To Do List After Launching a New Linux/Unix Like Server for Development

Standard

Commands, tricks & cautions that will be used here have been tested only on a Ubuntu 12.04 VPS. Though, most of the commands should work in other Unix like system without any change.
In this lesson we will see how should a newly launched/opened server be configured for basic security & proper accessibility. Usually you get an IP address & a root password for logging in as root, as soon as you open a new cloud/vps server from rackspace/digitalocean or some others like these.

1. Connecting to the remote system through/using SSH:
SSH(Secure Shell) is a protocol used to securely loggin in to a remote system & also ssh is the tool used in Linux that connect to the remote server over the SSH protocol.

ssh root@123.45.67.890

The terminal will show a message and will prompt

....
Are you sure you want to continue connecting (yes/no)?

Type yes & press enter & then in next prompt enter your root password that was provided by that server provider while opening a VPS. So, now we are logged in to the remote system as root user.

2. Change your root user’s password:
You used the root password that was generated & provided by the server provider & the first thing is to change this password. Enter the following command on the terminal.

passwd

It will first ask the current root password & after entering the current password it will ask your desired new password twice for confirmation.

3. Create a new user:
Currently we are logged in as root & changed the password of it. It is not encouraged to use root on a VPS frequently. So, we will now create a new user named “nuhil” and will give all root like permissions/privileges to the new user. Type the following command on terminal & press enter.

adduser nuhil

This will first ask for password for this new user & then it will ask for several informations about this new user. After entering the password (twice) you can skip all other next prompt/questions just by pressing Enter key.

4. Give root privileges to the new user nuhil:
Normally & so far root has all of the administrative capabilities. Note that if the new user wants to perform any root task then the user must use the “sudo” keyword before the command to be executed. Let’s edit the sudo configuration. Type the following & press enter,

visudo

Find the commented line called “User privilege specification”. Under that line there should be,

root ALL=(ALL:ALL) ALL

Under this line add the following line,

nuhil ALL=(ALL:ALL) ALL

Press ctrl+x & then y to save the changed file.

5. Little bit security:
We can configure the SSH by editing the following file like,

nano /etc/ssh/sshd_config

Find out the following line

Port 22

Change this to something like,

Port 3456

You can change this to any number between 1025 and 65536. This change will make it more difficult for unauthorized people to log in. (Important: Make sure this port is enabled/added/authorized to be opened in your server provider’s end if they force you to use a security group along with some rules for example while working with Amazon EC2 instance.) Now, change the following line,

PermitRootLogin yes

to,

PermitRootLogin no

Add the following two lines at the bottom of the file,

UseDNS no
AllowUsers nuhil

AllowUsers will limit login to only the users on that line. Save the file & exit. Lets reload the SSH server,

reload ssh

Now try login to the same server by opening a new terminal window (so that if the new config causes any un-expected issue then we can still change config from within the previously opened terminal’s ssh session) & by typing the following command,

ssh -p 3456 nuhil@123.45.67.890

Give the password of user “nuhil” when asked & you are logged in! Now to logout; type,

exit

Optional. Turning off password authentication & logging in just using key:
Key-based authentication works by creating a pair of keys; a private key and a public key. The private key is located on the client machine and is secured and kept secret. The public key can be given to anyone or placed on any server you wish to access.

Check whether you have already these keys. Go to “.ssh” folder & check out by typing,

cd ~/.ssh
ls -l

If there are id_rsa & id_rsa.pub files then go to “Copy” step otherwise, to create these keys type the following command in your terminal (In you local machine’s environment),

ssh-keygen -t rsa

Now Copy the public key to the remote server by this command,

scp -P 3456 ~/.ssh/id_rsa.pub nuhil@123.45.67.890:/home/nuhil/

It will ask for the server authentication password & then it will copy your public key to nuhil’s home.
Now log in to your Cloud Server, create a directory called “.ssh” in the nuhil folder and move the pub key into it.

ssh -p 3456 nuhil@123.45.67.890
mkdir /home/nuhil/.ssh
mv /home/nuhil/id_rsa.pub /home/nuhil/.ssh/authorized_keys

Change the permissions properly,

chown -R nuhil:nuhil /home/nuhil/.ssh
chmod 700 /home/nuhil/.ssh
chmod 600 /home/nuhil/.ssh/authorized_keys

On past we did set “Permit RootLogin” to “no” & now we will also disable “Password Authentication”. Edit the config file by typing,

sudo nano /etc/ssh/sshd_config

Edit/Uncomment/Update the PasswordAuthentication value like following,

PasswordAuthentication no

Again reload the ssh server by,

sudo reload ssh

Finally Lets logout,

exit

Now again type the following in your terminal,

ssh -p 3456 nuhil@123.45.67.890

& it will allow you to log in without asking the password of user nuhil.

Advertisements

One thought on “To Do List After Launching a New Linux/Unix Like Server for Development

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s