Moon image
Back to posts
Published on

First thing you need to do after purchase VPS

This is note for me as a noob. After purchasing VPS, there are a lot of thing to do. Hardening the box is the most important thing to do. Still after managing a lot of servers, I am always nervous.

In this post I am using Ubuntu. I never try another distro beside debian based distro.

Add public ssh key

Yes, it must. Don't make a room for attacker. Unless your ssh-key is stolen, it impossible for attacker to log on to your box.  

Craete ssh-key from your computer. Please follow this awesome guide from Github: how to generate ssh-key.

Then, the .ssh will created from your home directory.

.ssh
├── authorized_keys
├── id_ed25519
├── id_ed25519.pub
├── known_hosts
├── known_hosts.bak
└── known_hosts.old

Keep the id_ed25519 and id_ed25519.pub to the safest bunker you have. After that, to login to your VPS box without password, you have to upload the id_ed25519.pub to the box.

ssh-copy-id -i ~/.ssh/id_rsa.pub YOUR_USER_NAME@IP_ADDRESS_OF_THE_SERVER

Yes, of course. You can upload it manually. Please follow this guide: how to add public ssh key.

Then try to login, voalla!! you don't need to use password again.

Create a new user

Usually, you will login to server as a root user. It's ok if you know what to do. But, it a bit risky. Root can do anything. And if it goes to wrong hand, you will having a very bad day.

Instead, you we will create a sudo user to do the job. Let's say we will create sudo user name ubuntu.

adduser ubuntu

Follow the screen to fill in the form. Next, add sudo capability to the user.

usermod -aG sudo ubuntu

Done. after that you can try to login again with this user. To be able login without password. We will copy .ssh from root to new ubuntu user directory.

cp -R /root/.ssh /home/ubuntu/

Disable root login

Finally, we can disable login as root and login with password. Edit /etc/ssh/sshd_config with your favorit editor. Change PermitRootLogin line to no, keep another line as it is.

...
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
...

Disable password login. Within same file, we need to change PasswordAuthentication to no.

...
PasswordAuthentication no
...

That's it. If you need comprehensive guide, you can go to nixCraft website. Just remember, never lose you ssh-key, or you also can not log on to your box.

Subscribe

Want to stay updated on my latest projects, web dev tips, and the occasional gardening triumph? Subscribe to my newsletter!