Running out of space on your server? This may cause the site and database to malfunction. To free up space, you need to identify the files taking up the most room and delete them. In this article, we’ll explain how to easily accomplish this using the ncdu utility and how to safely clean up logs.

Step 1: Installing and running ncdu​

ncdu  is a handy tool for disk space analysis. It displays all folders and files sorted by size in an easy-to-use text interface.

To use this program, you’ll need to connect to your server via SSH.  

Installation

• Debian/Ubuntu:

sudo apt update && sudo apt install ncdu

• CentOS/AlmaLinux/Rocky Linux:

sudo yum install ncdu

Running disk analysis

• To scan the root directory /, execute:

sudo ncdu -x /

The -x option in ncdu restricts the scan to a single file system, excluding mounted virtual directories (e.g., /proc, /dev, /sys) and any other volumes mounted via separate mount points (e.g., network or external drives).

• To analyze a specific directory:

sudo ncdu /path/to/directory

For example, to scan only the logs directory, run:

sudo ncdu /var/log

Step 2: Analyzing and deleting unnecessary files​

After running ncdu, you will see a list of files and folders sorted by size. Navigation is simple:

• Up/Down arrow keys — move through the list.
• Enter — navigate into a directory.
• D — delete the selected file or folder.

It is safer to create a list of files and directories taking up significant space (highlight rows in ncdu and copy them to a notepad on your local PC), then review each individually and delete them using the command line.

To delete a file, run:

sudo rm -f /path/to/file

To delete a directory:

sudo rm -rf /path/to/directory

  Here's a list of the major directories that tend to take up a lot of space:

1. /var/www/ - directory with your sites

Often, the largest directories are upload and cache in the root directory of the website, containing user-uploaded files and the site cache, respectively. For example:

/var/www/user/data/www/yoursite.com/upload/

Files in these directories are relatively safe to delete. However, only you, as the administrator of your website, know which files in the upload directory are important and which are no longer needed. It is recommended to leave the directory itself intact to avoid errors. 

2. /var/lib/mysql/

This is the directory containing your website databases. 

If it is taking up an unusually large amount of space, contact your hosting provider for a deeper analysis of the issue. 

3. /var/log/

This directory stores logs generated by software running on your server. Logs have specific characteristics, and their cleanup is covered in a separate article.

Step 3: Finalizing and verifying​

After deleting unnecessary files, check how much space has been freed using the command:

df -h

Forgot your MariaDB root password? Without it, you won’t be able to manage users, databases, or perform critical configurations. In this article, you’ll learn not only how to quickly reset the MariaDB root password but also how to reset the password for regular users. 

All operations will be performed via the command line over SSH. You can find detailed instructions on how to connect to your server using SSH in this article. 

Before proceeding, check the contents of the /root/.my.cnf file. Often, it contains the current root password for accessing MariaDB. 

To test the connection, use the command:

mysql -u root -p 

Then, enter the password from the .my.cnf file. 

If the password doesn’t work, follow the instructions below. 

Resetting the password​

Step 1: Stop MariaDB​

To reset the password, first stop the MariaDB server. Enter the following command:

systemctl stop mariadb

 Step 2: Restart the server in safe mode​

• For Debian and Ubuntu:

Make sure the directory MariaDB will run from exists and has the correct owner:

mkdir -p /var/run/mysqld/ && chown -R mysql: /var/run/mysqld/

 Start the MariaDB server without access control:

mysqld_safe --skip-grant-tables --socket=/var/run/mysqld/mysqld.sock &

If the MariaDB server starts successfully, you will see a message similar to:

2024-11-28T23:50:19.298141Z mysqld_safe Starting mariadb daemon with databases from /var/lib/mysql

To continue working in the command line, press “Ctrl + C”. 

• For CentOS/RockyLinux/AlmaLinux:

Start the MariaDB server without access control:

mysqld_safe --skip-grant-tables --socket=/var/lib/mysql/mysql.sock &

To continue working in the command line, press “Ctrl + C”.

