 |
VOOZH | about |
|
VOOZH | about |
After creating a new Ubuntu 18.04 server, you should take some configuration steps as part of an initial server setup in order to increase security and facilitate management later.
This guide will walk you through a few procedures that you should complete early on in order to create a solid foundation for your new server, before moving on to installing and configuring any software or services.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
Former Senior Technical Writer at DigitalOcean, specializing in DevOps topics across multiple Linux distributions, including Ubuntu 18.04, 20.04, 22.04, as well as Debian 10 and 11.
Dev/Ops passionate about open source, PHP, and Linux. Former Senior Technical Writer at DigitalOcean. Areas of expertise include LAMP Stack, Ubuntu, Debian 11, Linux, Ansible, and more.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I have made a bash script to automate the setup process, hopefully this will be useful to someone else.
Hey, Justin! Thanks for the great tutorial. In your last step, rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy, it might be worth pointing out that there should be no trailing slash on ~/.ssh. I only mention that because when I was typing it in, I hit <tab> (to autocomplete, out of habit) and bash turned that into /root/ssh/.
I tried to log in with my new user, but because rsync doesnβt copy the source directory itself when it is appended with a trailing slash, my authorized_keys file was just hanging out in my new userβs home directory. A quick note might save someone else the trouble. Thanks again!
Itβs also probably advisable to include a Step 6: Disable SSH root login.
This can be done by setting PermitRootLogin to no in /etc/ssh/sshd_config.
I also prefer to install fail2ban to prevent anybody trying to hack into the system.
apt-get install fail2ban
This comment has been deleted
The old 16-04 tutorial made a lot more sense with how to get the keys in the correct place for ssh on the new user.
You might not be able to access using the new user you created, make sure you allow OpenSSH on uwf by (logged in as root or access it via the droplet console):
ufw allow OpenSSH
in my case i also allowed port 22
ufw allow 22
Great piece! thank you. Keep up the good work :)
https://transfer.sh/ is a neat alternative for rsync. \Yet, not sure about security compliance on their side.
i.e.
$ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./xxx.pub https://transfer.sh/xxx.pub
output returns a downloadable link that fits both for cli and webUI Also addable as alias to .bashrc:
# Add this to .bashrc or its equivalent
transfer() { if [ $# -eq 0 ]; then echo -e "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; return 1; fi
tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; }
# Now you can use transfer command
$ transfer hello.txt
Very useful, short and it works. Thx for sharing.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Scale up as you grow β whether you're running one virtual machine or ten thousand.
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
