How do I setup my Linux server?

I screw around with my VMs so often that I actually have a bunch of bash scripts I run for quickly getting past the initial minimal setup process hassle. Rather than copying and pasting my entire script contents here, I thought it’d be more useful to list out all the commands and steps for future reference.

  1. Login via ssh. Replace ‘hostname’ with the provided server IP address and enter your root password.

    ssh [email protected]

  2. Update your system and install some essential software.

    apt-get update && apt-get install sudo nano ufw git curl && apt-get upgrade

  3. Completely remove any unnecessary packages (optional)

    sudo apt-get purge --auto-remove REPLACE_WITH_PACKAGE_NAME
    sudo apt-get clean

  4. The root user is the administrative user and has very broad privileges. Hence, it is generally discouraged to use it on a day-to-day basis.

    adduser lzy

    You will be prompted to set a password and enter some info but you can safely skip those. You might also want to replace ‘lzy’ with the actual username of your choice.

    Add the newly created user to the sudo group so you can actually perform actions which require superuser privileges.

    usermod -aG sudo lzy

  5. Set up a basic firewall with UFW:

    ufw allow OpenSSH
    ufw enable

    You can now log out of your VM.

  6. On your client machine (i.e. your computer) create a key pair and copy the public key to your server:

    ssh-keygen -t ed25519
    ssh-copy-id -i ~/.ssh/ [email protected]

  7. You can now login to your server with your newly created user without entering the password:

    ssh [email protected]

  8. Once you’re able to login successfully with the user with sudo privileges, run the following commands to harden the ssh configuration:

    sudo sed -i '/PasswordAuthentication/c\PasswordAuthentication no' /etc/ssh/sshd_config && sudo sed -i '/PubkeyAuthentication/c\PubkeyAuthentication yes' /etc/ssh/sshd_config && sudo sed -i '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config && sudo systemctl reload sshd

There are probably plenty of other settings you can muck around to further harden the system but this is likely good enough for starters.

Have fun!