Step 3: Connect to MariaDB​

• For Debian and Ubuntu:

mysql --socket=/var/run/mysqld/mysqld.sock

• For CentOS/RockyLinux/AlmaLinux:

mysql --socket=/var/lib/mysql/mysql.sock

 Step 4: Reset the password​

Execute the following commands sequentially:

FLUSH PRIVILEGES;

 For a local user:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword';

For a network user (if it exists):

ALTER USER 'root'@'%' IDENTIFIED BY 'NewPassword';

Then:

FLUSH PRIVILEGES;

Replace NewPassword with your desired new password.

Exit MariaDB using the exit command or by pressing “Ctrl + D”. 

Step 5: Restart MariaDB​

Stop the MariaDB server:

• For Debian and Ubuntu:

mysqladmin shutdown --socket=/var/run/mysqld/mysqld.sock -p

Then, enter the previously set root password.

• For CentOS/RockyLinux/AlmaLinux:

mysqladmin shutdown --socket=/var/lib/mysql/mysql.sock -p

Then, enter the previously set root password.

Start MariaDB in normal mode:

systemctl start mariadb

 How to reset the password for regular users​

If you forget the password for a user other than root, the approach is similar:

1. Connect to the MariaDB server as root:

mysql -u root -p

 Enter your MariaDB root password.

2. Execute the command to change the password:

For a local user:

ALTER USER 'username'@'localhost' IDENTIFIED BY 'NewUserPassword';

For a network user (if it exists):

ALTER USER 'username'@'%' IDENTIFIED BY 'NewUserPassword';

Then:

FLUSH PRIVILEGES;

Replace username with the actual username and NewUserPassword with your desired new password.

Exit MariaDB using the exit command or by pressing “Ctrl + D”.

If necessary, you can list all users with the following query:

SELECT User, Host FROM mysql.user;

How to connect to MariaDB locally without entering a password​

To avoid entering the password manually each time you connect to MariaDB from the command line on your server, you can save it in the /root/.my.cnf file. Open the file in a text editor:

nano /root/.my.cnf

Add the following lines:

[client]

user = root
password = YourRootPassword

Replace YourRootPassword with your actual root password.

Save the file by pressing Ctrl + O, then exit the text editor with Ctrl + X. 

For security purposes, set stricter permissions on the .my.cnf file:

chmod 600 /root/.my.cnf

After this, you can connect by simply running the command:

mysql -u root

Forgot the MySQL root password? Don't worry, it happens even to experienced administrators. In this article, we’ll explain how to reset the MySQL root password for different versions: MySQL 5.7 and MySQL 8.0+. Additionally, we’ll cover how to reset the password for a regular database user. 

All operations will be performed via the command line over SSH. You can find more detailed instructions on connecting to your server using this protocol in this article. 

Before proceeding, check the contents of the /root/.my.cnf file. Often, it contains the current root password for accessing MySQL. 

You can test the connection using the command:

mysql -u root -p 

Then, enter the password from the .my.cnf file. 

If the password doesn’t work, follow the instructions below.

How to reset root MySQL password​

Step 1: Stop MySQL​

To reset the password, you first need to stop the MySQL. Enter the following command:

• For Debian and Ubuntu:

systemctl stop mysql

• For CentOS/RockyLinux/AlmaLinux:

systemctl stop mysqld

Step 2: Restart the server in safe mode​

• For Debian and Ubuntu:

Make sure that the directory from which MySQL will be run exists and has the appropriate owner:

mkdir -p /var/run/mysqld/ && chown -R mysql: /var/run/mysqld/

 Start the MySQL server without access control:

mysqld_safe --skip-grant-tables --socket=/var/run/mysqld/mysqld.sock &

If MySQL starts correctly, you’ll see a message similar to:

2024-11-28T23:50:19.298141Z mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

To continue working in the command line, press “Ctrl + C”.

