvolumes** ```bash @@ -179,6 +194,28 @@ btrfs subvol list / mount -o subvolid= /dev/disk/by-uuid/ ``` +**Mount Read-Only** + +Mount a partition in read-only mode, useful for forensics or recovery without risking further writes: + +```bash +mount -r +``` + +**Remount with Performance Options** + +Apply common performance mount options to a live filesystem without unmounting: + +```bash +mount -o remount,noatime,compress=zstd:3,autodefrag,space_cache=v2 +``` + +**Remount with Default Options** + +```bash +mount -o remount,defaults,noatime,compress=zstd:3 +``` + **Add a New Drive** ```bash @@ -233,6 +270,33 @@ btrfs replace status -i - Useful for both failing drive replacement and capacity upgrades. - Ensure the target drive has enough space to accommodate the source data. +### Degraded Mount and Missing Device Removal + +Use when a drive has failed and you need to access the filesystem with the remaining devices. + +**Mount in degraded mode:** + +```bash +mount -o ro,degraded +``` + +**Mount a specific subvolume in degraded mode:** + +```bash +mount -t btrfs -o degraded,subvol=,noatime,compress=zstd:3 UUID= +``` + +**Remove the missing device from the filesystem:** + +Once mounted degraded, remove the placeholder for the missing drive: + +```bash +btrfs device remove missing +``` + +- This cleans up the missing device slot so the filesystem no longer expects it. +- Only safe to run if data is intact on the remaining devices (e.g., RAID1 with one drive). + ## Filesystem Manipulation ### Upgrading Btrfs Block Group Cache to V2 @@ -298,6 +362,8 @@ umount ### Defrag +**Standard recursive defrag with LZO compression:** + ```bash btrfs filesystem defrag -r -v -clzo ``` @@ -306,6 +372,18 @@ btrfs filesystem defrag -r -v -clzo - `-v`: Verbose. - `-clzo`: Optional LZO compression to save space. +**Recursive defrag with Zstd compression, logged to file:** + +Runs in the background with unbuffered output so the log file updates in real time: + +```bash +stdbuf -oL btrfs filesystem defrag -r -v -czstd > /root/-defrag.log 2>&1 & +``` + +- `stdbuf -oL`: Forces line-buffered stdout so log entries appear immediately. +- `-czstd`: Zstd compression (better ratio than LZO, available since kernel 5.1). +- `&`: Runs in the background; use `tail -f /root/-defrag.log` to monitor. + ## Balances **Full balance on nearly empty block groups:** @@ -351,6 +429,14 @@ btrfs balance start --bg --full-balance -dusage=0 -musage=0 btrfs balance start --bg -dlimit=100 ``` +**Convert to RAID1:** + +Rebalances data and metadata to RAID1 profile. Use after adding a second drive or to switch from single to mirrored: + +```bash +btrfs balance start -mconvert=raid1 -dconvert=raid1 +``` + **Cancel a balance:** ```bash @@ -367,7 +453,7 @@ btrfs balance status **Start a scrub** -The scrub operation verifies data integrity against checksums +The scrub operation verifies data integrity against checksums: ```bash btrfs scrub start @@ -385,6 +471,37 @@ btrfs scrub status btrfs scrub cancel ``` +**Lower scrub I/O priority:** + +Reduce the impact of a running scrub on system I/O by setting it to idle class: + +```bash +ionice -c 3 -p $(pgrep btrfs-scrub) +``` + +- `-c 3`: Idle class — only uses I/O when no other process needs it. + +**Watch scrub status and device stats:** + +Continuously display scrub progress and per-device error counters: + +```bash +watch -n 10 "btrfs scrub status ; echo ''; btrfs device stats " +``` + +**Watch scrub status and all drive temperatures:** + +```bash +watch -n 5 "btrfs scrub status && echo '' && \ +smartctl --scan | awk '{print \$1}' | while read dev; do \ + echo -n \"\$dev: \"; \ + smartctl -A \$dev | grep -iE 'Temperature|Airflow_Temp' | awk '\ + /Temperature_Celsius/ {print \$10 \"°C\"} \ + /Airflow_Temperature_Cel/ {print \$10 \"°C\"} \ + /Temperature:/ {print \$2 \"°C\"}' | head -n 1; \ +done && echo '' && btrfs device stats " +``` + ## Snapshots ### Create Snapshots @@ -476,3 +593,46 @@ btrfs scrub cancel ```bash btrfs restore -D ``` + +### Filesystem Check + +Run offline consistency checks on an unmounted BTRFS filesystem. + +**Check an unmounted filesystem:** + +```bash +btrfs check +``` + +- Must be run on an **unmounted** device. Running on a mounted filesystem risks corruption. +- Use the UUID path if needed: `/dev/disk/by-uuid/` + +**Force check (use with caution):** + +```bash +btrfs check --force +``` + +- `--force`: Bypasses the mount check. Only use this if you are certain the