15 May 2018
Whenever you have a remote server, there are a few configuration steps that you should take early on as part of the basic setup. This will increase the security and usability of your server and will give you a solid foundation for subsequent actions. You should do (at-least) listed things here to get ready for any application you install.
Update your server
This should be done on daily basis. Updating computer is very important as it push security updates, newer version of software on your server. apt operation must be run as root or sudo.
apt update && apt upgrade -y && apt dist-upgrade -yThis may takes some time. You can have a cup of coffee and let it run the update.
Creating new user
Create your new user by issuing the command below:
adduser userN4me --force-badnameYou can add your 'username' in form of 'l337sp34k' with the option --force-badname
Sudo Privileges
Give your new user sudo privileges!
usermod -a -G sudo userN4me-a : Will append the user with a new group sudo
-G group : Add the user to group sudo
Change to new user:
su userN4mePublic key authentication
Make ssh directory in new user account.
mkdir ~/.ssh
chmod 700 ~/.sshGenerate ssh-keygen in local computer if you don't have ssh keys.
ssh-keygenAssume your local PC username is localuser
ssh-keygen output
Generating public/private rsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_rsa):
Press enter to accept the default path (or enter your new path).
Next you'll be prompted to enter a key-passphrase leave it empty. Or if you put a passphrase, you'll be prompted everytime you want to connect ssh.
Note: If you leave the passphrase blank, you will be able to use the private key for authentication without entering a passphrase. If you enter a passphrase, you will need both the private key and the passphrase to log in. Securing your keys with passphrases is more secure, but both methods have their uses and are more secure than basic password authentication.
This will generate id_rsa and id_rsa.pub in ~/.ssh directory. You will need to copy id_rsa.pub to remote server in ~/.ssh/authorized_keys
Go copy the key somewhere:
cat ~/.ssh/id_rsa.pubIn your remote server, make sure you're in the new user account. Paste the key inside ~/.ssh/authorized_keys.
nano ~/.ssh/authorized_keysRestart ssh service
sudo service sshd restartThis is your first time entering 'sudo' command for the new user. It will prompt you to use 'sudo' wisely.
Disable SSH password authentication
This will disable password authentication when ssh-ing to your remote server. This will use public key that we generate above. This method is more secure.
sudo nano /etc/sshd/sshd_configUncomment below and set to 'no':
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
Find somewhere below:
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
Permit root login to no to make sure root user cannot login through ssh. Enable public key authentication to yes so that you can login to ssh passwordless and using the key that we set up earlier.
Set up firewall
I suggest to use 'ufw' as firewall. It is easy compare to iptables. However, you can still use the iptables command without conflict with ufw. But again, I suggest you to use ufw. What ever iptables commands you ufw can do. Ufw is a simpler form of iptables.
Install ufw firewall.
sudo apt install ufwEnable ufw firewall on system startup.
sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startupAllow ssh in ufw. View available applications:
sudo ufw app list
Available applications:
OpenSSH
sudo ufw allow OpenSSHReload firewall.
sudo ufw reloadSet date and timezone
Select your timezone. This will automatically update your server date and time based on choosen timezone.
