There are some settings that must be made initially as part of the initial installation process when you create a new server. These steps enhance the security and usability of your server's Usability, giving you a solid foundation for subsequent actions.
Step 1 - Login to Root Account
To access your server, you need to know the public IP address and the root user account password. If you have not accessed your server before, you can see the basics and options of connecting to a remote server using the SSH (Remote Server Connection Program), which covers this process in detail.
Start by connecting to your server with the following command (replace the highlighted word with your public IP address):
ssh root @ SERVER_IP_ADDRESS
Complete the access process by accepting the Host Authenticity warnings if they appear, and provide verification information (password or secret key). You will be prompted to change the root user account password if this is the first time you access the server using the password.
About the root user
The root user is the administrator in Linux systems, and has very wide privileges Privileges. In practice, it is advisable not to use the root account in normal situations. The broad powers it enjoys allow for changes - potentially destructive - to be made in the system. It is not uncommon for this to happen unintentionally.
The next step would be to create an alternate user account with limited impact to do the daily work. You'll also learn how to get more privileges when you need them.
Step 2 - Create a new user
After logging in using the root account, you are ready to add the new account we will use from now on.
The following example creates a user named "demo", replace it with the name of the user you deem appropriate:
adduser demo
You'll be asked some questions, starting with the password.
Enter a strong password. You can fill in the rest of the additional information as you wish. Press the Enter button on the keyboard to override any field you do not want to fill.
Step 3 - Root privileges
We now have a new user account with normal account privileges. Sometimes we'll need to do some administrative work that requires root privileges. We can set up a "super user" to avoid logging out of the normal account and accessing the root account while performing administrative tasks. The top user is a normal user but can temporarily obtain root user privileges by typing sudo in front of the commands that are requested to be executed.
We must add the new user to the Users group sudo in order to gain administrative privileges. - In the default setting of Ubuntu 14.04 - allows users of the sudo group to use the sudo command .
Using the root account, perform the following command to add the new user to the sudo group (replace the highlighted word with the name you chose for the new user):
gpasswd - a demo sudo
The new user can now execute commands with the highest user privileges.
Step 4 - Add Public Key Authentication (recommended)
The next step in securing your server is to set up a public key for the new User Key. This setting will increase the security of your server by requesting a secret SSH key to access.
Generate a pair of keys
You will need to generate a key pair (public key and secret key). If you have a public key that you want to use, skip to the public key copy step.
To generate a new key pair, perform the following command on Terminal Terminal locally (on your PC):
ssh - keygen
You will see output similar to the following (localuser here is the username that executes the command):
Generating public / private rsa key pair . The Enter File In which is To Save The Key ( / the Users / Localuser /. ' Ssh / Id_rsa ):
Press Enter on the keyboard to accept the name and path of saving the file, or enter a path for a new file.
You will then be asked to enter the passphrase password to secure the key. The password is optional and you can override it and leave it blank.
Note : When the password is left blank, the secret key can be used to authenticate without the need to enter a password. If you create a password, you will need both the password and the secret key to enter. Create a secret statement that gives greater security, but both methods (secret key alone or password) have their uses, and are safer than basic authentication by password.
We now have a secret key ( id_rsa ), and another public ( id_rsa.pub ) are found in the ssh folder . Located in the personal folder of the localuser user . Remember that the secret key may never be shared with anyone who is not entitled to contact your servers.
Copy the public key
After generating the public key locally we move it to the server.
Use the following command to show your public key (change the file path if you change the save path during key generation)
cat ~ /. ssh / id_rsa . pub
Your public key, which looks like this:
' ssh - Rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y / I73SppJAhme1dH7W2c47d4gOqB4izP0 + FRLfvbz / TnXFz4iOP / H6eCV05hqUhF + KYRxt9Y8tVMrpDZR2l75o6 + XSbUOMu6xN + UVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX / EP3utr2 + ZAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva + J9CgguyVbUkdzK9KKEuah + PFZvaugtebsU + BllPTB0nlXGIJk98Ie9ZtxuY3nCKneB + KjKiXrAvXUPCI9mWkYS / 1rggpFmu3HbXBnWSUdf Localuser @ Machine . local
Select the public key and copy it to the Clipboard folder.