• For CentOS/RockyLinux/AlmaLinux:

sudo -u mysql mysqld --skip-grant-tables --socket=/var/run/mysqld/mysqld.sock &

 Step 3: Connect to MySQL​

 mysql --socket=/var/run/mysqld/mysqld.sock

 Step 4: Reset the password​

• For MySQL 5.7, execute the following commands sequentially:

FLUSH PRIVILEGES;

 For a local user:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewPassword';

For a network user (if it exists):

ALTER USER 'root'@'%' IDENTIFIED BY 'NewPassword';

Then:

FLUSH PRIVILEGES;

Replace NewPassword with your desired new password.

Exit MySQL using the exit command or by pressing “Ctrl + D”.

• For MySQL 8.0+, execute the following commands:

FLUSH PRIVILEGES;

 For a local user:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'NewPassword';

For a network user (if it exists):

ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'NewPassword';

Then:

FLUSH PRIVILEGES;

Replace NewPassword with your desired new password.

Exit MySQL using the exit command or by pressing “Ctrl + D”.

Step 5: Restart MySQL​

Stop MySQL:

mysqladmin shutdown --socket=/var/run/mysqld/mysqld.sock -p

Then, enter the previously set root password.

Start MySQL in normal mode:

• For Debian and Ubuntu:

systemctl start mysql

• For CentOS/RockyLinux/AlmaLinux:

systemctl start mysqld

 How to reset the password for regular users​

If you forgot the password for a user other than root, the approach is similar:

1. Connect to the MySQL server as root:

mysql -u root -p

 Enter your MySQL root password.

2. Execute the command to change the password:

• MySQL 5.7:

For a local user:

ALTER USER 'username'@'localhost' IDENTIFIED BY 'NewUserPassword';

For a network user (if it exists):

ALTER USER 'username'@'%' IDENTIFIED BY 'NewUserPassword';

Then:

FLUSH PRIVILEGES;

Replace username with the existing username and NewUserPassword with the new desired password.

Exit MySQL using the exit command or by pressing “Ctrl + D”.

• MySQL 8.0+:

For a local user:

ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'NewPassword';

For a network user (if it exists):

ALTER USER 'username'@'%' IDENTIFIED WITH mysql_native_password BY 'NewPassword';

Replace username with the existing username and NewUserPassword with the new desired password.

Then exit MySQL using the exit command or the “Ctrl + D” key combination.

If necessary, you can list all users with the following query:

SELECT User, Host FROM mysql.user;

 How to connect to MySQL locally without entering a password​

To avoid entering the password manually every time you connect to MySQL from the command line on your server, you can save it in the /root/.my.cnf file. Open the file in a text editor:

nano /root/.my.cnf

Add the following lines:

[client]

user = root
password = YourRootPassword

Replace YourRootPassword with your actual root password.

Then save the file using the “Ctrl + O” key combination and exit the text editor with “Ctrl + X”.

For security, set stricter permissions on the .my.cnf file:

chmod 600 /root/.my.cnf

After this setup, you can connect by simply running the command:

mysql -u root

The TAR format is extremely popular in the Linux world and is the de facto data archiving standard. It can’t compress files by itself but perfectly cooperates with such compression utilities as gzip or bzip2. Therefore, most archives packed with this format that you can find on the web will look as archive_name.tar.gz.

Before You Begin​

In most cases, tar is installed by default. To be 100% sure, run the command to install this archiver:

For Debian and Ubuntu:

sudo apt update && sudo apt install tar

For CentOS and Rocky Linux/AlmaLinux:

sudo yum makecache && sudo yum install tar

How to Create a TAR Archive​

Without compression:

tar -cvf archive.tar /file/path

Where:

• -c — to create an archive
• -v — show details in the terminal (you’ll find it useful if you want to see what’s going on)
• -f — specify the name of the archive file

With additional compression (for example, gzip):

tar -czvf archive.tar.gz /file/path

• -z — adds gzip compression.

The second command is preferable in most cases, since additional compression will save time for downloading or uploading a file from or to the server, and the archive will take up less drive space.

How to extract a TAR Archive​

For gzip:

tar -xzvf archive.tar.gz

For bzip2:

tar -xjvf archive.tar.bz2

For a uncompressed archive:

tar -xvf archive.tar

Additional Useful Options​

• -t — view the archive contents without unpacking:

tar -tvf archive.tar

Shows a list of archive files in the console, but doesn’t unpack it.

