> For the complete documentation index, see [llms.txt](https://docs.netsgo.no/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.netsgo.no/netsgo/linux-server-setup.md). # Linux server configuration ## 🔑 Generating SSH key SSH keys are way more secure and practical than passwords. Follow the instructions below based on your preferred OS. {% tabs %} {% tab title="🖥️ Windows" %} Start by [downloading PuTTYgen](https://the.earth.li/~sgtatham/putty/latest/w64/puttygen.exe). Open `puttygen.exe` and change number of bits from `2048` to `4096` and click `Generate`. This will generate a more secure SSH key. Once you generate the SSH key, click on `Save private key`, when prompted about password, click `Yes` to ignore the warning. Once you saved your private key make sure to copy the public key block and save it somewhere, we'll be using it later on in the guide. {% endtab %} {% tab title="🐧 Linux" %} To generate SSH key in linux simply execute a command ``` ssh-keygen -t rsa -b 4096 ``` You'll be asked to enter a file name and a password, press enter to use the default name and no password. You have now generated public and private keys in your home directory inside `.ssh` folder. {% endtab %} {% endtabs %} ## 👨‍🔧 Configuring a new user One of the steps to securing your linux server is by never using root user in production. To accomplish this we'll need to create and configure a new user! ### Creating a new user Once you have logged into your newly installed linux server start by creating a new user with a good password when prompted. When asked for anything else, simply press enter to leave it empty. ``` sudo adduser YOUR_USER ``` Add the newly created user to sudo group. ``` adduser YOUR_USER sudo ``` Now you can login into your new user by executing. ``` sudo su YOUR_USER ``` Adding newly creating user to sudoers file and disabling password for sudo command. ``` sudo visudo ``` Once you've entered the file, paste your user definition at the very bottom, save and quit. ``` YOUR_USER ALL=(ALL) NOPASSWD:ALL ``` Switch to user you just created ``` sudo su YOUR_USER ``` ### Adding SSH key Once you have logged we'll make sure you're inside your home directory, then create .ssh folder, move into it and create `authorized_keys`file. ``` cd ~ && mkdir .ssh && cd .ssh && vim authorized_keys ``` You can use any other preferred editor other than vim, like nano or similar. Paste your public key you generated earlier. Save and quit. ## 💻 Configuring SSH keys for your terminal Pick you preferred terminal and follow the steps, if you're using windows it's recommended to use Windows Terminal {% tabs %} {% tab title="PuTTY" %} [Download PuTTY](https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe) Once you add your session in PuTTY, navigate to `Auth` tab under `Connection/SSH`. Select `Browse` and find your private SSH key you generated earlier. Go back to `Session` tab and select `Save`. {% endtab %} {% tab title="Windows Terminal" %} [Download Windows Terminal](https://www.microsoft.com/en-us/p/windows-terminal/9n0dx20hk701#activetab=pivot:overviewtab) WIP - {% endtab %} {% endtabs %} Once you configured your terminal to use SSH key, it's time to test if you're able to connect to your server! If you were able to connect successfully, you can now proceed with `securing your server` section! ## 🔒 Securing your server Simple changes like disabling password authentication will greatly increase security and will render brute force attacks by bots useless. ### Disabling password authentication To disable password we'll have to edit a config file ``` sudo vim /etc/ssh/sshd_config ``` Find option called `PasswordAuthentication` either uncomment it or change the value from `yes` to `no`, save and quit. Restart ssh service to apply the changes ``` sudo service ssh restart ``` ### Limit su access Limiting su (switch user) command will improve server security by limiting attacker's attack surface. This is as simple as editting an option in config. Uncomment `auth required pam_wheel.so` and you're done! Save and quit ``` sudo vim /etc/pam.d/su ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.netsgo.no/netsgo/linux-server-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.