Initial configuration process for Linux servers

Nanyi

Date: March 14, 2014

When developing a Web site, you often need to configure your own Linux server.

This document records the initial process of configuring a Linux server, the next thing to do after the system installation is complete. This is mainly my own summary and memo, if there are omissions, welcome to Add.

The following actions are for the Debian/ubuntu system, and other Linux systems are similar in that some commands are slightly different.

First step: Root User Login

First, log in to the remote host using the root user (assuming the IP address is 128.199.209.242).

ssh [email protected]128.199.209.242

At this point, the command line appears with a warning that this is a new address and there is a security risk. Type Yes to indicate acceptance. Then, you should be able to successfully log in to the remote host.

Next, modify the root user's password.

passwd

Step Two: Create a new user

First, add a user group (this is assumed to be the Admin user group).

addgroup admin

Then, add a new user (assumed to be Bill).

-/home/-/bin/-

In the above command, parameter d specifies the user's home directory, the parameter s specifies the user's shell, and the parameter m indicates that the directory is created if the directory does not exist.

Next, set the password for the new user.

Add a new User (bill) to the user group (admin).

--

Next, set sudo permissions for the new user.

The Visudo command opens the sudo settings file/etc/sudoers and finds the following line.

root    ALL=(ALL:ALL) ALL

Under this line, add a row.

root    ALL=(ALL:ALL) ALLbill    ALL=(ALL) NOPASSWD: ALL

The above NOPASSWD said, when switching sudo, do not need to enter a password, I like this more convenient. You can also force a password to be entered for security reasons.

root    ALL=(ALL:ALL) ALLbill    ALL=(ALL:ALL) ALL

Then, first log out of the root user, and then log in as the new user, check to see if this step is normal.

exitssh [email protected]128.199.209.242

Step three: SSH settings

First, make sure that this machine has an SSH public key (typically file ~/.ssh/id_rsa.pub), and if not, use the Ssh-keygen command to generate one (refer to the SSH tutorial I wrote).

The

Opens another shell window on this computer, copying the local public key to the server's Authorized_keys file.

cat ~  Span class= "token operator" >/  Ssh/ Id_rsa Pub |  ssh [email protected]128.199  Span class= "token punctuation".  209.242   ' mkdir-p. SSH && cat->> ~/.ssh/ Authorized_keys '  # or on the server side, run the following command  echo   >  ~  /  Ssh/ Authorized_keys  

Then, go to the server and edit the SSH config file/etc/ssh/sshd_config.

/etc/ssh/~/etc/ssh/sshd_config

In the configuration file, change the default port of SSH to 22, which can be changed to any integer from 1025 to 65536 (this is assumed to be 25000).

25000

Then, check that several settings are set to the following so that the previous # number is removed.

2.ssh/authorized_keysUseDNS no

The above is mainly to prohibit the root user login, as well as prohibit password login.

Next, at the end of the configuration file, specify which users are allowed to log on.

AllowUsers bill

After saving, exit file editing.

Next, change the permissions for the Authorized_keys file.

600~/.ssh/&&700~/.ssh/

Then, restart the sshd.

sudo service ssh restart# 或者/etc/init.d/ssh restart

The following step is optional. Create a config file under the native ~/.ssh folder, as follows.

128.199.209.24225000

Finally, a shell window is opened in this machine to test whether SSH can log on successfully.

ssh s1

Fourth step: Run the Environment configuration

First, check the server's regional settings.

locale

If the result is not en_us. UTF-8, suggestions are set to it.

sudo locale-gen en_US en_US.UTF-8 en_CA.UTF-8sudo dpkg-reconfigure locales

Then, update the software.

sudo apt-get updatesudo apt-get upgrade

Finally, according to the need to do some security settings, such as building a firewall, close HTTP, HTTPs, SSH, and other ports, such as installation Fail2ban, detailed reference to this "securing a Linux Server."

Finish

Document Information

• copyright NOTICE: Free Reprint-Non-commercial-non-derivative-retain attribution | Creative Commons by-nc-nd 3.0
• original URL: http://www.ruanyifeng.com/blog/2014/03/server_setup.html
• Last modified: May 9, 2014 10:10
• paid support: |