If you are using the linux command line, there are several programs for you to use to edit files in SSH. This is a convenient way to modify files since you can quickly change them in terminal without using a separate text editor.

Here at InMotion Hosting, our System Administration team primarily uses programs called nano and vi. Vi is a very sophisticated program with somewhat of a high learning curve. Because of this, we’re going to show you how to edit files using the nano SSH editor. The nano editor should be included with all major versions of Linux and Unix.

• Create a File in SSH
• Edit File in SSH
• How to Save & Exit Nano

Create a File in SSH

1. Open a terminal or connect to your server vis SSH.
2. Use the cd command to change to the directory you want to create the file in. In this example, I’m creating a file in the public_html folder.

   cd public_html

3. Run the following command and replace example.html with the name of the file you want to create.

   nano example.html

4. The nano editor will then open up the file and you can begin entering text.
   
5. Once you have finished editing click Ctrl+O then the Enter key to save and create the file.

Edit File in SSH

In this section, we’ll walk you through the process of editing a file via SSH using nano.

1. When editing files with nano, the first thing you’ll need to do is connect to your server via SSH.
2. We’re currently logged in, so let’s run “pwd” command to see what directory we’re in
   

   pwd

   
   
3. Now we’ll run the “ls” command to see what files are in this directory.
   

   ls

   
   
4. As you can see, we’re in the testa folder and there are currently three files: file1.txt, file2.txt, and file3.txt. If we wanted to edit file2.txt using nano, enter the following command:
   

   nano file2.txt

   After running this command, the nano file editor will open and load the contents of file2.txt.
   
   
   What you’re looking at above is me editing a file using nano. The top line shows the version of nano you’re using and the name of the file you’re editing.
   
   
   The bottom part of the screen includes all of the commands that you can run.
   You can then run the ls command to view the new file.
   
   You can move the cursor around with your keyboard arrows, but the mouse will not work in the nano editor. Here I am deleting a line of text in the file.
   
   

So what do you do now? Start editing the file! You can edit the file as you would using any other editor, except you don’t have the option to use your mouse to point and click on items.

How to Save & Exit Nano

The commands at the bottom of the nano page are executed by holding down Ctrl on your keyboard followed by the letter listed. Here are the steps for saving a file and exiting the nano editor.

Save File in Nano

• To save the file (referred to as “WriteOut”), hold Ctrl + O on your keyboard.
  

  Ctrl + O

Exit Nano

• When you’re ready to exit nano, hold Ctrl + X and you will be exited from the application.
  

  Ctrl + X

Congratulations, now you know how to edit a file in SSH using nano, as well as how to save and exit. Check out our Server section for more helpful tutorials to help you manage your environment.

The root user is a sort of “superuser” that can perform advanced system administrative tasks on your system. If you have a VPS or Dedicated Server plan you can use the root user to perform tasks that other users (such as your cPanel user) do not have the privilege of performing.

In an earlier article, we compared Vim versus Emacs and how to port Vim key bindings into Emacs. Power users looking to move away from Nano in the command-line interface (CLI), or Secure Shell (SSH), may have found a resolution with Vim.

Below we’ll cover the basics of:

• How to Use Vim
  • Normal Mode
  • Insert Mode
  • Replace Mode
  • Visual Mode
  • Command Mode
• How to Configure Vim
• Vim Tutorials
  • Vimtutor
  • Vim Cheat Sheet
  • VIM Adventures
  • The Linux Command Line Book

Before using Vim, be sure that you know how to navigate the command line structure in SSH so that you can get to the right files.

How to Use Vim

SSH into your Linux server. To edit or create a file, type the following command: 

vim filename

Next, we’ll cover the multiple Vim modes: insert, replace, visual, command, and normal.

Normal Mode

This is the default mode when you first open a file with Vim. In this mode, you can move the cursor with the arrow keys or Vim key bindings.

Move left: ⬅ or H

Move down: ⬇ or J

Move up: ⬆ or K

Move right: ➡ or L

Navigate words:

Move to start of previous word: B

Move to start of previous word before a whitespace: Shift+ B

Move to end of word: E

Move to end of word before a whitespace:  Shift + E

Move to start of next word: W

Move to start of next word after a whitespace: Shift + W

Navigate lines:

Move to the start of the current line: 0

Move to the end of the current line: $

Copy, cut, and paste:

Copy text: Y

Copy a line: yy

Cut text: D

Cut a line: dd

Paste text: P

Vim Insert Mode

This is the most common mode as it allows you to insert text in a document. To enter this mode: 

Press I or Insert to insert text at the cursor location.

