Skip to content

Instantly share code, notes, and snippets.

@jesugmz

jesugmz/initial-server-set-up-debian-8.md

Last active September 19, 2020 18:43
Show Gist options
  • Save jesugmz/0687931fd61a83d211d1b6b76855c64b to your computer and use it in GitHub Desktop.
Save jesugmz/0687931fd61a83d211d1b6b76855c64b to your computer and use it in GitHub Desktop.
Download ZIP
Initial server set up Debian 8, 9 and 10
Raw
initial-server-set-up-debian-8.md

Login as root

ssh root@<SERVER_IP>

Update packages

apt update && apt upgrade -y && apt install -y sudo

Set correct timezone

Unlink or back up the previous one: mv /etc/localtime /etc/localtime.old

Set the new timezone: ln -s /usr/share/zoneinfo/<ZONE_CONTINENT>/<ZONE_NAME> /etc/localtime

Check the new timezone with date

Create a non-root user

adduser <NEW_USER>

Grant sudo privileges: usermod -a -G sudo <NEW_USER>

Add public key authentication

From your job computer: ssh-copy-id -i .ssh/<MY_PUBLIC_SSH_KEY> <NEW_USER>@<SERVER_IP>

Disallow remote SSH access to root account

vim /etc/ssh/sshd_config

Change PermitRootLogin yes to PermitRootLogin no

Optionally but highly recommended disallow access using clear text password changing PasswordAuthentication yes to PasswordAuthentication no

Optionally but recommended change default port - if no well-known nor register better to avoid possible scanners - changing Port 22 to Port 6500

Optionally propagation of locale can be switch off by commenting the following line AcceptEnv LANG LC_*

Restart SSH daemon: systemctl restart ssh

Avoid being prompted for a password by sudo

sudo visudo

and add the following line to the sudoers list

username ALL = NOPASSWD : ALL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment