Log in as root
ssh [email protected]
Change root password
passwd
Create new user
adduser demo
Add user to sudo group
usermod -a -G sudo demo
(Locally/Optional) Generate SSH key
ssh-keygen -t rsa
(Locally) Copy SSH key to server
scp ~/.ssh/id_rsa.pub [email protected]:
Move key to correct place
mkdir ~demo/.ssh
mv ~demo/id_rsa.pub ~demo/.ssh/authorized_keys
Update permissions on key
chown -R demo:demo ~demo/.ssh
chmod 700 ~demo/.ssh
chmod 600 ~demo/.ssh/authorized_keys
Edit ssh settings
nano /etc/ssh/sshd_config
# /etc/ssh/sshd_config
Port 30000 # <--- change to a port of your choosing
Protocol 2
PermitRootLogin no
PasswordAuthentication no
UseDNS no
AllowUsers demo
Update firewall settings
ufw default deny incoming
ufw default allow outgoing
ufw limit 30000 # <--- change to port set in sshd_config
ufw reject 22
ufw allow http
ufw allow https
# ufw allow from 1.2.3.4 to any port 30000 # limit connection to server 1.2.3.4
ufw enable
ufw status verbose
Reload SSH
service ssh restart
WARNING: Don't log out yet. Need to check we can still connect
(Locally) Log in as user
ssh -p 30000 [email protected]
If successful, log out root user.
Check locale
locale
If incorrect, update with:
sudo /usr/sbin/locale-gen en_US.UTF-8
sudo /usr/sbin/update-locale LANG=en_US.UTF-8
Update packages:
sudo aptitude update
sudo aptitude upgrade
Install some basics:
sudo aptitude install build-essential htop
sudo echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu trusty main" > /etc/apt/sources.list.d/nginx-stable-trusty.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C
sudo aptitude update
sudo aptitude install nginx
sudo echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/postgresql-trusty.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo aptitude update
sudo aptitude install postgresql-9.4