Press O to create a new line below the cursor location and insert text there.

While in Insert Mode, the bottom of the terminal will read -- INSERT --.

Press Esc to return from to Normal mode.

Replace Mode

This mode allows you to replace individual or multiple characters at once.

Press R to replace a single character in the file. There will be an r in the lower-right corner until you replace a character.

Press Shift + R to replace multiple characters or lines within the file. Meanwhile, the bottom of the file will read -- REPLACE --.

Visual Mode

This mode selects text starting from the current cursor position. This may be a more accessible method for easily copying text for some users.

Press V to select individual characters starting from the current cursor position. At the bottom you’ll see
-- VISUAL --.

Press Shift + V to select full lines including the current cursor position. At the bottom you’ll see
-- VISUAL LINE --.

Command Mode

Commands start with : and are executed with Enter. Just as with returning to Normal mode, you can exit out by pressing Esc.

Save changes: :w

Exit Vim without saving changes: :q!

Save changes and exit Vim: :qw

Save changes and exit Vim, enter one of the following: :x or :wq

Quit Vim without saving the file, enter :q

To force an action, add ! to the end of the command. For example, :q! or :wq!.

Open a second document in the terminal with a vertical split:

:vsplit path-to-file

How to Configure Vim

Sysadmins can make system-wide changes to Vim environments within the system vimrc files (/etc/vim/vimrc or /usr/share/vim/vimrc). Users can customize their personal Vim environment by creating a ~/.vimrc file. We’ll share some notable features you can uncomment or add in system or personal vimrc files respectively.

Enable syntax highlighting: 

syntax on

Show matching brackets while coding:

set showmatch

Enable mouse usage in all modes: 

set mouse=a

Vim Tutorials

Want to learn more about Vim? Prefer hands-on training? Check out these resources below for interactive learning and advanced features.

Vimtutor

Vimtutor works as an extension of man vim with lessons to walk you through how to use Vim commands. Start the tutorial with the command vimtutor.

Vim Cheat Sheet

Check out the rtorr Vim cheat sheet for when you’re on the go. It’s available in multiple languages and on GitHub. DuckDuckGo users can find it quickly by searching “vim cheat sheet.”

VIM Adventures

To learn more about using the VIM text editor, you can try the VIM Adventures educational game. The full version requires a paid subscription. However, you can play the free trial in your browser. 

The Linux Command Line Book

One of our technical support representatives recommended The Linux Command Line book for it’s Vim coverage. This is just one of many ways to learn Linux.

Learn more about system administration from our Cloud Server Hosting.

MTR can help answer the following questions:

• Is my server slow?
• If the issue isn’t my server, which hop is?
• Does a hop have intermittent packet loss?
• Do I need to change my server location to improve the user experience (UX) for my target audience?

MTR is unlikely to be pre-installed on your local machine. Below we cover:

• How to Install MTR on Your Computer or Server
  • Install MTR on Linux
  • Install MTR on macOS
  • Install MTR on BSD
• How to Use MTR
• MTR from the server
• WinMTR for Windows

Ask how we can help you develop your next web application with our Cloud Server Hosting.

How to Install MTR

Install MTR on Linux

MTR on Debian/Ubuntu

apt-get install mtr

MTR on Fedora/CentOS

yum install mtr

MTR on Arch/Manjaro

pacman -S mtr

Install MTR on macOS

macOS users need to use a package manager such as Homebrew or MacPorts to install MTR.

Install MTR on BSD

pkg install mtr

How to use MTR

MTR can be used for real-time and report style scans.

Real-time MTR

To see performance results in real-time, run mtr with a domain, server IP, or server hostname (part of your temporary URL).

mtr yourdomain.com

During the scan you have the following options:

• Help – View command options for the current MTR test
• Display mode – Change how packet and ping statistics are shown
• Restart statistics – Restart the test
• Order of fields – Change the order of available columns (press Enter to exit)
• quit – Stop MTR

You can copy the results at any time. We recommend waiting until you’ve sent at least 50 packets to get a clear understanding.

MTR Reports

If you need to share the results with others (e.g. our Live support), add -crw and an output option for easier archival.

mtr -rw yourdomain.com -c 100

• -c or --report-cycles – Set how many pings are sent to test reliability of each hop (each cycle lasts one second)
• -r or --report – Run the test in the background and print the results once complete
• -w or --report-wide – Ensure full hostnames are present in results instead of ???

MTR will stop after 10 sent packets if you don’t specify a number with -c.