• -u — update files within the archive:

tar -uf archive.tar /path/to/new_files

Consider the following details when updating a file within the archive:

• If the archive contains no new_file.txt, it will be added.
• If the archive already contains a file of the same name, but its contents on the drive have changed, then this file will be updated to the latest version.

You can also use this command to update multiple files at once, for example:

tar -uf archive.tar /path/to/new_files/*.txt

This command will update all txt files in the archive and will add new ones if they haven’t been added before.

The RAR format is famous for its high compression level, support for data recovery, and high tamper resistance, which made it quite popular in the Windows community. But yet, it’s less popular among Linux users and administrators than a number of other archives. However, you may need to be able to work with it on the server, so let’s take a look at the basic commands and options you’ll need to confidently work with RAR archives in a command prompt.

Before You Begin​

Make sure that you have all the required packages installed.

For Debian and Ubuntu:

sudo apt update && sudo apt install rar unrar

For CentOS and Rocky Linux/AlmaLinux:

# Add an additional EPEL repository, since the system ones contain no rar
sudo yum install epel-release
sudo yum makecache && sudo yum install rar unrar

How to Create a RAR Archive​

Use the following command to create an archive:

rar a archive.rar /directory/path/

For example:

rar a backup.rar /var/www/html/

How to extract a RAR Archive​

To extract the archive in the current directory, use the following command:

unrar x archive.rar

To extract the archive to a directory other than the current one, you need to specify the path to it at the end. For example:

unrar x backup.rar /home/user/backup/

Additional Useful Options​

• -l — show a list of files within the archive without extracting it:

unrar l archive.rar

• -u — update files within the archive:

rar u archive.rar /path/to/new_files

Consider the following details when updating a file within the archive:

• If the archive contains no new_file.txt, it will be added.
• If the archive already contains a file of the same name, but its contents on the drive have changed, then this file will be updated to the latest version.

You can also use this command to update multiple files at once, for example:

rar u archive.rar *.txt

This command will update all txt files in the archive and will add new ones if they haven’t been added before.

• -p — set a password for the archive:

rar a -p archive.rar /file/path

ZIP is one of the most popular archiving formats. Unlike a home PC that allows you to work with such archives in a convenient graphical interface, most servers don’t provide such an opportunity. So, be sure to know the basic commands to perform typical tasks via a command prompt.

Before You Begin​

Make sure that you have all the required packages installed.

For Debian and Ubuntu:

sudo apt update && sudo apt install zip unzip

For CentOS and Rocky Linux/AlmaLinux:

sudo yum makecache && sudo yum install zip unzip

How to Create a ZIP Archive​

Use the following command to create an archive:

zip -r archive_name.zip /directory/path/

The -r is used to recursively add all files and subdirectories to the archive.

How to extract a ZIP Archive​

To extract zip archive you can use the following command:

unzip archive.zip

The contents will be unzipped in the current directory by default. If you want to unzip the archive into another place, use the -d option.

For example:

unzip backup.zip -d /home/user/backup/

Additional Useful Options​

• -l — show a list of files within the archive without unzipping it:

unzip -l archive.zip

• -u — update a file within the archive:

zip -u archive.zip new_file.txt

Consider the following details when updating a file within the archive:

• If the archive contains no new_file.txt, it will be added.
• If the archive already contains a file of the same name, but its contents on the drive have changed, then this file will be updated to the latest version.

You can also use this command to update multiple files at once, for example:

zip -u archive.zip *.txt

This command will update all .txt files in the archive and will add new ones if they haven’t been added before.

• -e — set a password for the archive:

zip -e archive.zip /file/path

How to use an FTP server?​

When working with FTP and SFTP servers, it is important to understand how to properly connect and protect your data. In this guide, we will look at step-by-step instructions on how to set up connections to FTP and SFTP servers, and learn how to use SSH keys to increase connection security.

Using a special FTP client is the best way to simplify your life when working with FTP. The user-friendly interface will allow you to send and receive data from your computer to the server. The most popular FTP clients are:

• WinSCP for Windows

• Transmit

• Cyberduck

• Filezilla

Let's consider connecting to the server using Filezilla on Windows.

