Skip to content

Instantly share code, notes, and snippets.

@doka

doka/debian-wheezy-server-setup.md Secret

Last active November 21, 2015 19:43
Show Gist options
  • Save doka/3df1fffb7ab331592c4c to your computer and use it in GitHub Desktop.
Save doka/3df1fffb7ab331592c4c to your computer and use it in GitHub Desktop.
Download ZIP
debian setup
Raw
debian-wheezy-server-setup.md

First steps on Debian wheezy server

Basics after first login

1. copy public key

Copy my public key to new server. It is done in my home directory on my notebook (not on the new server!):

ssh root@newserver 'mkdir .ssh;chmod 700 .ssh;'
cat .ssh/id_*sa.pub | ssh root@newserver 'cat >> .ssh/authorized_keys'
ssh root@newserver 'chmod 600 .ssh/authorized_keys;'

Bit simple way from Ubuntu:

ssh-copy-id root@newserver

if SSH alerts you, then remove old record:

ssh-keygen -f "/home/doka/.ssh/known_hosts" -R IP-of-the-newserver

2. set locale

The locales should be reconfigured before changing password or installing anything. Select local languages, as the second language, next to English, and set English for system language. Defaults will be en_US.UTF8 and hu_HU.UTF8 for me.

dpkg-reconfigure locales

or

echo "                   
# This file lists locales that you wish to have built. You can find a list
# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
# this file, you need to rerun locale-gen.

en_US.UTF-8 UTF-8
hu_HU.UTF-8 UTF-8
" | tee /etc/locale.gen

echo "                   
# File generated by update-locale
LANG=en_US.UTF-8
LANGUAGE="en_US:en"
" | tee /etc/default/locale

locale-gen

3. harden SSH

Set key authenthication only, and restart ssh.

sed -i 's/PermitRootLogin yes/PermitRootLogin without-password/' /etc/ssh/sshd_config
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
/etc/init.d/ssh restart

optionally set passwords

passwd

4. update source.list

Replacing /etc/apt/sources.list by Hetzner mirrors for Debian Wheezy.

echo "                   
#######################################################################################
# Hetzner APT-Mirror
deb     http://mirror.hetzner.de/debian/packages wheezy main contrib non-free
deb     http://mirror.hetzner.de/debian/security wheezy/updates main contrib non-free

#######################################################################################
# Backupmirror
#
deb     http://cdn.debian.net/debian/ wheezy main non-free contrib
deb-src http://cdn.debian.net/debian/ wheezy main non-free contrib

deb     http://security.debian.org/  wheezy/updates  main contrib non-free
deb-src http://security.debian.org/  wheezy/updates  main contrib non-free
" | tee /etc/apt/sources.list

5. update OS and install few utils

apt-get update && apt-get upgrade
apt-get install mc sudo htop pv iotop

6. Check timezone

You can change the timezone by running:

dpkg-reconfigure tzdata

7. Workaround for update error with failed symbolic-link

If update reports this error message:

Running depmod.
Failed to symbolic-link /boot/initrd.img-3.2.0-4-amd64 to initrd.img.

Then simple delete /initrd.img and repeat the update:

rm /initrd.img
apt-get update && apt-get upgrade

8. Generate private/public keys

Go to home directory and execute:

ssh-keygen -t dsa -f ~root/.ssh/id_dsa -q -N ""

See 1 how to copy public key to servers.

9. Do not log pam cron sessions

Exlude Apr 4 14:10:24 node5 CRON[6365]: pam_unix(cron:session): session closed for user root Apr 4 14:15:01 node5 CRON[6592]: pam_unix(cron:session): session opened for user root by (uid=0)

Add one line to /etc/rsyslog.conf

:msg, contains, "pam_unix(cron:session)"  ~
auth,authpriv.*                 /var/log/auth.log

https://www.howtoforge.com/community/threads/system-logging-dont-log-something.5230/#post-188765

I'm done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment