Upload
muhammad-arafat-azam
View
129
Download
7
Embed Size (px)
Citation preview
Initial VPS SetupMuhammad Arafat Azam
Topics I will coverCreating a VPS (droplet) on Digitalocean.
Creating a new user with root privileges.
Setting up ssh.
Setting up a basic firewall.
PrerequisiteAccess to an ubuntu 16.04 VPS.
OpenSSH for Linux of Mac.
An ssh client for windows (PuTTY / gitbash)
Installing ssh clientDownload and install latest version of git from here:
https://git-for-windows.github.io/
Create a VPSOn digitalocean, VPS is called droplet.
Digital ocean’s interface is clean and beginner friendly.
To get 10$ beginner credit sign up with this referral link:https://m.do.co/c/0dc352a7f06c
Log into the Droplet with rootBy this time digitalocean has emailed the login credential.
Open a terminal and log in with this command and enter the emailed password: ssh root@your_server_ip
We will be prompted to change the password.
Create a New userroot is the administrateive user. It has privileges to cause destructive
changes to our server.
We will create a new user with the following command:adduser azam
Give it a ‘superuser’ or administrative privileges:usermod -aG sudo azam
Generate an SSH keySSH is a network protocol which is used to establish secure
connection to remote machine over the internet and run commands.
To generate an ssh key open a local terminal (ie: another git bash) and enter this command: ssh-keygen
Print the public key with the following command: cat ~/.ssh/id_rsa.pub
Select and copy.
Copy the public key in the DropletOn the remote terminal we will temporarily switch to the new user:
su - azam
Create an .ssh directory and restrict permission: mkdir ~/.ssh chmod 700 ~/.ssh
Open a file in .ssh named authorized_keys: nano ~/.ssh/authorized_keys
Now paste the copied public key, hit ctrl+x and press y.
Restrict the permission of the authorized_keys: chmod 600 ~/.ssh/authorized_keys
Switch back to root user: exit
Disable Password AuthenticationAs a root user open the ssh daemon configuration:
sudo nano /etc/ssh/sshd_config
Find the line that has PasswordAuthentication and change its value to no: PasswordAuthentication no
To save hit ctrl+x and press y.
Enter this to reload the ssh daemon: sudo service sshd reload
Test LoginDo not exit the first remote terminal until we are certain that
everything is working fine.
Open a new terminal and log into the droplet with the new credential: ssh azam@your_server_ip
If you need root privileges just type sudo before the command: sudo some_command
Set Up Basic FirewallOn ubuntu 16.04 server we can use UFW - uncomplicated firewall.
Applications can register their profile with UFW.
To see the available application profiles: sudo ufw app list
To allow SSH connection run: sudo ufw allow OpenSSH
Enable the firewall by typing: sudo ufw enable
Check ssh connection are allowed: sudo ufw status