Add the public key to the new user on the server
The SSH key must be added to a private file in the user's personal folder on the server so that it can be used for authentication.
Use the following command - on the server - to switch from the root user to the user we created in the first steps of this directory (replace demo with the user name you chose):
su - demo
Will be transferred after accessing the server to the user's personal file.
Create a new subfolder in the personal folder named ssh . (Point part of the name) with Permission Permission permissions by the following commands:
mkdir . ssh
chmod 700 . ssh
We will now create a file named authorized_keys with a text editor. We will use the Nano editor to modify the file, as in the following command:
nano . ssh / authorized_keys
Then we come to insert the public key into the file by pasting it into the editor.
Press the CTRL and X buttons together in the keyboard to exit the editor and then the Y button to save the changes and Enter to confirm the file name.
We restrict the permissions on the authorized_keys file by command:
chmod 600 . ssh / authorized_keys
To return to the root user, we execute the following command:
exit
You can now access the new user account via SSH using the secret key.
Step 5 - Prepare SSH
Once we have created a new user account, we can increase server security by changing the SSH setting . We start by opening the settings file with a text editor with the root user:
nano / etc / ssh / sshd_config
Change Port Port Connection via SSH (optional)
The first change would be to modify the port that SSH uses to connect to the server. Look for the following line:
Port 22
When this number is changed to another between 1025 and 65536, the SSH service will use the new port to connect to the server instead of the default port (22). Some users who are not allowed to access the default SSH port try to access the server. Changing the port means adding new steps to this type of user because it forces them to try many ports to see who is using SSH .
When you change the SSH port, remember the new port number so that you can connect remotely to the server. We will change the SSH port to 4444. This means that the server must be notified when the port number used is called so that it does not use the default port, which we will explain later.
Port 4444
Restrict root user access via SSH
After changing the SSH port, look for the following line:
PermitRootLogin yes
This line allows the root user to be allowed or denied access through SSH . This is a safer procedure where SSH can be accessed by a normal user and then use root user privileges.
Change the line by replacing yes with no to prevent the root user from accessing remotely.
PermitRootLogin no
It is always recommended, for greater security, to restrict root user access via SSH .
After you finish editing, save and close the file using the method we previously saw ( CTRL + X , Y and ENTER afterwards).
Step 6 - Reload SSH
We're now editing settings. To take into account the SSH service is restarted by the following command:
service ssh restart
We must make sure that the new setup works well before exiting, so that we do not find ourselves in a position where there is no remote access to the server. Open a new command-line window on your PC. In the new window, a connection will be made to the server using the normal user account that we created instead of the root user.
The access port number must be specified for a server that does not use the default port to connect via SSH by adding the phrase " p 4444- " to the connection command where 4444 is the new port number.
To access the server via the port we set up in the previous step, use the following command ( replace SERVER_IP_ADDRESS with your server name and demo with username):
ssh - p 4444 demo @ SERVER_IP_ADDRESS
Note : Do not forget, if you are using PuTTY, change the port setting in the program to match the current setting of your server.
You will be asked to enter the new user password and then, after verification, you will access the user's personal folder on the server. Remember to add sudo in front of the commands you are executing in the root user permissions:
sudo command_to_run
Where command_to_run is the command to execute.
If the previous steps are taken as described, everything is fine and you can go through the command
exit
What after this lesson?
By accessing this point your server has a strong foundation, and you can install any program you want.
You can continue with this series read an article additional recommended steps to servers Ubuntu 14.04 new , which explains things such as activation fail2ban to reduce the effectiveness of blind force attacks Brute force attacks, basic Firewall settings firewall , NTP protocol files cannibalization Swap. It also has links to explanations on how to install and set up some common web apps.
hiveblocks