Nov 22, 2014

Initial Linux VPS ie server setup

Introduction After your first Linux VPSie is deployed, we suggest a few configuration steps to enhance the security of your new VPS. First step – Make sure you received VPS login informatin in your Inbox With every new VPSie, we send out an email notification stating the name given to the server, IP address and root password. From the above information, it means that initial configuration allows you to remotely login as root via ssh. Step two – logging into your new VPS. Using an SSH client like PuTTy or SecureCRT, use the IP , root user and password found in the email Step three – Changing the system generated root password and adding a new non privileged user
[email protected]:~# passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
For a increased usability, it is recommended to have a non-privileged user for operation of the your Linux VPS. This helps against erronous commands or copy/pasting. Before you go ahead and just create it, you should know there are a few details about the new user that can be defined at creation time:
[email protected]:~# useradd
Usage: useradd [options] LOGIN
       useradd -D
       useradd -D [options]

  -b, --base-dir BASE_DIR       base directory for the home directory of the
                                new account
  -c, --comment COMMENT         GECOS field of the new account
  -d, --home-dir HOME_DIR       home directory of the new account
  -D, --defaults                print or change default useradd configuration
  -e, --expiredate EXPIRE_DATE  expiration date of the new account
  -f, --inactive INACTIVE       password inactivity period of the new account
  -g, --gid GROUP               name or ID of the primary group of the new
  -G, --groups GROUPS           list of supplementary groups of the new
  -h, --help                    display this help message and exit
  -k, --skel SKEL_DIR           use this alternative skeleton directory
  -K, --key KEY=VALUE           override /etc/login.defs defaults
  -l, --no-log-init             do not add the user to the lastlog and
                                faillog databases
  -m, --create-home             create the user's home directory
  -M, --no-create-home          do not create the user's home directory
  -N, --no-user-group           do not create a group with the same name as
                                the user
  -o, --non-unique              allow to create users with duplicate
                                (non-unique) UID
  -p, --password PASSWORD       encrypted password of the new account
  -r, --system                  create a system account
  -R, --root CHROOT_DIR         directory to chroot into
  -s, --shell SHELL             login shell of the new account
  -u, --uid UID                 user ID of the new account
  -U, --user-group              create a group with the same name as the user
  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping
If any of the user’s characteristics should not be default, above are some options. Let’s create a password for our “newuser”.
[email protected]:~# passwd newuser
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
To test this, ssh to localhost as “newuser”:
[email protected]:~# ssh [email protected]
[email protected]'s password:
Connection to localhost closed.
Ok. We have a new user and we are able to log that user in via ssh. Step four – Hardening Linux SSH server security a bit This consists of few points: – Deny root logon – Deny password authentication and allow RSA key auth only – Change ssh port from 22 to a port above the reserved range (1-1024). Change the directive “PermitRootLogin” directive in sshd_config to “no”. Following links describe the other two points: Now restart ssh daemon and the settings should be changed. And these are the basic initial steps to configure your new Linux VPS server. You can start deploying and configuring server applications from the repository of your distribution.  

You can actually try those server basic steps on our platform in few minutes utilizing our PCS (Private Cloud Solution) which allows you to have VPSie(s) on a private network – NAT – Port forward – traffic control for inbound and outbound – multiple gateway IPs which you could use for the load-balancing and failover.