Installing Software #

• Install a Linux Distribution to a VPS
  • Select Linux Distribution
  • If you don’t don’t know which one to use, choose latest LTS version Ubuntu, it is
    • newbie friendly
    • good community support
    • More stable & secure
  • Select Disk Image Size
    • Choose the size you need. You can upgrade if you want bigger size in the future .
  • Select Swap
  • Enter Root Password
• Domain DNS setup
  • Find the DNS tab in your hosting account, add your domain information there so that the server is aware of the domain.
  • Change your domain’s nameserver (NS) records, at the domain registrar where your domain name was purchased, it look like this:
    • ns1.vultr.com
    • ns2.vultr.com
• The control panel(e.g. cpanel) is a set of GUI tools for managing the server. With SSH, We can directly manage the server though command line interface.
• Install SSH tools
  • Linux or Mac
    • Try this command
      • ssh localhost
  • If it says ssh is not installed:
    • sudo aptitude install ssh
  • Windows
    • install PuTTY or Tunnelier

log into remote server #

• Shared hosting SSH request
  • Open cPanel
    • cPanel > Account Addons > SSH Activation Request
    • Or ask support directly
• use putty/tunnelier (windows)
• or Command line
  • ssh -p 22 [email protected]
    • ssh (command)
    • -p – (port)
    • 22 – (your port number)
    • username – server username
    • @111.22.33.456 – IP of your server
  • or just ssh [email protected]

Using authentication Keys to prevent brute force attack #

• Creating keys: Linux or Mac locally

  • Open the terminal, Enter:
    • cd ~/.ssh
    • ‘~’ means home directory
  • Now create the keys:
    • ssh-keygen -t rsa
      • two files will be saved(default file name):
        • id_rsa (private key, which will be used on the local machine)
        • id_rsa.pub ( public key, which will be stored on your remote server)
    • You’re then prompted to create an optional passphrase.
    • Finally, copy id_rsa.pub to a text file:
      • cat /.ssh/id_rsa.pub > File.txt

• Creating keys: Windows locally

  • Generate with Tunnelier or PuTTYgen (GUI )
  • Export pub key to a text file

• Pasting SSH’ public authentication key to the remote server

  • log into the remote server
  • type these commands below to ensure that you are in your home directory, creating a hidden directory, .ssh, and a file within called authorized_keys.

cd ~
mkdir .ssh
nano .ssh/authorized_keys

• Copy and paste your pub key to the authorized_keys file.
• Change file permission.
  • (Swap USER for your server username)

chown -R USER:USER .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys

Create new username #

SSH security settings #

• Do not close the terminal while doing this:
• Make a backup and edit sshd_config with nano

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_BACKUP
sudo nano /etc/ssh/sshd_config

• If you have a line that says ‘Protocol 1’ then change it to Protocol 2.
• Default port is 22, change it to a five digit number e.g. 87782
  • Attackers may use the default port directly for brute force attack
• PermitRootLogin no
  • To be more secure, you can create another username, and disable root login
  • ‘root’ will not able to login if this is changed to ’no’.
• Reload SSH
  • sudo /etc/init.d/ssh reload

Update the Software Index & Upgrade Linux #

• Get the latest software repository indexes:-
  • sudo apt-get update
• system upgrade
  • sudo apt-get upgrade
• Set System Locale
  • sudo locale-gen en_US.UTF-8
  • sudo /usr/sbin/update-locale LANG=en_US.UTF-8

VPS Hosting providers #

• Bluehost
• Namecheap：
  • Namecheap Shared hosting
  • Namecheap VPS
• Unmanaged VPS
  • DigitalOcean
  • Vultr