# view your current date
date
Wed April 2 19:20:19 +08 2018
sudo dpkg-reconfigure tzdata
date
Thu May 3 06:00:19 +08 2018'%3E%3Cg id='Group'%3E%3Cg id='Combined Shape'%3E%3Cuse xlink:href='%23path0_fill' transform='translate(5201.49 697.468)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Logo'%3E%3Cg id='Fill 1'%3E%3Cuse xlink:href='%23path1_fill' transform='translate(5188.19 700.863)' fill='%23FF9100'/%3E%3C/g%3E%3Cg id='Fill 2'%3E%3Cuse xlink:href='%23path2_fill' transform='translate(5188.19 700.863)' fill='%23FFDD00'/%3E%3C/g%3E%3Cg id='Fill 3'%3E%3Cuse xlink:href='%23path3_fill' transform='translate(5186.75 699.413)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Stroke 4'%3E%3Cuse xlink:href='%23path4_stroke' transform='translate(5186.75 699.413)'/%3E%3C/g%3E%3Cg id='Fill 6'%3E%3Cuse xlink:href='%23path5_fill' transform='translate(5188.24 697.056)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Group 11'%3E%3Cg id='Stroke 7'%3E%3Cuse xlink:href='%23path6_stroke' transform='translate(5188.24 697.056)' fill='%23050505'/%3E%3C/g%3E%3Cg id='Stroke 9'%3E%3Cuse xlink:href='%23path7_stroke' transform='translate(5187.29 700.863)'/%3E%3C/g%3E%3C/g%3E%3Cg id='Fill 12'%3E%3Cuse xlink:href='%23path8_fill' transform='translate(5187.07 705.304)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Stroke 13'%3E%3Cuse xlink:href='%23path9_stroke' transform='translate(5187.07 705.304)'/%3E%3C/g%3E%3C/g%3E%3Cg id='Oval' opacity='0.2'%3E%3Cmask id='mask0_outline_ins'%3E%3Cuse xlink:href='%23path10_fill' fill='white' transform='translate(5180.65 701.166)'/%3E%3C/mask%3E%3Cg mask='url(%23mask0_outline_ins)'%3E%3Cuse xlink:href='%23path11_stroke_2x' transform='translate(5180.65 701.166)' fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3Cg id='Oval' opacity='0.2'%3E%3Cuse xlink:href='%23path12_fill' transform='translate(5200.84 707.692)' fill='%23FFFFFF'/%3E%3C/g%3E%3Cg id='Oval'%3E%3Cuse xlink:href='%23path12_fill' transform='translate(5184.56 712.696)' fill='%23FFFFFF'/%3E%3C/g%3E%3C/g%3E%3C/g%3E%3Cdefs%3E%3Cpath id='path0_fill' fill-rule='evenodd' d='M 1.11914 0.172241C 1.02246 0.272827 0.962891 0.409363 0.962891 0.559753L 0.962891 0.962952L 0.55957 0.962952C 0.250488 0.962952 0 1.21356 0 1.52277C 0 1.83191 0.250488 2.08252 0.55957 2.08252L 0.962891 2.08252L 0.962891 2.48566C 0.962891 2.7948 1.21338 3.04547 1.52246 3.04547C 1.83203 3.04547 2.08252 2.7948 2.08252 2.48566L 2.08252 2.08252L 2.48584 2.08252C 2.79492 2.08252 3.04541 1.83191 3.04541 1.52277C 3.04541 1.21356 2.79492 0.962952 2.48584 0.962952L 2.08252 0.962952L 2.08252 0.559753C 2.08252 0.25061 1.83203 0 1.52246 0C 1.36377 0 1.2207 0.06604 1.11914 0.172241Z'/%3E%3Cpath id='path1_fill' fill-rule='evenodd' d='M 5.02978 0.0305451L 0 0L 2.46998 15.7258L 3.00889 15.7258L 7.94885 