tips

komovo · website-7c8b549745-qfbjf

sections

ssh permissions & setup package manager mirrors installing custom fonts environment variables file permissions

ssh permissions & setup

SSH is strict about file permissions — wrong ones and it refuses to work. These are the rules:

text~/.ssh/                 directory  700 (drwx------)
~/.ssh/authorized_keys  file       600 (-rw-------)
~/.ssh/id_ed25519       file       600 (-rw-------)   private key
~/.ssh/id_ed25519.pub   file       644 (-rw-r--r--)   public key
~/.ssh/config           file       600 (-rw-------)
~/.ssh/known_hosts      file       644 (-rw-r--r--)

Fix all at once:

bashchmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys ~/.ssh/id_ed25519 ~/.ssh/config
chmod 644 ~/.ssh/id_ed25519.pub ~/.ssh/known_hosts

Generating a key pair (use Ed25519 — faster and more secure than RSA):

bashssh-keygen -t ed25519 -a 100 -C "your@email.com"

Copy your public key to a remote host:

bashssh-copy-id user@remote-host

# or manually:
cat ~/.ssh/id_ed25519.pub | ssh user@remote-host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

SSH config example (~/.ssh/config):

textHost homelab
    HostName abyss.local
    User komo
    Port 22
    IdentityFile ~/.ssh/id_ed25519

Host github.com
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_ed25519

Common issues:

Permissions 0644 for 'id_ed25519' are too open — private keys must be 600
Authentication refused: bad ownership or modes — your home directory shouldn't be writable by group/others (chmod 755 ~ or 750 ~)
If ssh-copy-id prompts for password every time, check that PubkeyAuthentication yes is in /etc/ssh/sshd_config on the server

package manager mirrors

Arch Linux (pacman)

Mirrors are listed in /etc/pacman.d/mirrorlist in order of preference. Pacman tries the first one, then falls down the list.

Auto-generate with reflector:

bash# install reflector
sudo pacman -S reflector

# rank the 10 fastest HTTPS mirrors in the US, save to mirrorlist
sudo reflector --country US --latest 10 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

# rank by country and speed
sudo reflector --country "US,DE,GB" --latest 15 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

After changing mirrors, always sync:

bashsudo pacman -Syu

Enable multilib (for 32-bit packages like Steam, Wine):

bashsudo sed -i '/^#\[multilib\]/,/^#Include/s/^#//' /etc/pacman.conf
sudo pacman -Syu

Ubuntu / Debian (apt)

bash# edit sources list
sudo vim /etc/apt/sources.list

# or use sed to replace the mirror
sudo sed -i 's|http://archive.ubuntu.com|http://us.archive.ubuntu.com|g' /etc/apt/sources.list

# always update after changing mirrors
sudo apt update

installing custom fonts

Per-user (no root needed):

bashmkdir -p ~/.local/share/fonts
cp ~/Downloads/MyFont.ttf ~/.local/share/fonts/
fc-cache -fv        # rebuild font cache
fc-list | grep MyFont  # verify

System-wide:

bashsudo mkdir -p /usr/share/fonts/custom
sudo cp ~/Downloads/MyFont.ttf /usr/share/fonts/custom/
sudo fc-cache -fv

From package repos:

bash# search for available font packages
pacman -Ss ttf-
pacman -Ss otf-

# popular fonts (adjust package names for your distro)
sudo pacman -S ttf-jetbrains-mono ttf-fira-code noto-fonts noto-fonts-cjk

List installed fonts:

bashfc-list
fc-list : family

Common font paths:

~/.local/share/fonts/ — user fonts
/usr/share/fonts/ — system fonts
/usr/local/share/fonts/ — locally installed system fonts
~/.fonts/ — deprecated but still checked

environment variables

Where to set them:

file	when loaded	scope
`~/.bashrc`	interactive shell	user, interactive shells
`~/.bash_profile`	login shell	user, login shells
`~/.profile`	login shell (if no `.bash_profile`)	user, login shells
`/etc/environment`	system boot	all users, system-wide
`/etc/profile`	login shell	all users, login shells

Common variables:

bash# set a variable
export EDITOR=nvim
export PAGER=less
export BROWSER=firefox
export PATH="$HOME/.local/bin:$PATH"

Viewing variables:

bash# all environment variables
env
printenv

# specific variable
echo "$PATH"
printenv PATH

# available shell variables (including non-exported)
set

PATH manipulation patterns:

bash# prepend (highest priority)
export PATH="$HOME/.local/bin:$PATH"

# append (lowest priority)
export PATH="$PATH:$HOME/.local/bin"

# remove duplicate entries
export PATH=$(echo "$PATH" | tr ':' '\\n' | awk '!seen[$0]++' | tr '\\n' ':' | sed 's/:$//')

file permissions

Numeric mode (most common):

mode	numeric	meaning
`-rwx------`	700	owner only
`-rwxr-xr-x`	755	owner all, everyone else read/execute
`-rw-r--r--`	644	owner write, everyone read
`-rw-------`	600	owner only (private)

bash# numeric
chmod 755 script.sh
chmod 644 file.txt
chmod 700 ~/.ssh

# symbolic
chmod u+x script.sh       # add execute for user
chmod g-w file.txt         # remove write for group
chmod o+r file.txt         # add read for others
chmod a+x script.sh        # add execute for all
chmod -R g+rwX directory/  # recursive, add group rw (X = execute only for dirs)

# change owner
chown user:group file.txt
chown -R user:group directory/

umask — sets default permissions for new files:

bashumask            # show current (e.g. 0022)
umask 0022       # files: 644, dirs: 755 (default)
umask 0077       # files: 600, dirs: 700 (restrictive)

# common umask values:
#   0022  — 755/644  (typical default)
#   0027  — 750/640  (group read-only)
#   0077  — 700/600  (private)

Special bits:

bash# SUID — run as file owner
chmod u+s /usr/bin/program   # (setuid, numeric 4xxx)

# SGID — run as group, or new files inherit group
chmod g+s directory/          # (setgid, numeric 2xxx)

# Sticky bit — only owner can delete their files
chmod +t /tmp                 # (sticky, numeric 1xxx)
# /tmp is typically drwxrwxrwt  (1777)

Reading ls -l output:

text-rw-r--r-- 1 user group 1024 May 18 12:00 file.txt
^ ^ ^ ^
| | | +-- permissions for others (r--)
| | +---- permissions for group (r--)
| +------ permissions for owner (rw-)
+-------- file type (- = file, d = dir, l = symlink)