Basic server set up guide
Essentials
Basic workflow
Configure SSH
Basic workflow for configuring SSH
- Configure SSH public key authentication for the
rootuser - Disable SSH password authentication
- Verify that for the
rootuser, SSH:- Does not work with password authentication
- Works with public key authentication
- Add a new user
- Add the new user to the sudoers list
- switch to the new user
- Configure SSH public key authentication for the new user
- Disable SSH root login
- Verify that for the
rootuser, SSH:- Does not work with password authentication
- Does not work with public key authentication
- Verify that for the new user, SSH:
- Does not work with password authentication
- Works with public key authentication
Useful snippets for configuring SSH
Open the SSH config:
sudo nano /etc/ssh/sshd_config
Useful SSH config:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ClientAliveInterval 120 # Keep alive ssh connections by sending a packet every 2 minutes.
Remember to also check /etc/ssh/sshd_config.d/*.conf and any other includes.
Restart the SSH service:
sudo systemctl restart ssh
Verify the status of the SSH service:
sudo systemctl status ssh
Useful snippets for adding a new user as the root user
Suppose that the username of the new user is user:
adduser user
Add the new user to the sudoers list:
visudo
Add this following line under # User privilege specification:
user ALL=(ALL) NOPASSWD: ALL
Useful snippets for configuring SSH public key authentication:
Create the .ssh directory:
mkdir ~/.ssh
Edit the authorized_keys file and add your public key:
nano ~/.ssh/authorized_keys
Configure fail2ban
Refer to Fail2Ban
Configure UFW
Refer to UFW
Optionals
- Configure zram
- Configure swap file
- Configure
zsh - Disable XON/XOFF software flow control (prevent
Ctrl+Sfrom freezing the terminal) - Auto remove trash using
trash-cli
Configure zram
Refer to zram
Configure swap file (unnecessary if zram is configured)
Refer to Swap
Configure zsh
Refer to Zsh
Disable XON/XOFF software flow control (prevent Ctrl+S from freezing the terminal)
Refer to IXON
Auto remove trash using trash-cli
Refer to trach-cli