VPS hosting - Initial Server setup

Installing Software #

  • Install a Linux Distribution to a VPS
    • Select Linux Distribution
    • If you don’t don’t know which one to use, choose latest LTS version Ubuntu, it is
      • newbie friendly
      • good community support
      • More stable & secure
    • Select Disk Image Size
      • Choose the size you need. You can upgrade if you want bigger size in the future .
    • Select Swap
    • Enter Root Password
  • Domain DNS setup
    • Find the DNS tab in your hosting account, add your domain information there so that the server is aware of the domain.
    • Change your domain’s nameserver (NS) records, at the domain registrar where your domain name was purchased, it look like this:
      • ns1.vultr.com
      • ns2.vultr.com
  • The control panel(e.g. cpanel) is a set of GUI tools for managing the server. With SSH, We can directly manage the server though command line interface.
  • Install SSH tools
    • Linux or Mac
      • Try this command
        • ssh localhost
    • If it says ssh is not installed:
      • sudo aptitude install ssh
    • Windows
      • install PuTTY or Tunnelier

log into remote server #

  • Shared hosting SSH request
    • Open cPanel
      • cPanel > Account Addons > SSH Activation Request
      • Or ask support directly
  • use putty/tunnelier (windows)
  • or Command line

Using authentication Keys to prevent brute force attack #

  • Creating keys: Linux or Mac locally

    • Open the terminal, Enter:
      • cd ~/.ssh
      • ‘~’ means home directory
    • Now create the keys:
      • ssh-keygen -t rsa
        • two files will be saved(default file name):
          • id_rsa (private key, which will be used on the local machine)
          • id_rsa.pub ( public key, which will be stored on your remote server)
      • You’re then prompted to create an optional passphrase.
      • Finally, copy id_rsa.pub to a text file:
        • cat /.ssh/id_rsa.pub > File.txt
  • Creating keys: Windows locally

    • Generate with Tunnelier or PuTTYgen (GUI )
    • Export pub key to a text file
  • Pasting SSH’ public authentication key to the remote server

    • log into the remote server
    • type these commands below to ensure that you are in your home directory, creating a hidden directory, .ssh, and a file within called authorized_keys.
cd ~
mkdir .ssh
nano .ssh/authorized_keys
  • Copy and paste your pub key to the authorized_keys file.
  • Change file permission.
    • (Swap USER for your server username)
chown -R USER:USER .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Create new username #

SSH security settings #

  • Do not close the terminal while doing this:
  • Make a backup and edit sshd_config with nano
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_BACKUP
sudo nano /etc/ssh/sshd_config
  • If you have a line that says ‘Protocol 1’ then change it to Protocol 2.
  • Default port is 22, change it to a five digit number e.g. 87782
    • Attackers may use the default port directly for brute force attack
  • PermitRootLogin no
    • To be more secure, you can create another username, and disable root login
    • ‘root’ will not able to login if this is changed to ’no’.
  • Reload SSH
    • sudo /etc/init.d/ssh reload

Update the Software Index & Upgrade Linux #

  • Get the latest software repository indexes:-
    • sudo apt-get update
  • system upgrade
    • sudo apt-get upgrade
  • Set System Locale
    • sudo locale-gen en_US.UTF-8
    • sudo /usr/sbin/update-locale LANG=en_US.UTF-8

VPS Hosting providers #