To output MTR results to a CSV file:

mtr -rwC yourdomain.com -c 100 > mtr-results.csv

Output options:

• -l or --raw
• -C or --csv (separator is a semi-colon “;”)
• -j or --json
• -x or --xml

MTR from the Server

To better understand network performance issues, you can install MTR on your web server and run it against your local machine.

If the local machine is on a Small Office / Home Office (SOHO) network, you may need to ensure ICMP Ping is enabled on the local router.

Install WinMTR on Windows

Windows users can use a fork of MTR, WinMTR, to test network connections.

As of June 2020, this application hasn’t been updated since April 2013. We recommend you use tracert instead or, if you decide to install WinMTR, remove the software after you receive your results.

1. Download WinMTR from sourceforge.net/projects/winmtr
2. Extract the file and run the executable as an administrator
3. Type the domain in the Host field
4. Select Start
5. Select Stop anytime after 100 packets in the Sent column

Contact our Live Support directly with MTR results for further assistance.

The Telnet command line tool tests port connections with your local network router, servers, and websites. For example, Telnet can help you see why the email is being rejected. Telnet is pre-installed on many Windows, macOS, and Unix OSs.

You may need to enable Telnet on Windows Vista or 7.

Below we cover how to check if a port is open on your server or local network from your terminal with Telnet.

Check if a Port is Blocked with Telnet

Check if port 21 (FTP) is blocked by your local or server firewall:

telnet your-domain.com 21

If the port is blocked, you’ll see similar results to the following:

Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused

If the port is open, you’ll see results similar to the following:

Trying 1.2.3.4...
Connected to your-domain.com.
Escape character is '^]'.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 100 allowed.
220-Local time is now 09:00. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Connected to your-domain.com.
Escape character is '^]'.

Type Ctrl + ] to continue to the prompt. Then type quit, then Enter to close the Telnet connection.

You can also use your server hostname (part of your temporary URL) or server IP.

Check if port 22 (default SSH port) is blocked by your local network or server firewall:

telnet server.hostname.com 22

If the port is open, you’ll see results similar to the following:

Trying 1.2.3.5...
Connected to your-domain.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3

If you’re still having connection issues, consider completing a traceroute/tracepath or mtr to better understand the issue. Feel free to contact Live Support for further assistance troubleshooting performance issues.

Ask us how we can support your next web application project with our Cloud Server Hosting.

To scan your local network, you need to know your local router’s internal IP address.

The easiest way to scan for open ports on your server or network depends on your workflow and desktop operating system (OS).

• macOS users can use the pre-installed Port Scan utility
• Unix desktop users can scan a single port with the pre-installed Netcat (Nc)
• Fast VPS / Dedicated server hosting administrators can use the ConfigServer Security & Firewall (CSF) View Listening Ports function

For those who prefer a desktop application for scanning multiple ports and banner grabbing (e.g. Nginx server version), there’s Nmap.

Nmap (Network Mapper) is a popular cross-platform desktop CLI application for scanning multiple ports on a server or router. Nmap doesn’t just list open ports. It provides in-depth information on services sharing information that could be used to exploit your system. Nmap is bundled with other programs:

• Zenmap GUI application for Nmap
• Ncat quickly scans a single port and more
• Ndiff compares scan results
• Nping does packet generation and response analysis

Below, we’ll cover the basics of port scanning with Nmap:

• Verbose Port Scan
• TCP port scanning
• UDP port scanning

Develop your next web app with our secure Cloud Server Hosting.

Port Scan with Nmap

The basic command format is nmap, necessary flags, then the domain / server IP / server hostname (part of your temporary URL).

nmap domain.com

Your results will show open ports and it’s dedicated service:

Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-01 09:00 EDT
Nmap scan report for domain.com (1.2.3.4)
Host is up (0.010s latency).
rDNS record for 1.2.3.4: server.hostname.com
Not shown: 1000 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds

Verbose Port Scan on a Domain:

Add the following flags for more information on the system and ports:

• -A detects OS, software version, and scripts
• -v provides verbose information

nmap -v -A domain.com

For easier review later, output verbose Nmap results to a file:

nmap -v -A domain.com -oN results.txt

Scan Specific TCP Ports

In this example, ports 21 (FTP), 22 (default SSH port), and 3306 (MySQL):

nmap -p 21,22,3306 domain.com

Scan UDP ports, Timeout After 5 Minutes:

A specified timeout can be useful when dealing with slow servers.

nmap -sU domain.com --host-timeout 5m

Learn more about nmap with the manual:

man nmap

Below we cover how to get your local router IP address in the terminal depending on your OS:

• Most OSs – Netstat
• Windows – ipconfig
• Linux – ip r

These commands may display multiple IP addresses if you’re connected to a VPN. Disconnect from the VPN and rerun the command to be sure which is your local router IP. On home networks, visit the IP address in your web browser (e.g. https://192.168.0.3) to ensure it displays the login page for your home router.

