When I setup a Debian server there’s a few basic things I do to get it online.
First steps boot from the netinst CD and follow the installer.
First logon using SSH as your regular user account as root can’t access the system remotely. So you’ll have to logon unprivileged and then su to root.
Then before doing anything else install sudo and give your user account access by making them a member of the sudo group.
# apt-get install sudo # usermod -a -G sudo [user]
You’ll have to logout and back in to pick-up the sudo group change.
Now setup unattended upgrades so things stay fresh.
$ sudo apt-get install unattended-upgrades apt-listchanges $ sudo dpkg-reconfigure -plow unattended-upgrades
Edit the config and add your email so you get notifications about upgrades.
$ sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
and uncomment and change the detail to your email address:
SSH Secure Logon
Now create yourself an ssh key pair. This will create the ~/.ssh folder for us and place your users public and private keys in it as id_rsa (the private key) and id_ras.pub (the public key). Specify a decent password to protect your private key.
You may have already done this on your own machine and already have keys. You could make life easier by using your keys to logon with ssh rather than a username and password. To do this simply copy the contents of your own id_rsa.pub file into the remote systems ~/.ssh/authorized_keys. You’ll then be trusted as that user if you present your private key during logon.
If you’re using putty you’ll need to do some conversion of the key using puttygen.
- Click Conversions from the PuTTY Key Generator menu and select Import key.
- Navigate to the OpenSSH private key and click Open.
- Under Actions / Save the generated key, select Save private key.
- Choose an optional passphrase to protect the private key.
- Save the private key as id_rsa.ppk.
You can then use the id_rsa.ppk file in you settings for putty to use.
Now I can connect to the server using SSH I’d like to keep things secure. An easily implemented firewall config I use is arno, it does all the heavy lifting with iptables. Instructions for that can be found here: Linux Firewall
Then it’s over to you what you need to install on it.