Getting started
(Linode: Getting Started)
(Digital Ocean: Additional Recommended Steps for New Ubuntu 14.04 Servers)
- Sign up
- Add a Linode
- Select
Linode 2048 - Select
Location - Click
Add this Linode!
- Select
- Click
linodexxxxxxx - Click
Deploy an Image - Cofigure deployment
- Image
Ubuntu 16.04 LTS - Deployment Disk Size max
- Swap Disk
512MB - Root Password
•••••••• - Click
Deploy
- Image
- Boot
- Click
Boot - Confirm boot
- Click
- SSH
- Click
Remote Accesstab - Click SSH Access link
ssh root@xxx.xxx.xxx.xxx - Click
Allowto open in Terminal - Terminal should open (first run has some additional Allows and yeses)
- Enter password in Terminal
- Click
- Update software via ssh
apt-get update && apt-get upgrade - Choose a newhostname and set it
hostnamectl set-hostname newhostname - Update /etc/hosts
nano /etc/hosts- Add IP address and newhostname separated by a tab below:
127.0.0.1 localhost
127.0.1.1 ubuntu.members.linode.com
xxx.xxx.xxx.xxx newhostname - Exit
^X - Save
y - File Name to Write: /etc/hosts
↩︎
- Setup timezone (I like UTC)
dpkg-reconfigure tzdata- Arrow around, ↩︎, ⎋
- Setup NTP network time synchronisation
sudo apt-get install ntp
Securing the server
(Linode: Securing Your Server)
- Login
ssh root@xxx.xxx.xxx.xxx- Password
- Add a limited user account
adduser example_user- Password
- Retype password
- Enter Full name
- Room number
- Work phone number
- Home phone number
- Other
- Is the info correct?
Y
- Add user to admin group
adduser example_user sudo
- Logout
exit - Login again, but as the new user
ssh example_user@xxx.xxx.xxx.xxx- Password
- Harden SSH access
- Create an ssh directory on the Linode machine
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/ - (open a new Terminal window)
- Check if you have an RSA key-pair on your local Mac
ls ~/.ssh/id_rsa*
If NOT,
ssh-keygen -b 4096 - Copy the public key from your Mac to the Linode machine
scp ~/.ssh/id_rsa.pub example_user@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys - Swap back to linode terminal
- Set permissions on the Linode machine
sudo chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys - Logout
exit - Login again, as the new user
ssh example_user@xxx.xxx.xxx.xxx
(no password required)
- Create an ssh directory on the Linode machine
- Edit SSH Daemon Options
sudo nano /etc/ssh/sshd_config- Password
- Disallow root logins over SSH: change
PermitRootLogin yestoPermitRootLogin no - Maybe disable SSH password authentication: change
PasswordAuthentication yestoPasswordAuthentication no - Restart SSH Daemon
sudo systemctl restart sshd
- Automatic updates (Ubuntu: Automatic Updates)
- Install package
sudo apt install unattended-upgrades - Make schedule
sudo nano /etc/apt/apt.conf.d/10periodic
Add lines:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Exit^X
Savey
Write↩︎ - Setup notifications
sudo apt install apticron
- Install package
- Enable firewall
sudo ufw allow proto tcp from any to any port 22
sudo ufw enable - Use Fail2Ban to block multiple unsuccessful login attempts
(Linode: Using Fail2ban to Secure Your Server) - Install Fail2ban
sudo apt-get install fail2ban - Configure fail2ban
cd /etc/fail2ban- Copy fail2ban.conf file and # all lines
sed 's/\(^[[:alpha:]]\)/# \1/' fail2ban.conf | sudo tee fail2ban.local &> /dev/null - Copy jail.conf file and # all lines
sed 's/\(^[a-z tab]\)/# \1/' jail.conf | sudo tee jail.local &> /dev/null
Point a domain name at your new IP
(Linode: DNS Manager Overview)
(Linode: Common DNS Configurations)
- Login to your domain registrar and change the zone file (DNS management) to point to Linode’s name servers.
- ns1.linode.com
- ns2.linode.com
- ns3.linode.com
- ns4.linode.com
- ns5.linode.com
- Create a new domain zone
- Login to Linode Manager
- Click on
DNS Managertab - Click
Add a domain zone - Domain
your domain - SOA Email
A good email address - Insert Default Records
Yes, ... - Click
Add a Master Zone
4 Replies to “Setting up a server at Linode”
Comments are closed.