filesystem is not mounted and understand the risks. + +### Diagnosis + +Filter system logs and kernel messages to diagnose BTRFS-related events. + +**Search journal logs by date range:** + +```bash +journalctl --since "" --until "" | grep -i btrfs +``` + +Example: + +```bash +journalctl --since "2026-01-01" --until "2026-01-02" | grep -i btrfs +``` + +**Search kernel ring buffer for BTRFS events:** + +```bash +dmesg | grep -i btrfs +``` diff --git a/notes/linux.md b/notes/linux.md index ec45a19..f5799d5 100644 --- a/notes/linux.md +++ b/notes/linux.md @@ -14,6 +14,8 @@ - [System Management](#system-management) - [Change password of a tar/openssl archive](#change-password-of-a-taropenssl-archive) - [Verify two possibly identical folders recursively](#verify-two-possibly-identical-folders-recursively) + - [NFS](#nfs) + - [Network Diagnostics](#network-diagnostics) - [Diagnosis](#diagnosis) - [Debian Upgrade Issues](#debian-upgrade-issues) - [Wayland Issues](#wayland-issues) @@ -35,6 +37,32 @@ To gather detailed information about your hardware, use the following commands: - `dmidecode -t memory` for RAM details - `dmidecode -t bios` for BIOS information +**CPU information** + +```bash +lscpu +cat /proc/cpuinfo +grep -c 'model name' /proc/cpuinfo +``` + +- `lscpu`: Structured summary of CPU architecture, cores, threads, and NUMA topology. +- `cat /proc/cpuinfo`: Raw per-core details including model name, flags, and frequencies. +- `grep -c 'model name'`: Quick count of logical CPU cores. + +**GPU information** + +```bash +lspci | grep -i vga +``` + +**CPU frequency scaling driver** + +Check which driver is managing CPU frequency scaling (e.g., `intel_pstate`, `acpi-cpufreq`): + +```bash +cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_driver +``` + ### Software Information **Finding information on the Linux distribution** @@ -257,6 +285,60 @@ ln -s /usr/share/zoneinfo/ /etc/localtime systemctl list-units --type=service | grep ``` +**Bind mount a directory** + +Make a directory available at another path, useful during chroot recovery or container setup: + +```bash +mount --bind /dev /mnt//dev +``` + +**Chroot into another system** + +Enter a mounted system's root as if it were the running OS. Useful for recovery, initramfs rebuilds, or bootloader fixes: + +```bash +chroot /mnt/ +``` + +Typically preceded by binding the required pseudo-filesystems: + +```bash +mount --bind /dev /mnt//dev +mount --bind /proc /mnt//proc +mount --bind /sys /mnt//sys +chroot /mnt/ +``` + +**Rebuild initramfs** + +After kernel or driver changes, rebuild the initramfs and refresh the GRUB configuration: + +```bash +update-initramfs -u +update-initramfs -u -k all +``` + +- `update-initramfs -u`: Rebuilds the initramfs for the currently running kernel. +- `-k all`: Rebuilds for all installed kernels. + +**Rebuild initramfs for a specific kernel version:** + +```bash +update-initramfs -c -k $(uname -r) +``` + +- `-c`: Create a new initramfs (instead of updating). +- `-k $(uname -r)`: Targets the currently running kernel version. + +**Update GRUB:** + +```bash +update-grub +``` + +- Scans for kernels and regenerates `/boot/grub/grub.cfg`. + ### Change password of a tar/openssl archive **Decrypt the archive** @@ -336,6 +418,60 @@ for file1 in $(find "$dir1" -type f); do done ``` +## NFS + +**Show NFS exports from a server:** + +```bash +showmount -e +showmount -e localhost +``` + +**List active exports and their options on the server:** + +```bash +exportfs -v +``` + +## Network Diagnostics + +**Measure HTTP response timing:** + +Breaks down the full request lifecycle — useful for diagnosing DNS, TLS, or TTFB issues: + +```bash +curl -o /dev/null -s -w \ + 'Lookup: %{time_namelookup}s\nConnect: %{time_connect}s\nAppConnect: %{time_appconnect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' \ + https:// +``` + +- `time_namelookup`: DNS resolution time. +- `time_connect`: TCP connection time. +- `time_appconnect`: TLS handshake time. +- `time_starttransfer`: Time to first byte (TTFB). +- `-o /dev/null`: Discards the response body. + +**High-frequency ping:** + +Flood-style ping to stress-test latency or detect intermittent packet loss: + +```bash +ping -i 0.002 +``` + +- `-i 0.002`: Send a packet every 2ms. Requires root. + +**Jumbo frame ping:** + +Test whether the network path supports large MTU frames (useful for diagnosing MTU mismatches): + +```bash +ping -s 1472 -i 0.01 +``` + +- `-s 1472`: Payload size of 1472 bytes (1472 + 28-byte IP/ICMP header = 1500-byte MTU). +- Increase `-s` to test jumbo frames (e.g., `-s 8972` for 9000-byte MTU). + ## Diagnosis ### Debian Upgrade Issues @@ -367,6 +503,28 @@ journalctl -b | grep -i "drm\|gpu\|display\|wayland\|monitor" journalctl -b | grep -i "gnome-shell" ``` +**Journal Filtering by Date and Keyword** + +Search logs within a specific time window: + +```bash +journalctl --since "" --until "" | grep -i +``` + +Example: + +```bash +journalctl --since "2026-01-01" --until "2026-01-02" | grep -i btrfs +``` + +**Kernel microcode events:** + +```bash +journalctl -k | grep -i "microcode" +``` + +- `-k`: Show only kernel messages (equivalent to `dmesg` output via the journal). + ## Fonts **Download and Install Fonts** diff --git a/notes/ssh.md b/notes/ssh.md index aaf62d4..a5b5bd0 100644 --- a/notes/ssh.md +++ b/notes/ssh.md @@ -4,7 +4,9 @@ - [SSH](#ssh) - [Table of Contents](#table-of-contents) + - [Placeholders](#placeholders) - [Connect with specific key](#connect-with-specific-key) + - [Skip Host Key Verification](#skip-host-key-verification) - [SSH Key Management](#ssh-key-management) - [Verbose](#verbose) - [Enable root login](#enable-root-login) @@ -16,93 +18,124 @@ - [Change SSH Port](#change-ssh-port) - [Restart ssh](#restart-ssh) +## Placeholders + +Replace the placeholders below with the appropriate values for your setup: + +- **Connection** + - Username: `` (e.g., john) + - Hostname: `` (e.g., server.example.com) + - IP address: `` (e.g., 192.168.1.100) + - SSH port: `` (e.g., 2222) + - SSH key: `` (e.g., ~/.ssh/id_rsa) + - Key comment: `` (e.g., john@example.com) + - Host alias: `` (e.g., myserver) + +- **Paths** + - Local file: `` (e.g., /home/user/file.txt) + - Remote path: `` (e.g., /home/user/file.txt) + - Local script: `` (e.g., /home/user/script.sh) + - Project name: `` (e.g., myapp) + ## Connect with specific key ```bash -ssh -i /home/fabrice/.ssh/fabquenneville root@servername.fabq.ca -ssh -i /home/fabrice/.ssh/fabquenneville fabrice@servername.fabq.ca +ssh -i root@ +ssh -i @ ``` +## Skip Host Key Verification + +Useful for ephemeral machines, VMs, or hosts that are frequently rebuilt where saved known_hosts entries would cause conflicts: + +```bash +ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null @ +``` + +- `StrictHostKeyChecking=no`: Automatically accepts new or changed host keys without prompting. +- `UserKnownHostsFile=/dev/null`: Discards the host key entirely — nothing is saved to `~/.ssh/known_hosts`. +- ⚠️ Do not use on untrusted networks — this disables MITM protection. + ## SSH Key Management **Generate a new RSA SSH key pair with a 4096-bit key length** ```bash -ssh-keygen -t rsa -b 4096 -C "fabrice@fabq.ca" -f ~/.ssh/fabrice@fabq.ca +ssh-keygen -t rsa -b 4096 -C "" -f ``` -- `ssh-keygen -t rsa -b 4096`: This command generates a new RSA SSH key pair with a key size of 4096 bits for enhanced security. -- `-C "fabrice@fabq.ca"`: This option adds a comment to the key, usually the email address of the key owner. -- `-f ~/.ssh/fabrice@fabq.ca`: This specifies the filename for the private key; the public key will be saved with the same name but with a `.pub` extension. +- `ssh-keygen -t rsa -b 4096`: Generates a new RSA SSH key pair with a key size of 4096 bits for enhanced security. +- `-C ""`: Adds a comment to the key, usually the email address of the key owner. +- `-f `: Specifies the filename for the private key; the public key will be saved with the same name but with a `.pub` extension. **Copy the generated SSH keys to the remote server** ```bash -scp ~/.ssh/fabrice@fabq.ca* fabrice@servername.fabq.ca:~/.ssh/ +scp * @:~/.ssh/ ``` -- `scp ~/.ssh/fabrice@fabq.ca*`: This command securely copies both the private and public keys to the remote server. -- `fabrice@servername.fabq.ca:~/.ssh/`: Specifies the destination path on the remote server where the keys will be copied. +- `scp *`: Securely copies both the private and public keys to the remote server. +- `@:~/.ssh/`: Specifies the destination path on the remote server where the keys will be copied. **Install the public key on the remote server for passwordless authentication** ```bash -ssh-copy-id fabrice@192.168.1.100 -ssh-copy-id fabrice@servername.fabq.ca +ssh-copy-id @ +ssh-copy-id @ ``` -- `ssh-copy-id "fabrice@servername.fabq.ca"`: This command installs the public key on the specified remote server, allowing for passwordless SSH