1. Open the site manager (File – Site manager). Click the "New site" button.

2. Enter the connection name and login credentials

3. Select the encryption mode "Use explicit FTP over TLS if available"

4. Click "Connect"

5. Now you can work with the FTP server and upload the first data to it

How do you use an SFTP server?​

1. Open the site manager (File – Site manager). Click the "New site" button.

2. Enter the connection name and access data

3. Select the SFTP protocol from the General tab

4. Click "Connect"

5. Now you can work with the SFTP server and upload the first data to it

We recommend that you always choose the SFTP protocol for your work. All FTP functions are available here and SSH protects your data.

How to use SSH keys with SFTP​

SSH keys allow you to authenticate without a password. Keys are a set of hundreds of different characters, including upper and lower-case Latin characters and special characters. The total length is often between 1024 and 4096 bits. Authentication requires two SSH keys, one public and one private.

• Public keys are available to everyone. It is used to encrypt data when accessing the server. Simply put, it is a set of characters that we use to encrypt information.

• The private key is the key to the lock. It decrypts the data. You need to be much more careful with it: keep it safe and do not give it to second parties.

In the Edit menu, go to Settings. Under Connection › SFTP, you can add your existing SSH private key. In Site Manager select Interactive logon type to connect to the SFTP site.

How to generate SSH keys​

You can create public and private keys using the PuTTYgen. PuTTY stores keys in its own format in .ppk files. To create a new key pair, select the type of key to generate from the bottom of the screen. RSA with 2048 bits is the most popular type.

Then click Generate, and start moving the mouse within the Window. Putty uses mouse movements to achieve randomness. When complete, the public key should appear in the Window. Save the key as a .ppk file.

Installing the public key​

Access to an account is granted by adding the public key to a ~/.ssh/authorized_keys file on the server.

To add the public key, log into the server, edit the authorized_keys file, and cut and paste the public key to the authorized_keys file. Save the file. Add a private key (.ppk) file to PuTTY. Then test if login works.

It is recommended that all SSH keys be regenerated and changed periodically.

Conclusion​

Using FTP clients and following our instructions, you can easily manage files on the server. Do not forget about the importance of SSH keys to protect your data, update them regularly and follow security rules to minimize risks when working with remote servers.

The FTP protocol is prevalent because of its simplicity and availability. However, it needs to be updated and more secure. Here we tell you why you should give it up.

Problems in the FTP architecture​

In general, FTP does not have the level of security required for the modern Internet, and the overall design of the protocol is unsuitable for the modern Internet. It was developed in the 1970s, when the requirements for technology were very different from those of today. Let's understand a bit more about its design.

FTP operates on two channels: command channel and data channel. The data channel has two transmission modes - active and passive.

The difference between active and passive mode is on whose side the establishment of a data connection is initiated.

In passive mode, the server opens a random port from the dynamic range on its side and informs the client about it; the client initiates a TCP connection to this port.

In active mode, a random port from the dynamic range is opened from the client side and it is the server that initiates the TCP connection. In most cases, this mode is not suitable due to the peculiarities of address translation (NAT) settings on the part of home Internet providers, which will not allow to establishment of an incoming connection with the client device.

Disadvantages of FTP​

To upload any file through FTP client and server have to exchange a very large number of messages. This leads to the loss of a lot of time and resources.

Delays occur not only at the FTP level but also at the TCP level because transferring each individual file requires opening a new TCP connection. If you need to transfer more than "a few" files, this is extremely inconvenient.

Another problem is that it is impossible to check if the transfer was completed successfully. The server does not even know the size of the file. If something fails to load during the transfer, neither the client nor the server will know about it.

FTP has other limitations that make working with it extremely inconvenient. For example, you cannot delete directories. You have to delete all files individually, and then delete the directory itself.

In addition, FTP does not support special characters. There are some ways to still use them, but these temporary solutions will inevitably cause problems at work.

There are big privacy issues as well. In FTP, credentials are transmitted unencrypted. The username and password are transmitted in plain text that can be read by anyone capable of intercepting network traffic.