15.7258L 8.48776 15.7258L 10.9577 0L 5.02978 0.0305451Z'/%3E%3Cpath id='path2_fill' fill-rule='evenodd' d='M 5.02978 0.0305451L 0 0L 2.46998 15.7258L 3.00889 15.7258L 6.69141 15.7258L 7.23031 15.7258L 9.7003 0L 5.02978 0.0305451Z'/%3E%3Cpath id='path3_fill' fill-rule='evenodd' d='M 0 1.45021L 12.9786 1.45021L 12.9786 0L 0 0L 0 1.45021Z'/%3E%3Cpath id='path4_stroke' d='M 0 1.45021L -0.440282 1.45021L -0.440282 1.8905L 0 1.8905L 0 1.45021ZM 12.9786 1.45021L 12.9786 1.8905L 13.4189 1.8905L 13.4189 1.45021L 12.9786 1.45021ZM 12.9786 0L 13.4189 0L 13.4189 -0.440282L 12.9786 -0.440282L 12.9786 0ZM 0 0L 0 -0.440282L -0.440282 -0.440282L -0.440282 0L 0 0ZM 0 1.8905L 12.9786 1.8905L 12.9786 1.00993L 0 1.00993L 0 1.8905ZM 13.4189 1.45021L 13.4189 0L 12.5384 0L 12.5384 1.45021L 13.4189 1.45021ZM 12.9786 -0.440282L 0 -0.440282L 0 0.440282L 12.9786 0.440282L 12.9786 -0.440282ZM -0.440282 0L -0.440282 1.45021L 0.440282 1.45021L 0.440282 0L -0.440282 0Z'/%3E%3Cpath id='path5_fill' fill-rule='evenodd' d='M 8.98176 0L 5.88305 0L 4.04179 0L 0.943084 0L 0 2.17532L 4.04179 2.17532L 5.88305 2.17532L 9.92484 2.17532L 8.98176 0Z'/%3E%3Cpath id='path6_stroke' d='M 8.98176 0L 9.38571 -0.175129L 9.27076 -0.440282L 8.98176 -0.440282L 8.98176 0ZM 0.943084 0L 0.943084 -0.440282L 0.654085 -0.440282L 0.539131 -0.175129L 0.943084 0ZM 0 2.17532L -0.403953 2.00019L -0.670758 2.6156L 0 2.6156L 0 2.17532ZM 9.92484 2.17532L 9.92484 2.6156L 10.5956 2.6156L 10.3288 2.00019L 9.92484 2.17532ZM 8.98176 -0.440282L 5.88305 -0.440282L 5.88305 0.440282L 8.98176 0.440282L 8.98176 -0.440282ZM 5.88305 -0.440282L 4.04179 -0.440282L 4.04179 0.440282L 5.88305 0.440282L 5.88305 -0.440282ZM 4.04179 -0.440282L 0.943084 -0.440282L 0.943084 0.440282L 4.04179 0.440282L 4.04179 -0.440282ZM 0.539131 -0.175129L -0.403953 2.00019L 0.403953 2.35045L 1.34704 0.175129L 0.539131 -0.175129ZM 0 2.6156L 4.04179 2.6156L 4.04179 1.73504L 0 1.73504L 0 2.6156ZM 4.04179 2.6156L 5.88305 2.6156L 5.88305 1.73504L 4.04179 1.73504L 4.04179 2.6156ZM 5.88305 2.6156L 9.92484 2.6156L 9.92484 1.73504L 5.88305 1.73504L 5.88305 2.6156ZM 10.3288 2.00019L 9.38571 -0.175129L 8.5778 0.175129L 9.52089 2.35045L 10.3288 2.00019Z'/%3E%3Cpath id='path7_stroke' d='M 5.92796 0.0305451L 5.92569 0.470845L 5.93023 0.470821L 5.92796 0.0305451ZM 0 0L 0.00226862 -0.440276L -0.515251 -0.442943L -0.43495 0.0683159L 0 0ZM 2.46998 15.7258L 2.03503 15.7941L 2.09346 16.166L 2.46998 16.166L 2.46998 15.7258ZM 9.38594 15.7258L 9.38594 16.166L 9.76246 16.166L 9.82089 15.7941L 9.38594 15.7258ZM 11.8559 0L 12.2909 0.0683159L 12.3712 -0.442943L 11.8537 -0.440276L 11.8559 0ZM 5.93023 -0.409731L 0.00226862 -0.440276L -0.00226862 0.440276L 5.92569 0.470821L 5.93023 -0.409731ZM -0.43495 0.0683159L 2.03503 15.7941L 2.90493 15.6574L 0.43495 -0.0683159L -0.43495 0.0683159ZM 2.46998 16.166L 3.00889 16.166L 3.00889 15.2855L 2.46998 15.2855L 2.46998 16.166ZM 3.00889 16.166L 8.84703 16.166L 8.84703 15.2855L 3.00889 15.2855L 3.00889 16.166ZM 8.84703 16.166L 9.38594 16.166L 9.38594 15.2855L 8.84703 15.2855L 8.84703 16.166ZM 9.82089 15.7941L 12.2909 0.0683159L 11.421 -0.0683159L 8.95099 15.6574L 9.82089 15.7941ZM 11.8537 -0.440276L 5.92569 -0.409731L 5.93023 0.470821L 11.8582 0.440276L 11.8537 -0.440276Z'/%3E%3Cpath id='path8_fill' fill-rule='evenodd' d='M 12.2601 0L 6.34287 0L 5.91723 0L 0 0L 1.10682 6.25405L 6.13005 6.19953L 11.1533 6.25405L 12.2601 0Z'/%3E%3Cpath id='path9_stroke' d='M 12.2601 0L 12.6936 0.0767275L 12.7851 -0.440282L 12.2601 -0.440282L 12.2601 0ZM 0 0L 0 -0.440282L -0.525044 -0.440282L -0.433545 0.0767275L 0 0ZM 1.10682 6.25405L 0.673277 6.33077L 0.73833 6.69835L 1.1116 6.6943L 1.10682 6.25405ZM 6.13005 6.19953L 6.13483 5.75917L 6.12527 5.75927L 6.13005 6.19953ZM 11.1533 6.25405L 11.1485 6.6943L 11.5218 6.69835L 11.5868 6.33077L 11.1533 6.25405ZM 12.2601 -0.440282L 6.34287 -0.440282L 6.34287 0.440282L 12.2601 0.440282L 12.2601 -0.440282ZM 6.34287 -0.440282L 5.91723 -0.440282L 5.91723 0.440282L 6.34287 0.440282L 6.34287 -0.440282ZM 5.91723 -0.440282L 0 -0.440282L 0 0.440282L 5.91723 0.440282L 5.91723 -0.440282ZM -0.433545 0.0767275L 0.673277 6.33077L 1.54037 6.17732L 0.433545 -0.0767275L -0.433545 0.0767275ZM 1.1116 6.6943L 6.13483 6.63978L 6.12527 5.75927L 1.10204 5.81379L 1.1116 6.6943ZM 6.12527 6.63978L 11.1485 6.6943L 11.1581 5.81379L 6.13483 5.75927L 6.12527 6.63978ZM 11.5868 6.33077L 12.6936 0.0767275L 11.8266 -0.0767275L 10.7197 6.17732L 11.5868 6.33077Z'/%3E%3Cpath id='path10_fill' fill-rule='evenodd' d='M 1.845 3.69804C 2.86397 3.69804 3.69001 2.87021 3.69001 1.84902C 3.69001 0.827835 2.86397 0 1.845 0C 0.826036 0 0 0.827835 0 1.84902C 0 2.87021 0.826036 3.69804 1.845 3.69804Z'/%3E%3Cpath id='path11_stroke_2x' d='M 1.845 5.11673C 3.6504 5.11673 5.10869 3.65082 5.10869 1.84902L 2.27132 1.84902C 2.27132 2.0896 2.07754 2.27936 1.845 2.27936L 1.845 5.11673ZM 5.10869 1.84902C 5.10869 0.0472286 3.6504 -1.41869 1.845 -1.41869L 1.845 1.41869C 2.07754 1.41869 2.27132 1.60844 2.27132 1.84902L 5.10869 1.84902ZM 1.845 -1.41869C 0.0396073 -1.41869 -1.41869 0.0472286 -1.41869 1.84902L 1.41869 1.84902C 1.41869 1.60844 1.61246 1.41869 1.845 1.41869L 1.845 -1.41869ZM -1.41869 1.84902C -1.41869 3.65082 0.0396073 5.11673 1.845 5.11673L 1.845 2.27936C 1.61246 2.27936 1.41869 2.0896 1.41869 1.84902L -1.41869 1.84902Z'/%3E%3Cpath id='path12_fill' fill-rule='evenodd' d='M 0.868237 1.74026C 1.34775 1.74026 1.73647 1.35069 1.73647 0.870128C 1.73647 0.38957 1.34775 0 0.868237 0C 0.388723 0 0 0.38957 0 0.870128C 0 1.35069 0.388723 1.74026 0.868237 1.74026Z'/%3E%3C/defs%3E%3C/svg%3E%0A)