Ubuntu 8.04 setup on linode.com VPS

These are the steps I took to setup a fresh vps at linode.com running Ubuntu 8.04. Hopefully this will serve as a basic tutorial to configuring and securing a linux server.

Once you’ve deployed your distribution in the linode account manager and waited for the server to build your vps you need to connect to it using an ssh client. I am using Windows XP on my home box so the obvious choice is putty. Download the putty.exe binary and grab puttygen.exe while you are there as well need that later. Use the default settings for putty and enter the ip of your vps. Its normal the first time you connect to get a warning about the remote sites security certificate so just accept it. Login as root with the password you set when building your linode.

Set hostname

The first thing I do is set the correct hostname. My domain is bc-dev.net and Ive decided to name the vps as host, but you should come up with your own imaginative name.

echo yourname > /etc/hostname hostname yourname nano /etc/hosts

This brings up the /etc/hosts file in the nano text editor. Change the second line to match your ip, domain name and hostname. In nano use CTRL+o to save and then CTRL+x to exit.

12.34.56.78 yourname.yourdomain.com yourname

You should also create an A record for yourname.yourdomain.com in your DNS manager.

Add a non root account

]The next step is to add a non root user account. We will use this account to access our box as logging in as root is an increased security risk.

adduser notroot

Create a password and just accept the defaults for the personal information. In Ubuntu non root users can gain temporary root privileges with the sudo command. We need to enable this for our new user.

visudo

This uses another text editor, vi. It’s not as friendly as nano but is much more powerful. Somewhere near the end of the file add a line for your new user.

notroot ALL=(ALL) ALL

In vi you need to press the i key for interactive mode to enter the text. When you are done press ESC and then :wq to write and quit.

Configure ssh

Now we need to configure ssh access for our new user. We want it so we can connect without a password using an encryped key instead. Our server needs to have a public key that we can match our private key against. First create a directory and a public key file.

mkdir /home/notroot/.ssh 
nano /home/notroot/.ssh/authorized_keys 

We can now use puttygen to generate our keys. Copy and paste the public key from puttygen into your terminal window and save the file. You should also save your private key on your home machine somewhere. We now need to give our new user access to these files.

chown -R notroot:notroot /home/notroot/.ssh
chmod 700 /home/notroot/.ssh
chmod 600 /home/notroot/.ssh/authorized_keys

The final step is to change the server’s ssh configuration to make it more secure and use our new settings.

nano /etc/ssh/sshd_config

We want to set it so only our user can login and only with our private key. You should also change the default port to something random and high.

Port 23456
PermitRootLogin no
PasswordAuthentication no
AllowUsers notroot

Restart ssh so the new settings take effect.

/etc/init.d/ssh reload

Don’t close your current terminal window (incase you are locked out and need to fix it!) but instead open a new putty session and try connecting with your new user name and private key. You can select your key file in putty under Connection > SSH > Auth. If all goes well you should be connected. Now you can log out your root console and save your connection profile in putty. That’s it, next post will cover some more basic setup as well as firewall and iptables settings.

References:
http://wiki.opengarden.org/Deki_Wiki/Installation_and_Upgrade/1.8_Hayes_Official_Install_and_Upgrade_Guide/Linode_VPS
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-2