Basic Initial Steps on Building a Server

Kitty portable SSH client

Kitty portable SSH client

Basic Initial Step on Building a Server

Establish an SSH connection to your remote server using putty for Windows, Linux and Unix. I normally use Windows when setting up my *nix servers and I prefer kitty portable SSH client from 9bis. Kitty portable SSH client is a fork of Putty and a very good client.

For first time connections, a certificate will be presented to you which you can either accept and download or deny which will cause a termination of the current SSH session. In order to continue, you should “accept”, this prompt will also reappear if your server have done a massive change on it’s private certificate.


Change Password

Normally, your VPS or dedicated server will come pre-installed with a working linux/unix operating system and a random generated root password. It is advisable to change this password into something that you can remember easily. Something that can be easily remembered a little harder to guess.

You will be prompted with a password input in the shell level and a confirmation input to verify your supplied password and avoid being locked out due to wrong password settings.


Create a New User for SUDO Purpose

it is highly recommended that you create a new user for the root access purposes. This new user will be given sudo access to interact with the system as the root account

The same command we used earlier to change the root user’s password will slightly modified so we can change “newuser”‘s password.

You will also be prompt to enter your password twice hinting that all password change needs to be verified twice by the account owner.

Grant Root Privilage to the new Account

We are going to add root privilege to the newly created user and an access to the sudo family. Sudo allows an ordinary user account to elevate to the root status.

In case you are annoyed to the default “vi” text editor, you can easily instruct the shell to use nano instead of “vi”.

This will instruct the current logged in session to use “nano” as the first or default text editor.

Changing the Default Text Editor

If you want to change the default editor permanently into “nano”, you should modify the bash shell script file .bashrc.

Add the following line to the end of the file

.bashrc is a shell script that Bash runs whenever it is started interactively. You can put any command in that file that you could type at the command prompt.

You put commands here to set up the shell for use in your particular environment, or to customize things to your preferences. A common thing to put in .bashrc are aliases that you want to always be available.

Edit the Server’s Sudo Configuration

Load up your servers sudo config, please note that the command may fail with an error about “missing sudoers”. If you got this error, you need to install sudo package.

Scroll down until you locate the privilege specification area.

Create a new line and add the user “newuser” then copy all the privilege set to the user “root”. This will instruct the sudo module that we want user “newuser” to have root access. “newuser” won’t instantly gain root access, we still need to fire up a sudo command.

If you are not using nano, hit “a” (without quotes) to start editing. Pressing “Esc” key to exit editing mode. “Shift” key + ZZ to save and exit the editor. These are commands for the the default “vi” editor.

Setup SSH Access

In order to secure your server, you should prevent remote login to the server using the “root” user. This will require minor edit to the server’s “sshd_config” file.

The file “sshd_config” is fully arranged to display the default values on each variable. If you want to change the default value, uncomment the variable by removing the # character and edit your desired value. Kindly note to leave the values on default if you have no idea what that certain variable do. You can easily messed up your SSH module with a wrong configuration.

 

Change the default port

What we are interested to find is the default port section.

For security reasons, it is advisable to change this port into something else. To change the port a new value, remove the # character and add your desired port number. I used 2244 as an example

Next step is to disable the “root” user from logging in with remote connections. This will limit brute force attacks on the server since attackers will try to login using “root” user.

As a second security practice and for speed purposes, we need to turn off DNS when handling SSH logins.

On the latest version of SSH module, the newly created user is automatically allowed to login. In some cases, you need to manually add the new user. The most convenient place to do this is to append the command at the bottom.

Last step is to restart our SSH daemon and test if our setup is working as expected. Keep your current session active until you can confirm that you can login using your new user account.

An alternative way of restarting the service is via service restart.


You can run root commands using the code pattern below.

The suggested way to run root commands is to elevate your access level into root level.

 

coderinthebox

The TechnoJunkie of the group who studied engineering but got stuck with software development. Remember kids, 90% of your problems can be solved by marketing. Solving the other 10% just requires good procrastination skills.

You may also like...

4 Responses

  1. brian says:

    thanks fo rtip about moving port 22.

    think I’ll need to use keys instead

    • coderinthebox says:

      Keys will solve most issues with brute force login and moving the port to above 1000 will greatly reduce attempts.

  1. December 1, 2015

    […] I am assuming that you have already done the basics steps for your new server. […]

  2. January 11, 2016

    […] The fix is pretty simple and involves by logging to your server via Secured Shell with ROOT capability. I am assuming you have already done the basic steps when starting a new server. […]

Leave a Reply

%d bloggers like this: