This tutorial is a brief description of the standard procedure that I follow each time I have to set up a new (Ubuntu) VPS server.
Change Root Password
This is a no-brainer. Change the
root password from the default supplied by your hosting company:
Enter new UNIX password: Retype new UNIX password:
One thing every server admin finds out sooner or later is that their server gets 100s of failed login/break-in attempts each day. Just have a look at
/var/log/auth.log and you'll see what I'm talking about. Unfortunately, this is quite normal in today's internet.
Most of these attacks originate from botnets, trying to SSH on every single IP address that belongs to your hosting company, using dictionary attacks on well-known accounts (e.g. root). The simplest action you can take for peace of mind, is to disable SSH login as root, and assign that role to another user with a non-trivial username.
- Create a new user:
$ adduser NEW_USER
- Edit your SSH configuration:
$ nano /etc/ssh/sshd_config
Insert or modify:
PermitRootLogin no AllowUsers NEW_USER MaxStartups 3:50:10 LoginGraceTime 30
- Restart SSH:
$ service ssh restart
Before closing your SSH session, open another terminal window, and try to login as the new user you have just created. If everything works as expected, you can close the previous SSH session.
Install GNU Screen
Each time your SSH connection gets terminated (e.g. timeout, error), all running processes will typically terminate as well. This can leave your server in an undefined state, depending on what you were doing before disconnecting. That's why, when opening a SSH connection to a remote server, it's always good practise to work on a Screen session. Screen provides a virtual terminal, that continues to run, even if your SSH connection gets terminated.
- Install Screen:
$ apt-get install screen
- Disable the annoying startup message:
$ nano /etc/screenrc
You can start a new screen session with
screen, and exit the session with
exit. If your SSH connection gets terminated, you can continue what you were doing by simply running
Edit /etc/hostname and /etc/hosts
This step applies only when you want to change the hostname of your VPS server from the default supplied by your hosting provider.
$ nano /etc/hostname
Insert the hostname part of the FQDN (eg. HOSTNAME.DOMAIN.TLD):
/etc/hosts(that's the primitive of DNS with an interesting story):
$ nano /etc/hosts
X.X.X.X HOSTNAME.DOMAIN.TLD HOSTNAME