login. +- `ssh-copy-id`: Installs the public key on the specified remote server, allowing for passwordless SSH login. -**Install the public key on multiple servers using specific private key** +**Install the public key on multiple servers using a specific private key** ```bash -ssh-copy-id -i /home/fabrice/.ssh/fabquenneville root@192.168.1.100 -ssh-copy-id -i /home/fabrice/.ssh/fabquenneville fabrice@servername.fabq.ca +ssh-copy-id -i root@ +ssh-copy-id -i @ ``` -- `ssh-copy-id -i /home/fabrice/.ssh/fabquenneville`: This specifies which private key to use for authentication when copying the public key. -- `root@192.168.1.100` and `fabrice@servername.fabq.ca`: These commands install the public key on the respective remote servers, allowing for secure, passwordless access. +- `-i `: Specifies which private key to use for authentication when copying the public key. **Install the public key on the remote server for passwordless authentication manually** -This process is useful when ssh-copy-id is unavailable, or when you want more granular control over the manual setup of passwordless SSH authentication. The ssh-copy-id tool automatically installs your public key on the remote machine, but if you prefer or need to do it manually, these are the steps: -1. Create the .ssh directory if it doesn't exist and set proper permissions +This process is useful when `ssh-copy-id` is unavailable, or when you want more granular control over the setup. Follow these steps on the remote server: -```bash -mkdir -p /home/fabrice/.ssh -chmod 700 /home/fabrice/.ssh -``` +1. Create the `.ssh` directory if it doesn't exist and set proper permissions: -2. Open the authorized_keys file in an editor and paste the public key (usually from ~/.ssh/id_rsa.pub on the local machine) + ```bash + mkdir -p /home//.ssh + chmod 700 /home//.ssh + ``` -```bash -nano /home/fabrice/.ssh/authorized_keys -``` +2. Open the `authorized_keys` file and paste the public key (usually from `~/.ssh/id_rsa.pub` on the local machine): -3. Set the correct permissions for the authorized_keys file + ```bash + nano /home//.ssh/authorized_keys + ``` -```bash -chmod 600 /home/fabrice/.ssh/authorized_keys -``` +3. Set the correct permissions for the `authorized_keys` file: -4. Ensure the ownership of the .ssh directory and its contents is set to the correct user + ```bash + chmod 600 /home//.ssh/authorized_keys + ``` -```bash -chown -R fabrice:fabrice /home/fabrice/.ssh -``` +4. Ensure the ownership of the `.ssh` directory and its contents is set to the correct user: + + ```bash + chown -R : /home//.ssh + ``` ## Verbose -- Use the 'ssh' command with the '-v' option to enable verbose mode, which provides detailed information about the connection process. +Use the `-v` option to enable verbose mode, which provides detailed information about the connection process: ```bash -ssh -i /home/fabrice/.ssh/fabquenneville -v root@servername.fabq.ca -ssh -i /home/fabrice/.ssh/fabquenneville -v fabrice@servername.fabq.ca +ssh -i -v root@ +ssh -i -v @ ``` ## Enable root login -- Modify the SSH configuration file to allow root login. +Modify the SSH configuration file to allow root login: ```bash nano /etc/ssh/sshd_config @@ -123,284 +156,203 @@ PermitRootLogin yes firewall-cmd --permanent --zone=public --add-service=ssh ``` -- `firewall-cmd`: This is the command-line tool used to manage `firewalld`. -- `--permanent`: This option ensures that the change persists across reboots. +- `firewall-cmd`: The command-line tool used to manage `firewalld`. +- `--permanent`: Ensures that the change persists across reboots. - `--zone=public`: Specifies the zone to which the rule applies. The "public" zone is typically used for untrusted networks. -- `--add-service=ssh`: This adds the SSH service to the specified zone, allowing incoming SSH connections. +- `--add-service=ssh`: Adds the SSH service to the specified zone, allowing incoming SSH connections. **Examples of configuring other Linux firewalls** 1. **Using UFW (Uncomplicated Firewall)** - **Allow SSH traffic** - ```bash ufw allow ssh ``` - - This command allows incoming SSH traffic through the firewall. UFW is designed to simplify the process of managing a firewall. - 2. **Using iptables** - **Allow SSH traffic** - ```bash iptables -A INPUT -p tcp --dport 22 -j ACCEPT ``` - - `iptables`: This is a low-level tool for managing Linux firewalls. - `-A INPUT`: Appends the rule to the INPUT chain. - - `-p tcp`: Specifies that this rule applies to TCP packets. - - `--dport 22`: Indicates that this rule applies to traffic on port 22 (the default SSH port). - - `-j ACCEPT`: Instructs the firewall to accept the specified traffic. + - `-p tcp --dport 22`: Matches TCP traffic on port 22. + - `-j ACCEPT`: Accepts the specified traffic. 