Skip to content

Initial Debian Linux setup

ronnylov edited this page Jul 6, 2019 · 2 revisions

You can rent a VPS online and remotely control it over ssh. If you are a windows user you can use PuTTY. Windows 10 has a built in ssh client. Connect to the ip address of your server. If you connect from a Linux machine you can do it like this:

ssh root@125.124.123.122

Create user and group

When you first login on a debian server you login as root user. You must create a normal user that is a member of the lthn group. Easiest way to do this is to name the user lthn.

# useradd -m lthn -s /bin/bash

Then you must give the user a password:

# passwd lthn

Store this password in a safe place and don't loose it. Yo will need it to login to your server.

If your user have a different name you can create the group lthn and add this user to the lthn group. Let's say if we created an user named vpnuser (instead of lthn above) then following steps would have been needed. This is only needed if your user have other name than lthn.

# groupadd lthn
# gpasswd -a vpnuser lthn

In the rest of this guide we assume that you have created the user lthn which is a member of lthn group.

NOTE: lthn user is created when installing packages so this step may not be necessary if we install the software packages first. However you should still run the system as a normal user with a password so you might very well do it as the lthn user anyway.

Update system and install sudo

Before installing anything we want to make sure that the operating system is up-to-date

# apt-get update
# apt-get upgrade

Answer Y to any questions if you want to install upgraded packages. Then we want to install sudo to make it possible for the lthn user to do system administration.

# apt-get install sudo

Now we add the lthn user to the sudo group to allow that this user can use sudo for system administration.

# gpasswd -a lthn sudo

Reboot the server

# reboot

Wait for it to restart and login again but this time with lthn user and password. It will look something like this:

login as: lthn
lthn@125.124.123.122's password:
Linux vps694579 4.9.0-9-amd64 #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  4 15:37:04 2019 from 123.123.123.123
lthn@vps123456:~$

Test if you can install system updates with lthn user using sudo. It will ask for your password to execute this and first time you do this you also get a warning message. You can ignore the warning and enter your password for lthn user.

$ sudo apt-get update
$ sudo apt-get upgrade

Disable remote root login

If sudo worked for the lthn user in previous section you should disable remote root login for security reasons.

$ sudo nano /etc/ssh/sshd_config

Change following line

PermitRootLogin yes

To this line:

PermitRootLogin no

Save the file with Ctrl-O and press Enter. Exit nano with Ctrl-X

Reboot the server and then check that you can't login with root user but can login with lthn user. To reboot:

$ sudo reboot

Then login again as described in previous sections of this guide. If you try to login as root with the root password it should respond with "Access denied". Login with lthn user and password and use sudo before commands that need root access.

Change the host name (optional)

When you rent a server you might get a strange hostname like "vps123456" or something similar that the hosting Company set during the installation of the server. You might want to change it:

$ sudo nano /etc/hostname

Change to the hostname you want. Save the file and exit nano. You should also replace this name and add your own domain (if you have one) in the file /etc/hosts

$ sudo nano /etc/hosts

Reboot and and login again to see if the hostname at command line prompt was changed. Let's say you changed your host name to usnode then your command line prompt would look like this:

lthn@usnode:~$

This is handy when you are remotely connected to different machines because you see which machine you are logged in to and what user is logged in. It is easy to mix up your terminal windows...

NOTE: If you are using OVH VPS (or similar VPS setup) I had to do some additional steps.

Get a domain name for your exit node (optional)

Let's say you own the domain extremenet.com and want to access your node by usnode.extremenet.com you add an A-record to your DNS settings for extremenet.com with the name usnode and enter your IP-address for the exit node to that A-record. I am using GoDaddy to purchase domains and handle DNS records for my domains. There are other companies too. GoDaddy works for me.

An alternative if you have dynamic IP-address as your public internet address (this should also work if you have static IP) is to get a domain name at DuckDNS and use an updater script for DuckDNS. An example how to do this is described in this github repository. You will get a domain name like extremenet.duckdns.org or whatever you choose. Optionally you can add this one to your domain as a CNAME record if you want your own domain name for a dynamic IP address as described in the DuckDNS FAQ. I have tried that on GoDaddy DNS settings and it works.

With your own domain name you could login from Another Linux machine like this:

$ ssh lthn@usnode.extremenet.com

Or enter usnode.extremenet.com instead of the ip address in the "Host name (or IP address)" in PuTTY and then login as user lthn.