Your First Steps with Your Brand New VPS Server

This tutorial is a brief description of the standard procedure that I follow each time I have to set up a new (Ubuntu) VPS server.

Change Root Password

This is a no-brainer. Change the root password from the default supplied by your hosting company:

$ passwd
Enter new UNIX password: 
Retype new UNIX password:

Secure SSH

One thing every server admin finds out sooner or later is that their server gets 100s of failed login/break-in attempts each day. Just have a look at /var/log/auth.log and you'll see what I'm talking about. Unfortunately, this is quite normal in today's internet.

Most of these attacks originate from botnets, trying to SSH on every single IP address that belongs to your hosting company, using dictionary attacks on well-known accounts (e.g. root). The simplest action you can take for peace of mind, is to disable SSH login as root, and assign that role to another user with a non-trivial username.

  1. Create a new user:

    $ adduser NEW_USER
    
  2. Edit your SSH configuration:

    $ nano /etc/ssh/sshd_config
    

    Insert or modify:

    PermitRootLogin no
    AllowUsers NEW_USER
    MaxStartups 3:50:10
    LoginGraceTime 30
    
  3. Restart SSH:

    $ service ssh restart
    

Before closing your SSH session, open another terminal window, and try to login as the new user you have just created. If everything works as expected, you can close the previous SSH session.

Install GNU Screen

Each time your SSH connection gets terminated (e.g. timeout, error), all running processes will typically terminate as well. This can leave your server in an undefined state, depending on what you were doing before disconnecting. That's why, when opening a SSH connection to a remote server, it's always good practise to work on a Screen session. Screen provides a virtual terminal, that continues to run, even if your SSH connection gets terminated.

  1. Install Screen:

    $ apt-get install screen
    
  2. Disable annoying startup message:

    $ nano /etc/screenrc
    

    Insert:

    startup_message off
    

You can start a new screen session with screen, and exit the session with exit. If your SSH connection gets terminated, you can continue what you were doing by simply running screen -dr.

Edit /etc/hostname and /etc/hosts

This step applies only when you want to change the hostname of your VPS server from the default supplied by your hosting provider.

  1. Edit /etc/hostname:

    $ nano /etc/hostname
    

    Insert the hostname part of the FQDN (eg. HOSTNAME.DOMAIN.TLD):

    HOSTNAME
    
  2. Edit /etc/hosts (that's the primitive of DNS with an interesting story):

    $ nano /etc/hosts
    

    Insert:

    X.X.X.X HOSTNAME.DOMAIN.TLD HOSTNAME