Linux server configuration

Guide for setting up and securing a linux server

🔑 Generating SSH key

SSH keys are way more secure and practical than passwords. Follow the instructions below based on your preferred OS.

Start by downloading PuTTYgen. Open puttygen.exe and change number of bits from 2048 to 4096 and click Generate. This will generate a more secure SSH key.

Once you generate the SSH key, click on Save private key, when prompted about password, click Yes to ignore the warning. Once you saved your private key make sure to copy the public key block and save it somewhere, we'll be using it later on in the guide.

To generate SSH key in linux simply execute a command

ssh-keygen -t rsa -b 4096

You'll be asked to enter a file name and a password, press enter to use the default name and no password. You have now generated public and private keys in your home directory inside .ssh folder.

👨‍🔧 Configuring a new user

One of the steps to securing your linux server is by never using root user in production. To accomplish this we'll need to create and configure a new user!

Creating a new user

Once you have logged into your newly installed linux server start by creating a new user with a good password when prompted. When asked for anything else, simply press enter to leave it empty.

sudo adduser YOUR_USER

Add the newly created user to sudo group.

adduser YOUR_USER sudo

Now you can login into your new user by executing.

sudo su YOUR_USER

Adding newly creating user to sudoers file and disabling password for sudo command.

sudo visudo

Once you've entered the file, paste your user definition at the very bottom, save and quit.

YOUR_USER     ALL=(ALL) NOPASSWD:ALL

Switch to user you just created

sudo su YOUR_USER

Adding SSH key

Once you have logged we'll make sure you're inside your home directory, then create .ssh folder, move into it and create authorized_keysfile.

cd ~ && mkdir .ssh && cd .ssh && vim authorized_keys

You can use any other preferred editor other than vim, like nano or similar. Paste your public key you generated earlier. Save and quit.

💻 Configuring SSH keys for your terminal

Pick you preferred terminal and follow the steps, if you're using windows it's recommended to use Windows Terminal

Download PuTTY

Once you add your session in PuTTY, navigate to Auth tab under Connection/SSH. Select Browse and find your private SSH key you generated earlier. Go back to Session tab and select Save.

Once you configured your terminal to use SSH key, it's time to test if you're able to connect to your server! If you were able to connect successfully, you can now proceed with securing your server section!

🔒 Securing your server

Simple changes like disabling password authentication will greatly increase security and will render brute force attacks by bots useless.

Disabling password authentication

To disable password we'll have to edit a config file

sudo vim /etc/ssh/sshd_config

Find option called PasswordAuthentication either uncomment it or change the value from yes to no, save and quit. Restart ssh service to apply the changes

sudo service ssh restart

Limit su access

Limiting su (switch user) command will improve server security by limiting attacker's attack surface. This is as simple as editting an option in config. Uncomment auth required pam_wheel.so and you're done! Save and quit

sudo vim /etc/pam.d/su

PreviousVue CLI NextTerminal customization

Last updated 4 years ago

Was this helpful?