Ecdsa lager litt trøbbel noen ganger, så prøv rsa 4096.
- ssh-keygen -t rsa -b 4096 -f ~/.ssh/digitalocean_rsa
- ssh-add ~/.ssh/digitalocean_rsa # add to system keychain
- touch ~/.ssh/config
- Legg inn dette:
Host *
IdentitiesOnly yes
Host digitalocean
HostName <droplet IP>
Port 22
User root
IdentityFile ~/.ssh/digitalocean_rsa
Host *
LogLevel VERBOSE
ServerAliveInterval 240
VisualHostKey yes
pbcopy < ~/.ssh/id_rsa.pub
Opprett en droplet med ubuntu, 5$ droplet i Amsterdam. Huk av for:
- Private networking
- IPV6
Legg inn ssh-keyen du genererte på maskinen din (i .ssh/< keyname >.pub) og huk av for at du skal bruke denne
- apt-get update && apt-get upgrade -y
- adduser --gecos < USER >
- gpasswd -a < USER > sudo
- sudo -u < USER > mkdir -p /home/< USER >/.ssh
- sudo -u < USER > touch /home/< USER >.ssh/authorized_keys
- cat /root/.ssh/authorized_keys >> /home/< USER >/.ssh/authorized_keys
- nano .ssh/authorized_keys
- nano /home/< USER >.ssh/authorized_keys
- sudo -u < USER > chmod 700 /home/< USER >/.ssh
- sudo -u < USER > chmod 600 /home/< USER >/.ssh/authorized_keys
- rm -v /root/.ssh/authorized_keys
- sed -i 's/^PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
- sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
Disallow PAM, which may otherwise allow password logins. PAM, or Pluggable Authentication Modules, is an abstraction layer that exists on Linux and Unix-like operating systems used to enable authentication between a variety of services.
- sed -i 's/^UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
- service ssh restart
- exit
- ssh < USER >@[IP]
- sudo ufw allow ssh
(sudo ufw allow 4444/tcp )
- sudo ufw allow 80/tcp
- sudo ufw allow 443/tcp
- sudo ufw allow 25/tcp
- sudo ufw show added
- sudo ufw --force enable
- sudo ufw status
- sudo su (root just this once.)
- echo "Europe/Oslo" > /etc/timezone
- dpkg-reconfigure -f noninteractive tzdata
- exit (Stop rooting around. Setup sync with the network time protocol (NTP) )
- sudo apt-get update
- sudo apt-get install ntp -y
- sudo apt-get update
- sudo apt-get install fail2ban -y
- sudo cp -v /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
-
sudo sed -i 's/destemail = root@localhost/destemail = /g' /etc/fail2ban/jail.local
-
sudo sed -i 's/action = %(action_)s/action = %(action_mwl)s/g' /etc/fail2ban/jail.local
-
/etc/init.d/fail2ban restart (restart fail2ban service)
- sudo apt-get update
- sudo apt-get install apache2
- sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/.conf
- sudo nano /etc/apache2/sites-available/.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
ServerName is for your main domain, but if you have multiple domains you can add them as aliases.
- ServerName example.com
- ServerAlias www.example.com *.example.no *.example.me
Remember to create a A DNS record to point towards the server’s IP for all domains. Activate the new configuration file and restart apache to reload the configuration
- sudo a2ensite
- sudo service apache2 reload
- sudo apt-get update
- sudo apt-get install git -y
- rm -rf html
- git clone https://github.com/chrpeter/nyanyannyannyan.git html