First-time Setup on Linux VPS - Server Setup
After your first Linux VPSie is deployed, we suggest a few configuration steps to enhance the
security of your new VPS.
The first step – Make sure you received VPS login information in your Inbox
With every new VPSie, we send out an email notification stating the name given to the server,
IP address and root password.
From the above information, it means that initial configuration allows you to remotely login
as root via ssh.
Step two – logging into your new VPS.
Using an SSH client like PuTTy or SecureCRT, use the IP , root user and password found in the
Step three – Changing the system-generated root password and adding a new non-privileged user
[email protected]:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
For increased usability, it is recommended to have a non-privileged user for the operation of
the your Linux VPS. This helps against erronous commands or copy/pasting.
Before you go ahead and just create it, you should know there are a few details about the new
user that can be defined at creation time:
[email protected]:~# useradd Usage: useradd [options] LOGIN useradd -D useradd -D [options] Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the new account -d, --home-dir HOME_DIR home directory of the new account -D, --defaults print or change default useradd configuration -e, --expiredate EXPIRE_DATE expiration date of the new account -f, --inactive INACTIVE password inactivity period of the new account -g, --gid GROUP name or ID of the primary group of the new account -G, --groups GROUPS list of supplementary groups of the new account -h, --help display this help message and exit -k, --skel SKEL_DIR use this alternative skeleton directory -K, --key KEY=VALUE override /etc/login.defs defaults -l, --no-log-init do not add the user to the lastlog and faillog databases -m, --create-home create the user's home directory -M, --no-create-home do not create the user's home directory -N, --no-user-group do not create a group with the same name as the user -o, --non-unique allow to create users with duplicate (non-unique) UID -p, --password PASSWORD encrypted password of the new account -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL login shell of the new account -u, --uid UID user ID of the new account -U, --user-group create a group with the same name as the user -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
If any of the user’s characteristics should not be default, above are some options.
Let’s create a password for our “newuser”.
[email protected]:~# passwd newuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
To test this, ssh to localhost as “newuser”:
[email protected]:~# ssh [email protected] [email protected]'s password: $ Connection to localhost closed.
Ok. We have a new user and we are able to log that user in via ssh.
Step four – Hardening Linux SSH server security a bit
This consists of few points:
– Deny root logon
– Deny password authentication and allow RSA key auth only
– Change ssh port from 22 to a port above the reserved range (1-1024).
Change the directive “PermitRootLogin” directive in sshd_config to “no”.
Following links describe the other two points: https://vpsie.com/activating-ssh-key-authentication-generating-key-pair/ https://vpsie.com/secure-linux-vps-ssh-hardening/
Now restart ssh daemon and the settings should be changed.
And these are the basic initial steps to configure your new Linux VPS server. You can start deploying and configuring server applications from the repository of your distribution.
You can actually try those server basic steps on our platform in few minutes utilizing our PCS (Private Cloud Solution) which allows you to have VPSie(s) on a private network – NAT – Port forward – traffic control for inbound and outbound – multiple gateway IPs which you could use for the load-balancing and failover.