3. **Using nftables** - **Allow SSH traffic** - ```bash nft add rule ip filter input tcp dport 22 accept ``` - - `nft`: The command-line tool for interacting with the nftables framework. - `add rule ip filter input`: Adds a new rule to the input chain of the filter table. - `tcp dport 22`: Matches TCP packets directed to port 22. - - `accept`: Specifies that the matching packets should be accepted. + - `accept`: Accepts the matching packets. -**Note:** Be sure to reload or restart the firewall service after making changes to apply the new rules effectively. +**Note:** Reload or restart the firewall service after making changes to apply the new rules. ## SCP (Secure Copy Protocol) -- The `scp` command is used to securely transfer files and directories between local and remote systems over SSH. +The `scp` command securely transfers files and directories between local and remote systems over SSH. -**Copy Local File to Remote Server** - -To copy a file from your local machine to a remote server, use the following syntax: +**Copy a local file to a remote server:** ```bash -scp /local/file/path fabrice@servername.fabq.ca:/remote/file/path +scp @: ``` -- `/local/file/path`: Specify the path to the local file you want to copy. -- `fabrice@servername.fabq.ca`: This is the user and remote server where the file will be copied. -- `/remote/file/path`: This is the destination path on the remote server. - -**Copy a Directory** - -To copy an entire directory, use the `-r` option, which stands for "recursive": +**Copy a directory recursively:** ```bash -scp -r /home/fabrice/foldername/ root@servername.fabq.ca:/remote/parent/ +scp -r / @:/ ``` -- `-r`: This option enables recursive copying of directories and their contents. -- `/home/fabrice/foldername/`: The path to the local directory you wish to copy. -- `root@servername.fabq.ca:/remote/parent/`: The destination path on the remote server where the directory will be copied. +- `-r`: Enables recursive copying of directories and their contents. -**Copy a Configuration File Using a Specific SSH Key** - -To copy a configuration file while specifying a particular SSH key for authentication, use the following command: +**Copy a file using a specific SSH key:** ```bash -scp -i /home/fabrice/.ssh/fabquenneville /mnt/workbench/webserver/projectname/config.ini fabrice@servername.fabq.ca:/mnt/workbench/projectname/ +scp -i @: ``` -- `-i /home/fabrice/.ssh/fabquenneville`: This option specifies the identity file (private key) for authentication. -- `/mnt/workbench/webserver/projectname/config.ini`: The path to the local configuration file being transferred. -- `fabrice@servername.fabq.ca`: The user and server to which the file is being copied. -- `/mnt/workbench/projectname/`: The destination path on the remote server where the file will be stored. +- `-i `: Specifies the identity file (private key) for authentication. ## Send Remote Commands -**Execute Commands Directly on a Remote Server** - -You can use the `ssh` command to execute various commands on a remote server. Here are some examples: - -**Run a Local Script on a Remote Server** +**Run a local script on a remote server:** ```bash -ssh fabrice@servername.fabq.ca 'bash -s' < /local/path/to/script.sh +ssh @ 'bash -s' < ``` -- This command will execute the local script located at `/local/path/to/script.sh` on the remote server. - **Remove a file:** ```bash -ssh fabrice@192.168.1.100 "rm /home/fabrice/filename.log" +ssh @ "rm " ``` **Mount all filesystems:** ```bash -ssh root@servername.fabq.ca "mount -a" +ssh root@ "mount -a" ``` **Reboot the remote server:** ```bash -ssh root@servername.fabq.ca "reboot -h now" +ssh root@ "reboot -h now" ``` **Connect using a host key alias:** ```bash -ssh -o "HostKeyAlias=servername" root@192.168.1.100 +ssh -o "HostKeyAlias=" root@ ``` ## Test Connection, Add Alias, and Update Known Hosts -**Test Connection with Host Key Alias** +**Test connection with host key alias:** -Use the following commands to establish an SSH connection while specifying a host key alias. This helps avoid conflicts with existing entries in the `known_hosts` file. +Commands