When you provision a new server or VPS, there are a few steps you should take to make access to the server both secure and less painful.
1. Update the server
Update the server using the latest packages. On Ubuntu execute the following commands (as root):
apt-get update
2. Don’t login as root
The first time you login into your (new) server, you should use the root account for updating the server and creating a new user.
To create a new user called mynewuser use the following command.
adduser mynewuser
This will create a new home directory in /home/newuser
3. Grant sudo access to your user
Edit /etc/sudoers and add the following entry:
mynewuser ALL=(ALL) NOPASSWD: ALL
This allows your user to assume root privileges when executing the following command without being prompted for the user’s password:
sudo su -
Important You can also restrict the commands that the user is allowed to execute (as root) if you want more restrictive access rights - see the sudoers man page for more information
4. Login without requiring a password
By creating an SSH keypair and uploading the public key to the remote server, you can allow for passwordless (and simpler) ssh access from your local machine. Let’s assume that your server’s hostname is myserver.mydomain.com
On your local machine, do the following and respond to the prompts:
ssh-keygen -t rsa -b 4096 -C 'mynewuser@mydomain.com'
Important Specify a meaningful name like ../id_rsa_myremoteservername instead of the default filename ../id_rsa otherwise you might overwrite an existing key that you may be using already!
Copy the public key from your local machine to the remote server:
cat ~/.ssh/id_rsa_myremoteservername.pub | ssh mynewuser@myserver.mydomain.com "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Edit you local ~/.ssh/config file to add a new entry
Host mynewserver
HostName myserver.mydomain.com
User mynewuser
IdentityFile ~/.ssh/id_rsa_myremoteservername
Now test login from your local machine using the following command:
ssh mynewuser@mynewserver
You should now be logged in without being prompted for a password. If you get any problems, try using the -T switch to show verbose logging like this
ssh -v mynewuser@mynewserver
5. Configure cron to send emails
If you have configured certain regular jobs using cron, then it can be very useful to ensure that you receive an email for important jobs like your backups just to ensure that these jobs are running successfuly.
There is more information on how to do this here.
Summary
Once you complete these steps, you should be able to login to your remote server from your local machine using a simple SSH command. If you require root access to perform some operation, just use the sudo su - command.
Following these steps should make managing your server both simpler and safer from a security perspective but if you’re really interested in hardening your security, please find a specific guide for doing so.
If you’re looking for a reliable hosting provider take a look at LiteServer who I use for hosting.
The LiteServer link above is an affiliate link but using it wonʼt cost you a penny and helps pay for my server hosting