Get Your Local Router IP Address

Most OSs – netstat

The netstat command, pre-installed on most OSs, displays current TCP and UDP network connections with related processes. Netstat with the -r flag provides the IP routing table and internal router IP address.

netstat -r

The results will be the IP address in the first (Destination) column:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.1     0.0.0.0         255.255.255.0   U         0 0          0 eno2

You can use route for the same results:

route -e

Windows – ipconfig

The ipconfig command will show your local network connections and information.

ipconfig

Your local router’s internal IP will show to the right of Default Gateway under your current network (wireless, ethernet, etc.):

Default Gateway . . . . . . . . . : 192.168.0.1

Linux – ip r

The ip command shows similar info to ifconfig and supersedes netstat (part of net-tools) on some Linux OSs. Replacing a with r filters the results to the IP (DNS names instead of host addresses) and interfaces while | grep filters the output to only rows including “default”.

ip r | grep default

The results will show the IP among related information:

default via 192.168.0.10 dev eno2 proto metric 100 

You can use the following commands for the same results:

ip r list | grep default

ip route | grep default

Want to learn more about the command line interface? Check out these 5 free ways to learn Linux.

Develop your next great project with our secure Cloud Server Hosting.

As we continue our series on the cPHulk security features, we will show you the steps to blacklist and whitelist IP addresses via SSH. In the last guide we showed you how to blacklist and whitelist IP addresses in the Web Host Manager or WHM. But doing this with command line using SSH can save time since you do not have to go through the WHM interface.

Blacklist IP Address

1. Connect to your server via SSH as the ‘root’ user.
    
2. Run the following command, but be sure to replace the example IP address (123.45.67.89) with the address you want to blacklist.

   /scripts/cphulkdblacklist 123.45.67.89

   You will then see a response similar to the following:

   123.34.56.78 has been blacklisted

    

   At this time the IP address has been blacklisted. repeat these steps for any IP addresses you want to blacklist.

    

Now that you know how to blacklist an IP address via SSH, we will show you how to whitelist IP addresses.

Whitelist IP Address

1. Connect to your server via SSH as the ‘root’ user.
    
2. Run the following command, but be sure to replace the example IP address (123.45.67.89) with the address you want to whitelist.

   /scripts/cphulkdwhitelist 123.45.67.89

   You will then see a response similar to the following:

   123.34.56.78 has been whitelisted

    

   At this time the IP address has been whitelisted. repeat these steps for any IP addresses you want to whitelist.

    

Congratulations, now you know how to whitelist and blacklist IP addresses via SSH!

Secure your websites with our Dedicated Server Hosting and a hardware firewall today.

CNAME Lookup

1. Login to your server via SSH.
2. Run the following CNAME lookup command. Be sure to replace example.com with the domain you want to check.
   

   host -t cname example.com

   You should see a response similar to this, but it will differ based on the specific domain.

   example.com is an alias for test.travelworld58.com.

   In this example, you see the domain is an alias of another URL. If the domain does not have a CNAME you will see the following result:

   example.com has no CNAME record

Congratulations, now you know how to lookup a CNAME record using SSH!

Note: The higher the number in the algorithm – sha224, sha384, etc. – the stronger the authentication process. Also, this along with the larger the file being validated determines the time before validation completes.

Warning: Verifying the checksum against the website only checks that it wasn’t corrupted during the download. It doesn’t guarantee the file isn’t malicious. If the website is hacked, the checksum could also be modified to that of the malicious file. If you believe you may have malicious content on your server, please request a free server scan and review our hack recovery guide.

Verify Checksum with SSH

1. Upload the file(s) into the correct directory.
2. SSH into the cPanel account using the correct steps for your hosting plan – Shared or VPS/Dedicated.
3. Type the preferred checksum command and the path to the file –
   e.g. md5sum file.jpg or sha1sum public_html/file.png.
   For example, here’s the md5sum and sha1sum output for the downloaded WordPress 4.9.8:
   
4. Check that the checksum(s) match the original file. Both checksums above match the md5 and sha1 checksum respectively from WordPress.org.

If your SSH checksum matches what’s on the official site, congratulations. If not, you may want to try another validation program (e.g. GtkHash) or method of downloading the original file such as from a reputable location.