to establish an SSH connection while specifying a host key alias. This helps avoid conflicts with existing entries in the `known_hosts` file. ```bash -ssh -o 'HostKeyAlias=servername.fabq.ca' fabrice@192.168.1.100 -ssh -o 'HostKeyAlias=servername' fabrice@192.168.1.100 +ssh -o 'HostKeyAlias=' @ +ssh -o 'HostKeyAlias=' @ ``` -**Test Host Identity without Authenticating** - -To test the identity of a remote server without fully authenticating and to check connectivity, use the following command: +**Test host identity without authenticating:** ```bash -ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=servername' fabrice@192.168.1.100 /bin/true +ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=' @ /bin/true ``` -- `-e none`: Disables encryption for this command, which is useful in specific testing scenarios. -- `-o 'BatchMode=yes'`: Ensures that SSH does not prompt for user interaction, making it suitable for scripts. -- `/bin/true`: Executes a simple command that always returns success, confirming the connection without further actions. +- `-e none`: Disables escape character processing. +- `-o 'BatchMode=yes'`: Suppresses all prompts, suitable for scripts. +- `/bin/true`: Simple command that always returns success, confirming the connection without further actions. -This command allows you to verify that you can connect to the server while avoiding any authentication prompts. +**Retrieve public SSH keys from a remote server:** -**Retrieve Public SSH Keys** - -To retrieve the public SSH keys from a remote server, use the following command: - -``` -ssh-keyscan -H servername.fabq.ca +```bash +ssh-keyscan -H ``` -- This command fetches the public SSH keys from the specified server, allowing you to add them to your `known_hosts` file. -- It does not establish a full SSH session and is primarily used for key retrieval, which helps ensure secure connections in future interactions. +- Fetches the server's public SSH keys without establishing a full session. Used to pre-populate `known_hosts`. -By using both commands, you can test connectivity to a remote server and gather its public SSH keys for secure authentication later. - -**Add Alias to SSH Config for Easy Access** - -To simplify your SSH connections, you can create an alias for your SSH connections by editing the `~/.ssh/config` file: +**Add an alias to SSH config for easy access:** ```ini -Host servername - HostName servername.fabq.ca - User fabrice - IdentityFile ~/.ssh/fabquenneville +Host + HostName + User + IdentityFile ``` -- `Host servername`: This defines the alias you will use for the SSH connection. -- `HostName servername.fabq.ca`: This is the actual hostname of the remote server. -- `User fabrice`: This specifies the user to log in as. -- `IdentityFile ~/.ssh/fabquenneville`: This indicates the SSH key file to use for authentication. - ## Remove Offending SSH Keys -When you encounter an "offending key" warning when connecting to a server, you can remove the old key from the `known_hosts` file. This is necessary if the server's host key has changed. +When a server's host key has changed, remove the old entry from `known_hosts`. -**View Known Hosts** - -To view the contents of your `known_hosts` file, use: +**View known hosts:** ```bash cat ~/.ssh/known_hosts ``` -**Edit Known Hosts Manually (Optional)** - -You can edit the `known_hosts` file manually if you prefer: +**Edit known hosts manually:** ```bash nano ~/.ssh/known_hosts ``` -**Update Known Hosts File with SSH Key** +**Update known hosts with current server key:** ```bash -ssh-keyscan -H servername.fabq.ca >> ~/.ssh/known_hosts +ssh-keyscan -H >> ~/.ssh/known_hosts ``` -- This command retrieves the public key of the specified server and appends it to your `known_hosts` file, allowing SSH to recognize the server during subsequent connections. - -**Remove Offending Key by Hostname** - -You can use the `ssh-keygen` command to remove specific keys from your `known_hosts` file. Here are examples for different scenarios: - -- To remove the offending key for a specific server: +**Remove offending key by hostname or IP:** ```bash -ssh-keygen -R "servername.fabq.ca" -ssh-keygen -R "192.168.1.100" +ssh-keygen -R "" +ssh-keygen -R "" ``` -- To specify the `known_hosts` file directly: +**Remove offending key specifying the known_hosts file:** ```bash -ssh-keygen -f "/home/fabrice/.ssh/known_hosts" -R "servername.fabq.ca" -ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.1.100" -ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "servername.fabq.ca" +ssh-keygen -f "/home//.ssh/known_hosts" -R "" +ssh-keygen -f "/root/.ssh/known_hosts" -R "" +ssh-keygen -f "/etc/ssh/ssh_known_hosts" -R "" ``` -**Summary of Key Removal** - -You can also use a shorthand command to remove the offending key without specifying the file: - -```bash -ssh-keygen -R servername.fabq.ca -``` - -This will automatically target the correct `known_hosts` file based on your user and system configuration. - ## Change SSH Port -To enhance security, you may want to change the default SSH port (22) to a custom port. Follow these steps: - -**1. Edit the SSH Configuration File** - -Open the SSH daemon configuration file using a text editor: +**1. Edit the SSH configuration file:** ```bash nano /etc/ssh/sshd_config ``` -Edit the following line to set a new port (e.g., port 2222): +Set the desired port: ```ini -Port 2222 +Port ``` -- Locate the line that specifies the port (usually `#Port 22`) and change it to your desired port number (e.g., `Port 2222`). -- Make sure to uncomment the line by removing the `#`. - -**2. Create Directory for Systemd Override** - -If you're using systemd, create a directory for the SSH socket override: +**2. Create directory for systemd override:** ```bash mkdir -p /etc/systemd/system/ssh.socket.d ``` -**3. Create an Override Configuration File** - -Create or edit the override configuration file for the SSH socket: +**3. Create the override configuration file:** ```bash nano /etc/systemd/system/ssh.socket.d/override.conf ``` -- Add the following lines to specify the custom port: - ```ini [Socket] -ListenPort=2222 # Replace with your desired port number +ListenPort= ``` **4. (Optional) Edit the Sockets Target Configuration** @@ -411,32 +363,20 @@ You may also want to edit the sockets target configuration to ensure it points t nano /etc/systemd/system/sockets.target.wants/ssh.socket ``` -- Make any necessary adjustments based on your custom port. - -**5. Restart the SSH service to apply the changes** - -After making changes, restart the SSH service to apply the new configuration: +**5. Restart the SSH service to apply the changes:** ```bash systemctl restart sshd ``` -**6. (Optional) Verify the New Port** - -To verify that SSH is listening on the new port, you can use: +**6. Verify the new port:** ```bash netstat -tuln | grep LISTEN ``` -This will display the ports currently being listened to, allowing you to confirm that your changes were successful. - ## Restart ssh -**Restart the SSH service to apply changes** - -To restart the SSH service, use the following command: - ```bash systemctl restart sshd ``` diff --git a/notes/storage.md b/notes/storage.md index 39abaf0..a936e64 100644 --- a/notes/storage.md +++ b/notes/storage.md @@ -11,10 +11,15 @@ - [Inspect fstab](#inspect-fstab) - [Find Device Path from UUID](#find-device-path-from-uuid) - [Power On Hours](#power-on-hours) + - [Swap](#swap) - [Partitions and Filesystems](#partitions-and-filesystems) + - [TRIM](#trim) - [Mounting](#mounting) - [SMART Diagnostics](#smart-diagnostics) + - [Hardware Monitoring](#hardware-monitoring) + - [Kernel Messages](#kernel-messages) - [Badblocks](#badblocks) + - [Hex Dump](#hex-dump) - [Cloning drives and images with dd](#cloning-drives-and-images-with-dd) - [Benchmarking](#benchmarking) - [USB Devices](#usb-devices) @@ -57,6 +62,14 @@ lsblk -f - `-f`: Add filesystem type, label, and UUID to the tree. +**Exclude loop devices from the listing** + +```bash +lsblk -e 7 +``` + +- `-e 7`: Excludes device major number 7 (loop devices), keeping the output clean on systems with many snaps or loop mounts. + **Disk space usage for all mounted filesystems** ```bash @@ -92,6 +105,7 @@ Using `blkid`: ```bash blkid | grep blkid -U +blkid ``` ### Power On Hours @@ -100,6 +114,15 @@ Check power-on hours across multiple drives at once: ```bash for dev in /dev/sd{a,b,c,d}; do echo -n "$dev: "; smartctl -a $dev | grep "Power_On_Hours"; done +for dev in /dev/sd{a..d}; do echo -n "$dev: "; smartctl -a $dev | grep "Power_On_Hours"; done +``` + +### Swap + +Check Swap currently used by the system: + +```bash +swapon --show ``` ## Partitions and Filesystems @@ -116,6 +139,28 @@ fdisk -l fsck ``` +## TRIM + +TRIM allows the OS to inform the drive which blocks are no longer in use, maintaining performance on SSDs and NVMe drives over time. + +**Run TRIM once manually