This short tutorial describes the things you really should be doing when you start working with new VPS ~ Virtual Private Server – Ubuntu 16.04
Create a Non-Root User Account and Public/Private SSH Keys for Security.
You will normally have a control panel that will allow you to install Ubuntu 16.04 server edition if it is not already pre-installed.
Make sure you have the following details available before you start.
- SSH terminal – Mac and Linux come with the tools required for ssh preinstalled installed.
Windows users will need to install Putty, its free to download. Click here for putty download page.
- VPS with Ubuntu 16.04 installed. This is easily done via your ISP’s Control Panel if it’s not already pre-installed.
*ISP stands for Internet Service Provider is the company supplying your VPS
- Root login details (Your ISP will have send you these details)
- IP Address of your server
You will have ‘root’ user login details from your VPS provider.
You can ‘earn’ a self managed VPS from www.gigarocket.net with their Post 2 Host services. GigaRocket are a community of people worldwide who use their service for all kinds of websites and project. Very good resource of knowledge with a friendly and helpful. Simply post 25 quality posts per month with questions or answers . Sounds a lot but it’s surprisingly easy and glues the community together.
Logging in to your sever with ‘root’ account
- Open your Terminal (Putty terminal for Windows users)
- Log in. As in the description below: ssh is the program used to securely connect. root is the user account. Root user is like God, it can do anything. It’s dangerous having that kind of power, we’ll add your a sudo account soon. Sudo is like being Jesus. The dollar sign $ is the command prompt, it’s there to tell you it’s listening for your commands. You may see a hast prompt # instead. Same thing, it’s listening for commands.
- Press Enter to execute the command
Replace your_server_ip with the IP address your ISP has given you.
$ ssh root@your_server_ip
You should now have something akin to:
$ ssh firstname.lastname@example.org
After pressing enter, you’ll possibly get a warning about host authenticity:
The authenticity of host '220.127.116.11 (18.104.22.168)' can't be established. ECDSA key fingerprint is SHA256:THsmUR++nPCSkfxlSe4olnNdHIELa0Tba0jDARZ1xhw Are you sure you want to continue connecting (yes/no)? yes
If it appears like in the example above, type in yes as I have above ^^^^^^^
You will then need to enter your password that the ISP gave you.
If it is your first time logging into the server with a password, you will also be prompted to change the root password. Change it to something secure, I tend to throw in some symbols such as: $!*%
Create a New User Account
At the moment you’re logged in as Root so now we’ll create a normal user account. I’m adding ‘Bert‘ as a user.
# adduser bert
The command is adduser and the username is Bert – replace bert with your name.
You’ll be asked for a password. Make it strong. An example strong password is:
I know it like something you’d never remember, so use a password manager for all your passwords. It’s the only way to be secure these days with password crackers and the like so easily available .
You could be creative and make something more memorable: “p4$5_w0rdz!” – we’ll harden our security shortly.
You be asked a few questions, you can simply press enter and leave these blank.
We’re going to give the new user bert some superuser privileges. Currently he is a normal mortal. This will allow bert user to run commands with administrative privileges by putting the word before each command and make him a Ubuntu Jesus (you can change to prefered deity)
# usermod -aG sudo bert
The usermod command modifies the user with ‘sudo’ rights. Heres your first sudo command, lets update your sources list (more about that in another tutorial)
# sudo apt-get update
this means that everything executed after the sudo command is run as the superuser (essentially root with a few differences)
This command updates the list of software sources, we’ll be installing various software on our server to make is useful. Things like web server software and a database, but more about that later.
You could, if you wanted, leave the server as it is, however, I would advise you to add another layer of security, especially if this vps is going to be running anything you care about.
How to Add Public Key Authentication (Using Linux or Mac Home Computers)
Follow the link at the end of this tutorial for instructions for adding RSA keys using a Windows home computer
The next step in securing your server is to set up public key authentication for your new user. Setting this up will increase the security of your server by requiring a private SSH key to log in.
Generate a Key Pair
We are assuming that you do not have a key pair. In this section, we are going to generate a public and private key pair, one for the remote vps and one for your home computer.
Only you, from your home computer will be able to log in to your server. You will have to take your private key on a memory stick and use that to authenticate from another computer.
To generate a new key pair, enter the following command at the terminal of your local machine (on your home computer):
Copy Public Key to VPS
There are a few ways you can tackle this one, I’m going to go with the one tend to use myself.
One your local machine (the one you use from home) type the following command
$ ssh-copy-id bert@your_server_ip
You’ll be asked for your password at the prompt. Type it in and your public key will be added to the remote user’s
.ssh/authorized_keys file of your VPS.
The private key on your local (home) machine can now be used to log into the server
$ ssh bert@your_server_ip
If all is well, you’ll be logged in and will have secured your VPS from you or anyone accidently or otherwise smiting your installation!
Windows users can follow this digital ocean tutorial to achieve the same with Putty
#commandline #cli #ssh #root #secure #rsa #authentication #sudo