setup a new VPS
This commit is contained in:
Kulvir Singh
85
setup-vps.md
Normal file
85
setup-vps.md
Normal file
@@ -0,0 +1,85 @@
|
||||
# First steps on a new VPS
|
||||
|
||||
1. SSH into your server
|
||||
```bash
|
||||
ssh root@192.168.1.1
|
||||
```
|
||||
|
||||
2. Update packages
|
||||
```bash
|
||||
apt update && apt upgrade
|
||||
```
|
||||
`apt update` will fetch the changes from package repository but wouldn't update them. `apt upgrade` will actually update the packages.
|
||||
|
||||
3. Change the root password from the password provided in the dashboard of VPS.
|
||||
```bash
|
||||
passwd
|
||||
```
|
||||
|
||||
4. Create non root user. Always follow least priviliged permissions principle.
|
||||
```bash
|
||||
adduser <name>
|
||||
```
|
||||
It will ask few questions answer them and it will create a new user.
|
||||
|
||||
5. `adduser` created a normal user without elevated permissions. This user cannot perform priviliged operations.
|
||||
We can add them to **super user (sudo)** group so that it can perform priviliged operations using `sudo`.
|
||||
```bash
|
||||
usermod -aG sudo <name>
|
||||
```
|
||||
6. Logout from root user and ssh again to newly created user. You should never login to root user (wise ppl said so).
|
||||
```bash
|
||||
ssh <name>@192.168.1.1
|
||||
```
|
||||
|
||||
# Secure the VPS
|
||||
|
||||
## Get a domain for the VPS
|
||||
|
||||
Get a Domain from wherever and set `A Record` to the server's IP address. It might take some time to update the A record for you Domain.
|
||||
Now you can directly access VPS using domain name and don't have to remember IP address.
|
||||
You can test if `A Record` has been updated for your domain or not using the following command.
|
||||
```bash
|
||||
dig domain-name.com A
|
||||
```
|
||||
|
||||
## Setup SSH keys
|
||||
|
||||
Generate SSH key pair to login to VPS.
|
||||
```bash
|
||||
ssh-keygen -t ed25519
|
||||
```
|
||||
After generating keys, copy the `public` key to VPS and add it to `~/.ssh/authorized_keys` file.
|
||||
```bash
|
||||
ssh-copy-id -i ~/.ssh/vps_key.pub <user-name>@<domain-name>
|
||||
```
|
||||
Running the above command might prompt you for the password for you account on VPS.
|
||||
This command will automatically setup the `public` key inside `authorized_keys` file of the specified user.
|
||||
Password-less authentication is setup.
|
||||
|
||||
## Disable password authentication
|
||||
|
||||
Set the following items in your ssh config located usually at `/etc/ssh/sshd_config` to make it more secure.
|
||||
```text
|
||||
PermitRootLogin no # Disable login to Root account
|
||||
|
||||
PubKeyAuthentication yes # Authentication using public keys
|
||||
|
||||
PasswordAuthentication no # Disable password authentication to secure from bot attacks
|
||||
```
|
||||
Your VPS might contain a file named `/etc/ssh/sshd_config.d/50-cloudimg-settings.conf` where `PasswordAuthentication` is set to yes. Either delete that file or just set it to no.
|
||||
|
||||
After all these changes restart the `ssh daemon`
|
||||
```bash
|
||||
sudo service ssh restart
|
||||
```
|
||||
|
||||
## Firewall
|
||||
|
||||
Setup firewall rules from the dashboard of your VPS or you can use **uncomplicated firewall (ufw)** and setup `Inbound` rule to only following ports:
|
||||
```text
|
||||
SSH: 22
|
||||
HTTP: 80
|
||||
HTTPS: 443
|
||||
```
|
||||
**Do not expose any port other than the above unless needed.**
|
||||
Reference in New Issue
Block a user