across all mounted filesystems:** + +```bash +fstrim -av +``` + +- `-a`: Run on all mounted filesystems that support TRIM. +- `-v`: Verbose — reports how much space was freed per filesystem. + +**Enable the weekly TRIM timer:** + +```bash +systemctl enable --now fstrim.timer +``` + +- Debian/Ubuntu run this weekly by default once enabled. +- Check timer status with `systemctl status fstrim.timer`. + ## Mounting **Validate all `fstab` entries** @@ -141,6 +186,12 @@ findmnt mount | grep ``` +**Check active mounts for a specific mountpoint:** + +```bash +cat /proc/mounts | grep +``` + **Apply fstab changes without rebooting** ```bash @@ -168,6 +219,13 @@ smartctl -a smartctl -i ``` +```bash +for dev in /dev/sd[a-z] /dev/nvme[0-9]n[0-9]; do + echo "--- $dev ---" + smartctl -i $dev | grep -Ei "Model|Serial Number|Capacity" +done +``` + **Run a short SMART test:** ```bash @@ -192,6 +250,133 @@ smartctl -a smartctl -A ``` +**Filter for key health attributes:** + +Check the most important failure indicators in a single line: + +```bash +smartctl -A | grep -E "Reallocated|Pending|UDMA_CRC" +``` + +**Check multiple health attributes at once:** + +```bash +smartctl -a | grep -E "Power_On_Hours|Load_Cycle_Count|Reallocated_Sector_Ct" +``` + +**Check temperatures across all drives:** + +Scans all SMART-capable devices and prints their temperature: + +```bash +smartctl --scan | awk '{print $1}' | while read dev; do \ + echo -n "$dev: "; \ + smartctl -A $dev | grep -iE 'Temperature|Airflow_Temp' | awk ' + /Temperature_Celsius/ {print $10 "°C"} + /Airflow_Temperature_Cel/ {print $10 "°C"} + /Temperature:/ {print $2 "°C"} + ' | head -n 1; \ +done +``` + +**Watch drive temperatures continuously:** + +```bash +watch -n 5 "smartctl --scan | awk '{print \$1}' | while read dev; do \ + echo -n \"\$dev: \"; \ + smartctl -A \$dev | grep -iE 'Temperature|Airflow_Temp' | awk '\ + /Temperature_Celsius/ {print \$10 \"°C\"} \ + /Airflow_Temperature_Cel/ {print \$10 \"°C\"} \ + /Temperature:/ {print \$2 \"°C\"}' | head -n 1; \ +done" +``` + +## Hardware Monitoring + +**Install lm-sensors:** + +```bash +apt install lm-sensors +``` + +**Detect available sensor chips:** + +Run once after installation to probe for hardware sensors: + +```bash +sensors-detect +``` + +**Display current sensor readings:** + +Shows CPU, GPU, and motherboard temperatures, fan speeds, and voltages: + +```bash +sensors +``` + +## Kernel Messages + +**Tail the most recent kernel messages:** + +```bash +dmesg | tail -n 25 +``` + +**Show only errors and warnings:** + +```bash +dmesg --level=err,warn +``` + +**Show kernel messages with human-readable timestamps:** + +```bash +dmesg -T +``` + +**Filter for NVMe events:** + +```bash +dmesg | grep -i nvme +dmesg -w | grep -i nvme +``` + +- `-w`: Follow — print new messages as they arrive (like `tail -f`). + +**Filter for ATA/SCSI/SATA/NVMe device events:** + +```bash +dmesg | grep -i -E 'scsi|ata|nvme|sata' +``` + +**Filter for I/O errors:** + +```bash +dmesg | grep -i "I/O error" +``` + +**Filter for ATA/SCSI/SATA/NVMe device errors:** + +```bash +dmesg | grep -i -E 'scsi|ata|nvme|sata' +``` + +**Map ATA port number to block device name:** + +When `dmesg` reports an error on e.g. `ata7` and you need to identify which physical drive that is: + +```bash +ls -l /sys/class/block/ | grep ata +dmesg -T | grep -iE "ata" +``` + +**Filter for BTRFS events:** + +```bash +dmesg | grep -i btrfs +``` + ## Badblocks **Read-only test:** @@ -221,6 +406,37 @@ Overwrites all data — use only on blank drives or drives to be deleted. badblocks -wsv ``` +## Hex Dump + +Inspect raw bytes on a device directly, useful for verifying partition tables, boot sectors, or investigating corruption. + +**View the first 512 bytes (MBR / partition table):** + +```bash +hexdump -C -n 512 +``` + +**View 1 MB of data starting at a specific offset:** + +```bash +hexdump -C -s 1G -n 1M +``` + +- `-C`: Canonical format — hex on the left, ASCII on the right. +- `-n `: Number of bytes to read. +- `-s `: Skip to this offset before reading. + +**Extract readable strings from a raw device:** + +Useful for locating file paths, filenames, or metadata remnants directly on a block device: + +```bash +strings | grep -C 200 "" > .txt +``` + +- `-C 200`: Show 200 lines of context around each match. +- Redirect to a file — output can be very large on multi-TB drives. + ## Cloning drives and images with dd **Clone a drive or create an image:**