Initial User and SSH Setup for InterServer's VPS Hosting or similar vps, for Ubuntu Version 14.04 64 minimal.
As the distribution name implies, this minimal distribution comes with no bells and whistles. As the server administrator, you will be expected to install any programs you may need. It’s important to realize this, since instructions for the regular Ubuntu 14.04 distribution may differ slightly.
Setting up your user environment makes sense, since this will aid in securing your server. Better safe than sorry!
- We tested our instructions onInterServer’s OpenVZ VPS Hosting loaded with Ubuntu 14.04 64 (instructions are for minimal distribution, but should work for regular distribution as well).
- Putty or similar SSH client
- root login and password
Initial User Setup
Before we start. We will be making changes to restrict unauthorized access to your server. This means you could accidentally lose partial or full access to the server. This should not be attempted on a live production server, without first trying it on a test or new server to make sure it works. We cannot help you if something goes wrong. Please be careful.
First, let’s get all the updates for the distribution. Make sure you are logged in as root (your prompt will say root@servername and # to the right of the prompt). If you are not root, you will need to add sudo to each command you issue (sudo apt-get update).
apt-get updateThis will download any security or bug fix updates. Always start with this, since you may run into bugs that have already been fixed.
If prompted, answer Y for yes,
apt-get upgradeLet’s upgrade any packages that may have deprecated.
If prompted, answer Y for yes
At this point, you are ready to begin. You will need an editor, and nano is easy to learn and use (If at any point you received a message that the package was already installed, just skip to the next step):
apt-get install nano
Test by opening a file. You can try
nano testfileExit file by typing the combination
apt-get install dialogThis will allow for installations to go smoother with a slightly upgraded interface.
The sudo program will be required for giving users privileges. Without it, you will need to be logged in as root every time you need elevated privileges.
apt-get install sudoBefore we can test sudo, will need to add a user
We now have the tools necessary for the next steps. Lets add you as a user.
- You can add users by typing
- Since this user will be a sudoer (elevated privileges), you should pick a secure password. If a hacker figures out the password, your site will be damaged, or worse.
- You may enter additional user information. You can leave these blank by hitting enter when prompted each time.
Add to sudoers
- Issue the command
gpasswd -a username sudo
- gpasswd -a will add a user to the group (sudo). gpasswd -d will delete a user from the group (sudo).
- Members of the sudo group may become root, by typing ‘sudo su’ - Will test this later.
Why did we do this?
We have just created a user that will have the same abilities as root. One of the problems with having a root user available for remote connections, is that half of the login password scheme is already guessed. If I wanted to take over your server, I would try the root account first. Then try to guess at your password. I could try different types of brute-force attack strategies, utilizing root as the login. If there are no additional defenses, I can try a script to do dictionary attacks, use common words, and common passwords. This script could run thousands of combinations per minute, until it finds the correct combination.
Let’s defend against that, by disabling remote logins as root. Luckily for us, this is just a setting in the ssh configuration file.
- Let’s edit the sshd configuration file by typing:
- Will need to find the line that says PermitRootLogin yes and change it to PermitRootLogin no
- Type the key combination
yto accept the change. Press
- Very Important: Test the new account we created before making the change official. We don’t want to lock ourselves out later. Open a new ssh session (we use Putty). Log on to your server as the user you just added.
- Try gaining root, by typing
- Enter the password of the user you just added. If everything went as planned, your prompt will say root@servername, and have a # after your login name.
- (Optional) You can try running a command that requires elevated privileges, without using sudo. Type
apt-get updateIf it runs, your user was setup correctly, and we can logoff by typing
exituntil the connection is closed.
service ssh restart
Congratulations! You have just taken the first step in shoring up your server. You should also consider a firewall and fail2ban to better secure your server.
We suggest installing a couple of other packages that are not in the original installation. You may need these later:
apt-get install rsync
apt-get install bsdutils
This website is supported by our affiliation with web hosting companies. We encourage you to visit our friends at Interserver. They really do offer $6 per month VPS Hosting. Linux, windows and cpanel available, have super fast service, and they care about their customers!