The data itself is not encrypted either. Therefore, it is highly undesirable to send any sensitive information via FTP.

In the case when you still need to use the FTP protocol must pay special attention to the protection of the connection to the Internet. This is a topic for a separate article, but at least it is better not to use public wi-fi networks and use a VPN, preferably on your own server.

A secure alternative to FTP - SFTP​

Of course, there are several alternatives. Let's talk about the best option among them. This is SFTP (SSH File Transfer Protocol). Its most obvious advantage is security and data encryption.

Other benefits of SFTP include:

• pause and resume data transfer,

• complete stop of file transfer,

• the ability to execute basic administrative commands,

• metadata transfer.

By using SSH within the SFTP protocol, you get these benefits:

• Client and Server Authentication. SSH authenticates based on a public and private key pair. This allows you to accurately determine that the client requesting connection to the server is legitimate.

• Data encryption. RSA, DSA, and other types are available.

• Data transmission through a single port reduces the likelihood of an MITM attack.

So, the only reason FTP is still popular and used is force of habit. But that habit should be gotten rid of. And switch to SFTP.

PHP is a programming language needed mainly for web development. PHP runs many popular frameworks and CMS, such as the popular WordPress. Therefore, choosing the right hosting for a PHP website is important for optimal performance. Our article will explain how to make this choice.

PHP version​

The first thing to consider when choosing and setting up PHP hosting is the version of PHP installed on your server. This is directly related to the number of PHP functions available to your server. For new sites, these are usually the latest versions.

Let's imagine that the site was created a long time ago and you want to move it to another hosting provider. Then you need to find out what version of PHP it was written for and it is better to install it on the server.

You may think that the new version is the best and that you should use it. But it is not. New versions often remove features that were previously available.

The FASTPANEL control panel is installed on kodu.cloud servers by default. In it you can select PHP version starting from 5.3 up to the latest stable PHP version released. At the time of writing, this is version 8.3.

As soon as a stable version of PHP is released, it will appear in FASTPANEL. Newer, but not officially released versions will appear in FASTPANEL when their testing is complete. Thus, you can always choose the current and stable version of PHP.

PHP Modes​

There are many modes of PHP: suEXEC, CGI, FastCGI, Apache MPM Prefork, PHP-FPM, and others.

On kodu.cloud servers with FASTPANEL installed, you will have access to preconfigured popular mappings for sites written in PHP.

Nginx + Apache + MPM ITK. This is the easiest web server mode for the user. There is .htaccess support here, but resource consumption can be high. You cannot use a version of PHP that is different from the standard operating system version.

Nginx + PHP-FPM. This mode works faster. Here you can already change the PHP version to the necessary one. But since there is no Apache in the bundle, htaccess files will not be processed.

Nginx + Apache + CGI. This is the slowest mode of operation and is considered deprecated, but may be necessary if the code base of your website is very old.

Nginx + Apache + FastCGI. This is a more productive and modern version of CGI. Unlike CGI, this mode does not launch a separate process for each script. Therefore, resources are used more optimally. Here you can change PHP versions without losing the ability to process htaccess.

Nginx + PHP-FPM and Nginx + Apache + FastCGI are the optimal bundles for today. You can also contact our technical support team to find out which mode works best for you.

PHP modules​

In some cases, additional modules are needed for a website to work. For example, if the website uses sqlite, redis, PostgreSQL, or something else.

At kodu.cloud you can install the PHP modules you need. In FASTPANEL you can select and install popular PHP modules in one click.

If FASTPANEL does not have the module you need, you can always contact our technical support and we will connect it.

PHP Parameters​

In FASTPANEL you can customize the parameters required for PHP to work. For example, a limit on the size of uploaded files, script execution time, or the memory allocated for script execution.

CMS​

If you need Wordpress, it can be installed literally at the click of a button. To install another CMS, write to technical support and we will help with the installation.

Outcome​

A competent choice of hosting and optimal PHP configuration will directly affect the stability of your site. And kodu.cloud technical support specialists are always happy to help you.

SSH (Secure Shell) is an encrypted network protocol for remote control of an operating system and file transfer. It is the primary method for working with a server through the command line. On kodu.cloud servers, it is available by default. This article will guide you on how to connect to a server via SSH on Windows, Linux, and MacOS, as well as authorizing through SSH keys.

SSH Connection on Windows​

Starting with 1, the Windows command line can work with the built-in OpenSSH client. Before that, SSH on Windows worked through a third-party program, one of the popular clients was PuTTY. Below, we will discuss connecting through the built-in Windows 11 client, and then briefly describe connecting through PuTTY. When connecting, you can use your login and password to log in, or you can configure authorization by SSH key. Let's start with the first method, and in the second half of the article, we will learn how to use an SSH key.

SSH Connection in Windows 11 with Login and Password​

As a rule, OpenSSH is pre-installed in Windows 11 Professional Edition. In Windows 11 Home Edition, you need to install the OpenSSH client. We will use the PowerShell console to work with SSH. Open PowerShell. To do this, press the WIN (Windows flag key) and start typing "PowerShell" or find it in the list of programs in the Start menu. Try entering the command ssh. If the prompt usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]... appears in the console, everything is fine. If the console does not recognize the ssh command, check if OpenSSH is installed using the command in PowerShell.

Checking for and Installing OpenSSH​

Open the PowerShell console, selecting the option Run as Administrator. Enter the following command:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Client*

In our case, OpenSSH is installed.

If the command returns a result, then OpenSSH is installed. If not, install it using the following command:

Add-WindowsCapability -Online -Name OpenSSH.Client*

Or through Windows 11 settings (Settings - Apps - Features - OpenSSH Client), but this method may not work on Windows 11 Home Edition.

Connecting to the Server​

Requirements for authorization on the server: server IP address, username, password. Upon service activation, you received an email with the root user access credentials. Please save them. If necessary, the root password can be reset through the billing system. In the PowerShell console, enter the ssh command with the username and server IP address.

ssh [email protected]

Where root is the username and x.xx.xxx.xxx is the server IP address. You can find the IP address in the billing system by selecting the server in the My Services section. If necessary, specify the connection port using the -p option:

ssh [email protected] -p 22

After this, a password request will appear:

[email protected]'s password:

Enter the password you received by clicking on the link in the "Access Credentials" email. This completes the connection process. You can now enter other commands, and they will be executed on the remote server.

❗ Attention: When entering your password, no characters will be displayed in the input field for security reasons, and the cursor will not move as you type your password. This is normal.

If you have forgotten the root password, it can be reset by selecting your server in the My Services section of the billing system, going to the Management tab, and selecting the Reset root password command.

Connecting via PuTTY​

If you are using an earlier version of Windows, SSH access is provided through third-party programs such as PuTTY. Download and install the program for free. When you open PuTTY for the first time, you will see a settings window. In the Host Name (or IP address) column, enter the server IP. The IP can be checked in the billing system by selecting the server in the My Services section. The default connection port is 22, change the value if necessary. Make sure the connection type is SSH. Click the Open button.

When you connect for the first time, PuTTY Security Alert will ask you to choose whether to trust the server in the future and add information about it to the cache (Accept), or connect once without “remembering” the server (Connect Once).

If you select Accept or Connect Once, a terminal window will appear allowing you to enter your username and password to log into the server. When entering a password, no characters will be displayed, this is normal and is done for security purposes. If there is an error when entering data, you will see the message Access denied. If the connection is successful, a server command line prompt will appear, for example,

root@qwerty123:~#

This completes the connection process. You can enter other commands and they will be executed on the remote server.

Connection via SSH on Linux and MacOS with login and password​

The SSH client comes pre-installed on all Linux systems and MacOS. You can use it from the terminal. In Linux, the terminal can be opened from the main menu or by pressing Ctrl+Alt+T. In MacOS, to connect via SSH, the Terminal utility that comes with the OS is most often used. In the terminal, enter the ssh command with the username and server IP.

ssh [email protected]

where root is the username and x.xx.xxx.xxx is the server IP address. The IP can be checked in the billing system by selecting the server in the My Services section. If necessary, specify the connection port using the -p option:

ssh [email protected] -p 22

After this, a password request will appear:

[email protected]'s password:

Enter the password you received by following the link in the “Access Details” email. This completes the connection process. You can enter other commands and they will be executed on the remote server.

