Initial server setup: Ubuntu Trusty 64
Ubuntu Trusty is great.
I personally prefer Debian-based systems over RHEL, since they use more recent versions of lots of software I care about, and are super-easy to upgrade.
Compared to Debian, on Ubuntu things seems to just work out of the box a little more often, and Trusty is a LTR (long term release) that came out just a couple of months ago.
So, there you go.
You could change which ports a few things use, but keeping the defaults makes my life easier with other software that is set to use default ports, so I personally don’t change them.
Disable root login
I do disable being able to log in as root, but don’t specify which users are allowed to login. I just create a new user, make it a sodoer, and never use root ever again.
Add your user to the sudoers file:
Disallow root login:
service ssh restart
Logout and login as new user.
Add public key
I always add my public key to
~/.ssh/authorized_keys, so that I don’t need to enter a password to access the machine.
If needed, to generate a new public/private key pair run this on your local machine:
The exact location depends on your OS, but you should get a file called id_rsa.pub inside a directory called
.ssh in your home folder (ex.,
~/.ssh/id_rsa.pub). You can append its contents to
authorized_keys (on the remote machine):
mkdir /home/<USERNAME>/.ssh nano /home/<USERNAME>/.ssh/authorized_keys
If it worked, you can log out and back in and it shouldn’t ask for a password.
Now I would probably make sure all the software is up to date:
sudo apt-get update && sudo apt-get dist-upgrade
Since you might have servers in different datacenters and software that relies on timestamps, it’s paramount to make sure they’re all set to use the same timezone. If you have one server, it’s always go to know this setting is correct. I personally use UTC.
sudo dpkg-reconfigure tzdata
To keep it synchronized, ntp should be enough:
sudo apt-get install ntp -y
Install some stuff
On my machine, a few packages that I like or often need weren’t installed by default:
sudo apt-get install locate tree curl git unzip make sendmail -y
nano syntax highlighting
nano is great, but the syntax highlighting files could be better, and it really bothers me that it’s not enabled for certain files (
YAML is one I’d edit often).
Although unmaintained, I love this project and it still works: https://github.com/nanorc/nanorc. It installs bunch of
nanorc files that will make everything look better and add highlighting for lots of languages where is normally unavailable.
Installing is easy:
cd git clone https://github.com/nanorc/nanorc.git && cd nanorc make install echo 'include ~/.nano/syntax/ALL.nanorc' >> ~/.nanorc rm -v -r -f ~/nanorc/