The best practice to learn Linux server administration, is to setup and configure virtual Linux server on your local machine. Using VirtualBox and any of hundreds Linux distribution. For the beginners Debian/Ubuntu is recommended. Redhat distributions and other based on it, like Centos are more likely used in business environment. So decision is up to you, in what direction you would like to develop. But whatever you will choose, rules are the same and differences are small. Next step is to buy and setup your first VPS.
In this article I will describe how to configure default settings on cheap VPS server, to make it more secure and ready for happy usage.
If you are looking some good and cheap VPS servers, to practice your skills, you can check from LoweEndBox. There are some interesting and tested by users, good price offers. In my experience, don’t take the cheapest one, and before you buy, read comments from other users, check server localization, terms of conditions and legal docs. It is good to have at least 1 CPU and 512 GB of RAM. Amount of bandwidth and disk size depends on what would you like to do with your VPS in the future. If this will be your private VPN, disk size doesn’t matter, but the bandwidth is what you want. If this VPS will be your backup server, then you need a lot of space. Remember that you will study on this server first, after that you will want to use the server for specific purposes. So do not choose the weakest offer and adapt it to what you would like to do with it later.
All steps described below can be used in the same way on the local virtual machine. The only difference is that you will connect to the local machine and not the one located in the Internet.
When buying, you can choose the operating system, but you can also change it to what you want in the administration panel later. My suggestion is to choose always minimal image. Thanks to this, you have a clean small system that you can expand according to your needs. These images are usually with a “mini” suffix in the name.
For a long time you can also pay with Bitcoins from the purchase of a virtual server.
So, you have got your first VPS, with minimal system and your root password. Time to connect to it and mess up a little in configuration.
Remember, if you break something, try to fix it, undo your changes, look for code or error content on the web. As a last resort, you can always reinstall the system in the server management panel and start again. However, problem solving is the case when you will learn most. So analyze errors, read messages and fix issues with configuration.
To connect from terminal you should use command:
In Putty/Kitty just provide your VPS IP address and hit connect. It is GUI you will know what to do.
Provide your password, and you are in.
Most important thing is to keep your server up to date. Now you will do it manually for the first time, later I will show you how to automate this process.
apt update && apt dist-upgrade
apt install sudo
Follow the steps on the screen. Next, add this user to sudo, so you will be able to execute commands like root user, with administration privilege’s.
usermod -g sudo USER_NAME
to edit configuration file, where you need to add on the list, under the
User privilege specification another line next to the root.
USER_NAME ALL=(ALL:ALL) ALL
save changes and exit.
Next option is to do not allow root login to your server. This is why you created a new user in previous step.
To do this you need edit ssh configuration file:
I am using nano because it is my favorite text editor, but you can use whatever you like.
In this file you are looking for line
#PermitRootLogin no. Remove
# symbol at front of it and save the file.
It is also worth to change your default port from
22 to any other. A lot of bots/automated scanner and brute force scripts using this as a default.
Port 22 and change it to other value, for eg.
2299. Save and exit.
To submit changes you need to restart your ssh service.
service sshd restart
Ok, now we are ready to login as a new user.
You can try login as a root to see that it is not allowed now, don’t forget to use new port you selected.
ssh root@VPS_IP_ADDRESS -p 2299
now login as your new user:
ssh USER_NAME@VPS_IP_ADDRESS -p 2299
you are in. Now all commands that need admin privilege’s should be executed with
sudo, for example system update command now will look like this:
sudo apt update && sudo apt dist-upgrade
Now setup firewall, I already wrote an article how to do it: UWF - Simple Firewall.
Before you enable your firewall make sure you allowed connection on your SSH port configured in previous step.
It is good to patch server automatically, to have the latest and not vulnerable software. Read this article to set it up correctly: Unattended-Upgrades.