Initial VPS SetupMuhammad Arafat Azam

Topics I will coverCreating a VPS (droplet) on Digitalocean.

Creating a new user with root privileges.

Setting up ssh.

Setting up a basic firewall.

PrerequisiteAccess to an ubuntu 16.04 VPS.

OpenSSH for Linux of Mac.

An ssh client for windows (PuTTY / gitbash)

Installing ssh clientDownload and install latest version of git from here:

https://git-for-windows.github.io/

Create a VPSOn digitalocean, VPS is called droplet.

Digital ocean’s interface is clean and beginner friendly.

To get 10$ beginner credit sign up with this referral link:https://m.do.co/c/0dc352a7f06c

Log into the Droplet with rootBy this time digitalocean has emailed the login credential.

Open a terminal and log in with this command and enter the emailed password: ssh root@your_server_ip

We will be prompted to change the password.

Create a New userroot is the administrateive user. It has privileges to cause destructive

changes to our server.

We will create a new user with the following command:adduser azam

Give it a ‘superuser’ or administrative privileges:usermod -aG sudo azam

Generate an SSH keySSH is a network protocol which is used to establish secure

connection to remote machine over the internet and run commands.

To generate an ssh key open a local terminal (ie: another git bash) and enter this command: ssh-keygen

Print the public key with the following command: cat ~/.ssh/id_rsa.pub

Select and copy.

Copy the public key in the DropletOn the remote terminal we will temporarily switch to the new user:

su - azam

Create an .ssh directory and restrict permission: mkdir ~/.ssh chmod 700 ~/.ssh

Open a file in .ssh named authorized_keys: nano ~/.ssh/authorized_keys

Now paste the copied public key, hit ctrl+x and press y.

Restrict the permission of the authorized_keys: chmod 600 ~/.ssh/authorized_keys

Switch back to root user: exit

Disable Password AuthenticationAs a root user open the ssh daemon configuration:

sudo nano /etc/ssh/sshd_config

Find the line that has PasswordAuthentication and change its value to no: PasswordAuthentication no

To save hit ctrl+x and press y.

Enter this to reload the ssh daemon: sudo service sshd reload

Test LoginDo not exit the first remote terminal until we are certain that

everything is working fine.

Open a new terminal and log into the droplet with the new credential: ssh azam@your_server_ip

If you need root privileges just type sudo before the command: sudo some_command

Set Up Basic FirewallOn ubuntu 16.04 server we can use UFW - uncomplicated firewall.

Applications can register their profile with UFW.

To see the available application profiles: sudo ufw app list

To allow SSH connection run: sudo ufw allow OpenSSH

Enable the firewall by typing: sudo ufw enable

Check ssh connection are allowed: sudo ufw status