Page 1 of 1

Setting up a new Ubuntu server - Part 1 Rate Topic: -----

#1 Wolke  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 2
  • View blog
  • Posts: 65
  • Joined: 23-January 15

Posted 07 March 2015 - 04:25 PM

With the advent of VPS (virtual private server), many people are taking advantage of the low cost of entry and experimenting by spinning up their own servers. Whilst more and more people are hosting their own servers rather than with a hosting company - it should be remembered that the initial setup is vitally important. Here I will detail some good starting points to get you off on the right foot.

One of the first things that should be addressed is the issue of adding another user apart from Root. Using the root user is generally considered a bad idea as this user has escalated privileges and mistakes may be made, sometimes inadvertently. To overcome this we will add a new user with which we will use to log into our server from now on.

Login to server as root over SSH:

ssh [email protected]


Once we have logged in to the server we now want to issue a command to add a new user - with a name of your choice:

adduser newuser


Your server will ask you a couple of questions(can be left empty by hitting enter) and to enter a password - choose, as always a strong password with a mix of upper/lower case alphanumeric characters and special characters.

Now, although we don't want to use the root user anymore, we do want the new user to have access to root privileges so that we do not have to log out and in again as root every time we need such privileges. We achieve this by adding our new user to the group called "sudo" - which allows users to use the sudo command in order to get root privileges:

gpasswd -a newuser sudo


Now our newuser will be able to prepend sudo to their commands in order to run them as root.

Next we will look at adding a layer of security to our SSH key connections by adding public key authentication.

Firstly, we need to generate a key pair (public and private).
On the command line of your local machine (your computer) type:

ssh-keygen


You will see an output similar to:

Generating public/private rsa key pair.
Enter file in which to save the key (/Users/localuser/.ssh/id_rsa):


You may press enter to accept this file path or, alternatively, enter your own .
Now you will be asked to secure your key with a passphrase of your choosing - go ahead and enter as directed and confirm.
NOTE: You may leave the above passphrase empty, although entering one provides an extra layer of security, as you will need to enter it along with the private key to login in future.

Now we need to copy the public key, which was generated earlier.
Again, on your local machine's command line type:

cat ~/.ssh/id_rsa.pub


This will print the key to the screen - highlight the whole key and copy it.

Now, switch back to your server SSH connection and type:

su - newuser


We will then create a directory and set its permissions:

mkdir .ssh


then:
 chmod 700 .ssh


We will now create a file with the text editor nano, called - authorized_keys:

nano .ssh/authorized_keys


Paste your previously copied key into this file. To save and exit in nano editor, hit CTRL-X, then Y to save, then hit enter to confirm file name.
Then restrict permissions with:

chmod 600 .ssh/authorized_keys


Then, type:

exit


Now your are all set up to login as your new user with key authentication.

To set up a little further we will open the SSH configuration at:

nano /etc/ssh/sshd_config


Look for the following lines and change as the comments below:

port 22 //change this to any other VALID port number, as it will help deter some automated attacks on the standard port

PermitRootLogin yes //change this to PemitRootLogin no in order to disable the ability to login directly as root



Once again, hit CTRL-X, then Y to save, then hit enter to confirm file name.

Now we need to restart the SSH server:

service ssh restart


NOTE: it is strongly advised that you check that you are able to login with new settings before logging out of your current session:

ssh -p 4444 [email protected] // here you should change 4444 to what ever port you set earlier


If you followed along OK, then you should have no problems, and once logged in as your new user you may run commands with root privileges (if needed) by typing:

sudo command_here


---

Happy hunting !
Dave

Is This A Good Question/Topic? 0
  • +

Page 1 of 1