NordLB Watch

NordLB Watch


Dezember 2024
M D M D F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Kategorien


Initial Server Configuration & Setup on Debian

When you first create a new server, there are a few configuration steps to increase the security and usability of your server and will give you a solid foundation for subsequent actions.

nlbredakteurnlbredakteur

Root Login

To log into your server initially, you will need to know your server’s public IP address and the password for the „root“ user’s account. For servers on DigitalOcean, you will receive an email with your server credentials and the server’s IP address.

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are actually discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident.

In this guide, we’ll help you set up an alternative user account with a reduced scope of influence for day-to-day work. We’ll teach you how to gain increased privileges during the times when you need them. The first step is to log into your server, and the only account we start out with is the root account. We can connect to the server by using the ssh command in the terminal. The command will look like this:

ssh root@server_ip_address

You will most likely see a warning in your terminal window that looks like:

The authenticity of host '123.123.123.123 (123.123.123.123)' can't be established.
ECDSA key fingerpring is
79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Here, your computer is basically telling you that it doesn’t recognize your remote server. Since this is your first time connecting, this is completely expected. Go ahead and type „yes“ to accept the connection. Afterwards, you’ll need to enter the password for the root account.

Change Your Password

You are not likely to remember the password that is currently set for your root account. You can change the password to something you will remember more easily by typing:

passwd

It will ask you to enter and confirm your new password. During this process, you will not see anything show up on your screen as you type. This is intentional and is there so that people looking over your shoulder cannot guess your password by the number of characters.

Create a New User

At this point, we’re prepared to add the new user account that we will use to log in from now on. I’m going to name my user „demo“, but you can select whatever name you’d like:

adduser demo

You will be asked a few questions, starting with the account password. Fill out the password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit „ENTER“ in any field you wish to skip.

Root Privileges

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as „sudo“ privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word „sudo“ before each command. To add these privileges to our new account, we need to use a command called visudo. This will open a configuration file:

visudo

Scroll down until you find a section that deals with user privileges. It will look similar to this:

# User privilege specification
root    ALL=(ALL:ALL) ALL

While this might look complicated, we don’t need to worry about that. All we need to do is add another line below it that follows the format, replacing „demo“ with the user you created:

# User privilege specification
root    ALL=(ALL:ALL) ALL
demo    ALL=(ALL:ALL) ALL

After this is done, press CTRL-X to exit. You will have to type „Y“ to save the file and then press „ENTER“ to confirm the file location.

Configure SSH (Optional)

Now that we have our new account, we can secure our server a little bit by modifying the configuration of SSH (the program that allows us to log in remotely). Begin by opening the configuration file with your text editor as root:

nano /etc/ssh/sshd_config

Continue reading this guide at Digital Ocean. This article has been used as an example of an Ecko WordPress theme. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.