Authorization using SSH key​

Authorization via SSH key is a fast, convenient and more secure way of authorization. To set it up, you first need to generate an SSH key.

Creating an SSH key on Windows 11​

Open PowerShell in administrator mode (Run as administrator in the Start menu). Enter the command ssh-keygen and see the result:

Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\user/.ssh/id_rsa.
Your public key has been saved in C:\Users\user/.ssh/id_rsa.pub.

During the key creation process, the console will ask you to agree to save the key in the default file (.ssh/id_rs) or enter a new address, as well as enter a passphrase.

Passphrase ❗ This is an additional security element of the SSH key. If you ignore entering the secret word and simply press Enter, you will not need to enter any password when logging in later. The server will automatically check the part of the key stored on your computer. However, if someone takes over your computer, they can easily connect to your servers. To avoid this, enter a passphrase.

Generating an SSH key using PuTTYgen​

On Windows versions up to 10, it is convenient to use PuTTYgen, a utility that is installed with PuTTY by default, to create a key. Open PuTTYgen. Click on the Generate button. Move your cursor around the window when PuTTYgen asks you to do so. The key will be generated.

Save the generated key by clicking the Save public key and Save private key buttons. Copy the Public key displayed in the program window to the clipboard (Ctrl+C).

Creating an SSH key on Linux and MacOS​

On Linux and MacOS consoles, use the ssh-keygen utility to generate an SSH key.

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub

During the key creation process, the console will ask you to agree to save the key in the default file (.ssh/id_rsa) or enter a new address, as well as enter a passphrase. Read about the importance of using passphrase earlier in this article.

Placing the public part of the SSH key on the server and connecting without a password​

When authorizing via an SSH key, the public part of the key located on the server is compared with the private part of the key on your computer.

After logging into the server via SSH, the actions in the console performed on the remote server will not be different for Windows, Linux and MacOS.

After connecting to the remote server using your username and password, enter the following commands. They will create a directory and file to store the key and set access rights to them

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys

After this, place the public part of the SSH key you created earlier in the authorized_keys file. To do this, copy the contents of the id_rsa.pub file (if the key was created in PuTTYgen, you could copy the key directly from the program window). Open the authorized_keys file in a console editor, for example nano.

nano ~/.ssh/authorized_keys

Paste the contents of the clipboard into the file (Ctrl+V) and close the editor with the keyboard shortcut Ctrl+X and pressing Y to save the changes. On Linux and MacOS, instead of these manipulations, you can use a command that automatically transfers the public part of the key to a remote server:

ssh-copy-id [email protected]

where root is the username, and x.xx.xxx.xxx is the IP address of the server to which the key should be sent.

The public key was successfully transferred to the remote server. Now, when connecting to the server with the command ssh [email protected], you do not need to enter a password, but you will need to enter a passphrase if it was created when generating the SSH key. If you connect to a remote server via PuTTY, to authorize using a key, enter the path to the file containing the private part of the key in the Connection - SSH - Auth settings in the Private key file for authentication column.

Adding SSH keys to the billing system​

A convenient way to authorize on kodu.cloud servers is to add SSH keys in the billing system. Go to the My Account - SSH Keys section. There you can download the public part of SSH keys, which will be automatically added to your servers for convenient and secure authorization. The keys will only be available when ordering new servers and after reinstalling the OS or starting recovery mode on the servers you are already using.

You can start reinstalling the OS on your servers in the billing system by selecting the server in the My Services section, going to the Management tab and selecting the Reinstall OS option. At this stage, you will be able to select an SSH key from those previously loaded into the billing system for further authorization on the server.

[Order VPS kodu.cloud] (https://kodu.cloud/vps) and try setting up authorization using an SSH key, and our support team will be happy to help and answer any questions.